创建安全组 "Error revoking default egress rule for Security Group ... The specified rule does not exist in this security group"
Creating security group "Error revoking default egress rule for Security Group ... The specified rule does not exist in this security group"
当我尝试在 Localstack 中创建安全组时,出现错误:
│ Error: Error revoking default egress rule for Security Group (sg-4f6d23cc257842ce0): InvalidPermission.NotFound: The specified rule does not exist in this security group
│ status code: 400, request id: 7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
│
│ with aws_security_group.mysg,
│ on main.tf line 17, in resource "aws_security_group" "mysg":
│ 17: resource "aws_security_group" "mysg" {
我在:
- Ubuntu 20.04
- 本地堆栈:0.14.0.9
- 地形:v1.1.7
我使用 docker-compose -f localstack.yml up
启动了 Localstack,然后 运行 使用以下命令:
terraform init
terraform fmt
terraform validate
terraform apply
localstack.yml
version: '2.1'
services:
localstack:
container_name: "${LOCALSTACK_DOCKER_NAME-localstack_main}"
image: localstack/localstack
ports:
- "4566-4599:4566-4599"
- "${PORT_WEB_UI-8080}:${PORT_WEB_UI-8080}"
environment:
- SERVICES=s3,dynamodb,cloudformation,ec2,iam
- DEBUG=${DEBUG- }
- DATA_DIR=${DATA_DIR- }
- PORT_WEB_UI=${PORT_WEB_UI- }
- LAMBDA_EXECUTOR=${LAMBDA_EXECUTOR- }
- KINESIS_ERROR_PROBABILITY=${KINESIS_ERROR_PROBABILITY- }
- DOCKER_HOST=unix:///var/run/docker.sock
- HOST_TMP_FOLDER=${TMPDIR}
volumes:
- "${TMPDIR:-/tmp/localstack}:/tmp/localstack"
- "/var/run/docker.sock:/var/run/docker.sock"
main.tf
provider "aws" {
region = "us-east-1"
access_key = "localstacktest"
secret_key = "localstacktestkey"
skip_credentials_validation = true
skip_requesting_account_id = true
skip_metadata_api_check = true
s3_use_path_style = true
endpoints {
ec2 = "http://localhost:4566"
iam = "http://localhost:4566"
}
}
# Setup our security group
resource "aws_security_group" "mysg" {
name = "allow_ssh"
vpc_id = var.vpc_id
ingress {
description = "Allow inbound ssh traffic"
cidr_blocks = [var.cidr_block]
from_port = var.port
protocol = "tcp"
to_port = var.port
}
tags = {
name = "allow_ssh"
}
}
variables.tf
variable "vpc_id" {
default = "vpc-bc102dc4"
}
variable "port" {
default = 22
}
variable "cidr_block" {
default = "0.0.0.0/0"
}
outputs.tf
output "security_group" {
value = aws_security_group.mysg.id
}
我确认我可以重现这个问题,确实这是由于 vpc。只是为了在默认 VPC 中创建您的 SG,您可以删除 vpc_id = var.vpc_id
。添加 egress
:
也是很好的做法
resource "aws_security_group" "mysg" {
name = "allow_ssh"
ingress {
description = "Allow inbound ssh traffic"
cidr_blocks = [var.cidr_block]
from_port = var.port
protocol = "tcp"
to_port = var.port
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
name = "allow_ssh"
}
}
当我尝试在 Localstack 中创建安全组时,出现错误:
│ Error: Error revoking default egress rule for Security Group (sg-4f6d23cc257842ce0): InvalidPermission.NotFound: The specified rule does not exist in this security group
│ status code: 400, request id: 7a62c49f-347e-4fc4-9331-6e8eEXAMPLE
│
│ with aws_security_group.mysg,
│ on main.tf line 17, in resource "aws_security_group" "mysg":
│ 17: resource "aws_security_group" "mysg" {
我在:
- Ubuntu 20.04
- 本地堆栈:0.14.0.9
- 地形:v1.1.7
我使用 docker-compose -f localstack.yml up
启动了 Localstack,然后 运行 使用以下命令:
terraform init
terraform fmt
terraform validate
terraform apply
localstack.yml
version: '2.1'
services:
localstack:
container_name: "${LOCALSTACK_DOCKER_NAME-localstack_main}"
image: localstack/localstack
ports:
- "4566-4599:4566-4599"
- "${PORT_WEB_UI-8080}:${PORT_WEB_UI-8080}"
environment:
- SERVICES=s3,dynamodb,cloudformation,ec2,iam
- DEBUG=${DEBUG- }
- DATA_DIR=${DATA_DIR- }
- PORT_WEB_UI=${PORT_WEB_UI- }
- LAMBDA_EXECUTOR=${LAMBDA_EXECUTOR- }
- KINESIS_ERROR_PROBABILITY=${KINESIS_ERROR_PROBABILITY- }
- DOCKER_HOST=unix:///var/run/docker.sock
- HOST_TMP_FOLDER=${TMPDIR}
volumes:
- "${TMPDIR:-/tmp/localstack}:/tmp/localstack"
- "/var/run/docker.sock:/var/run/docker.sock"
main.tf
provider "aws" {
region = "us-east-1"
access_key = "localstacktest"
secret_key = "localstacktestkey"
skip_credentials_validation = true
skip_requesting_account_id = true
skip_metadata_api_check = true
s3_use_path_style = true
endpoints {
ec2 = "http://localhost:4566"
iam = "http://localhost:4566"
}
}
# Setup our security group
resource "aws_security_group" "mysg" {
name = "allow_ssh"
vpc_id = var.vpc_id
ingress {
description = "Allow inbound ssh traffic"
cidr_blocks = [var.cidr_block]
from_port = var.port
protocol = "tcp"
to_port = var.port
}
tags = {
name = "allow_ssh"
}
}
variables.tf
variable "vpc_id" {
default = "vpc-bc102dc4"
}
variable "port" {
default = 22
}
variable "cidr_block" {
default = "0.0.0.0/0"
}
outputs.tf
output "security_group" {
value = aws_security_group.mysg.id
}
我确认我可以重现这个问题,确实这是由于 vpc。只是为了在默认 VPC 中创建您的 SG,您可以删除 vpc_id = var.vpc_id
。添加 egress
:
resource "aws_security_group" "mysg" {
name = "allow_ssh"
ingress {
description = "Allow inbound ssh traffic"
cidr_blocks = [var.cidr_block]
from_port = var.port
protocol = "tcp"
to_port = var.port
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
name = "allow_ssh"
}
}