Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

Creating security group "Error revoking default egress rule for Security Group … The specified rule does not exist in this security group"

byMR
March 12, 2022

When I attempt to create a security group in Localstack, I get the error:

│ Error: Error revoking default egress rule for Security Group (sg-4f6d23cc257842ce0): InvalidPermission.NotFound: The specified rule does not exist in this security group
│   status code: 400, request id: 7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
│ 
│   with aws_security_group.mysg,
│   on main.tf line 17, in resource "aws_security_group" "mysg":
│   17: resource "aws_security_group" "mysg" {

I am on:

  • Ubuntu 20.04
  • LocalStack: 0.14.0.9
  • Terraform: v1.1.7

I started Localstack with docker-compose -f localstack.yml up and then ran the following commands:

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel 

terraform init
terraform fmt
terraform validate
terraform apply

localstack.yml

version: '2.1'

services:
  localstack:
    container_name: "${LOCALSTACK_DOCKER_NAME-localstack_main}"
    image: localstack/localstack
    ports:
      - "4566-4599:4566-4599"
      - "${PORT_WEB_UI-8080}:${PORT_WEB_UI-8080}"
    environment:
      - SERVICES=s3,dynamodb,cloudformation,ec2,iam
      - DEBUG=${DEBUG- }
      - DATA_DIR=${DATA_DIR- }
      - PORT_WEB_UI=${PORT_WEB_UI- }
      - LAMBDA_EXECUTOR=${LAMBDA_EXECUTOR- }
      - KINESIS_ERROR_PROBABILITY=${KINESIS_ERROR_PROBABILITY- }
      - DOCKER_HOST=unix:///var/run/docker.sock
      - HOST_TMP_FOLDER=${TMPDIR}
    volumes:
      - "${TMPDIR:-/tmp/localstack}:/tmp/localstack"
      - "/var/run/docker.sock:/var/run/docker.sock"

main.tf

provider "aws" {
  region                      = "us-east-1"
  access_key                  = "localstacktest"
  secret_key                  = "localstacktestkey"
  skip_credentials_validation = true
  skip_requesting_account_id  = true
  skip_metadata_api_check     = true
  s3_use_path_style           = true
  endpoints {
    ec2 = "http://localhost:4566"
    iam = "http://localhost:4566"
  }
}

# Setup our security group
resource "aws_security_group" "mysg" {
  name   = "allow_ssh"
  vpc_id = var.vpc_id

  ingress {
    description = "Allow inbound ssh traffic"
    cidr_blocks = [var.cidr_block]
    from_port   = var.port
    protocol    = "tcp"
    to_port     = var.port
  }

  tags = {
    name = "allow_ssh"
  }
}

variables.tf

variable "vpc_id" {
  default = "vpc-bc102dc4"
}

variable "port" {
  default = 22
}

variable "cidr_block" {
  default = "0.0.0.0/0"
}

outputs.tf

output "security_group" {
  value = aws_security_group.mysg.id
}

>Solution :

I confirm I can reproduce the issue, and indeed this is due to vpc. Just to create your SG in a default VPC, you can remove the vpc_id = var.vpc_id. Also its good practice to add egress:

resource "aws_security_group" "mysg" {
  name   = "allow_ssh"

  ingress {
    description = "Allow inbound ssh traffic"
    cidr_blocks = [var.cidr_block]
    from_port   = var.port
    protocol    = "tcp"
    to_port     = var.port
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }  

  tags = {
    name = "allow_ssh"
  }
}
byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading