创建安全组 "Error revoking default egress rule for Security Group ... The specified rule does not exist in this security group"

Creating security group "Error revoking default egress rule for Security Group ... The specified rule does not exist in this security group"

当我尝试在 Localstack 中创建安全组时,出现错误:

│ Error: Error revoking default egress rule for Security Group (sg-4f6d23cc257842ce0): InvalidPermission.NotFound: The specified rule does not exist in this security group
│   status code: 400, request id: 7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
│ 
│   with aws_security_group.mysg,
│   on main.tf line 17, in resource "aws_security_group" "mysg":
│   17: resource "aws_security_group" "mysg" {

我在:

我使用 docker-compose -f localstack.yml up 启动了 Localstack,然后 运行 使用以下命令:

terraform init
terraform fmt
terraform validate
terraform apply

localstack.yml

version: '2.1'

services:
  localstack:
    container_name: "${LOCALSTACK_DOCKER_NAME-localstack_main}"
    image: localstack/localstack
    ports:
      - "4566-4599:4566-4599"
      - "${PORT_WEB_UI-8080}:${PORT_WEB_UI-8080}"
    environment:
      - SERVICES=s3,dynamodb,cloudformation,ec2,iam
      - DEBUG=${DEBUG- }
      - DATA_DIR=${DATA_DIR- }
      - PORT_WEB_UI=${PORT_WEB_UI- }
      - LAMBDA_EXECUTOR=${LAMBDA_EXECUTOR- }
      - KINESIS_ERROR_PROBABILITY=${KINESIS_ERROR_PROBABILITY- }
      - DOCKER_HOST=unix:///var/run/docker.sock
      - HOST_TMP_FOLDER=${TMPDIR}
    volumes:
      - "${TMPDIR:-/tmp/localstack}:/tmp/localstack"
      - "/var/run/docker.sock:/var/run/docker.sock"

main.tf

provider "aws" {
  region                      = "us-east-1"
  access_key                  = "localstacktest"
  secret_key                  = "localstacktestkey"
  skip_credentials_validation = true
  skip_requesting_account_id  = true
  skip_metadata_api_check     = true
  s3_use_path_style           = true
  endpoints {
    ec2 = "http://localhost:4566"
    iam = "http://localhost:4566"
  }
}

# Setup our security group
resource "aws_security_group" "mysg" {
  name   = "allow_ssh"
  vpc_id = var.vpc_id

  ingress {
    description = "Allow inbound ssh traffic"
    cidr_blocks = [var.cidr_block]
    from_port   = var.port
    protocol    = "tcp"
    to_port     = var.port
  }

  tags = {
    name = "allow_ssh"
  }
}

variables.tf

variable "vpc_id" {
  default = "vpc-bc102dc4"
}

variable "port" {
  default = 22
}

variable "cidr_block" {
  default = "0.0.0.0/0"
}

outputs.tf

output "security_group" {
  value = aws_security_group.mysg.id
}

我确认我可以重现这个问题,确实这是由于 vpc。只是为了在默认 VPC 中创建您的 SG,您可以删除 vpc_id = var.vpc_id。添加 egress:

也是很好的做法
resource "aws_security_group" "mysg" {
  name   = "allow_ssh"

  ingress {
    description = "Allow inbound ssh traffic"
    cidr_blocks = [var.cidr_block]
    from_port   = var.port
    protocol    = "tcp"
    to_port     = var.port
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }  

  tags = {
    name = "allow_ssh"
  }
}