Description
Today I ran into problems with a seemingly simple terraform config.
To play around with a setup I needed, I just quickly defined some machines and a security group to launch in the default VPC.
resource "aws_security_group" "test" {
name = "test"
description = "my test SG"
vpc_id = "vpc-12345"
...
resource "aws_instance" "some-server" {
ami = "${lookup(var.ami_id,"eu-west-1")}"
key_name = "${lookup(var.standard_key,"eu-west-1")}"
security_groups = ["${aws_security_group.test.id}"]
...
Easy enough, but always got complaints from terraform that the security group was not in the default VPC, although all of the information (the SG's id, the VPC's id) matched what I could see in my EC2 Dashboard.
* Error launching source instance: The security group 'sg-246810' does not exist in default VPC
'vpc-12345' (InvalidGroup.NotFound)
I used the SG's id to reference it and I even tried just pasting in the actual id copied from the EC2 Dashboard. At some point I just tried to use the name instead of the id and it worked.
security_groups = ["${aws_security_group.test.id}"]
=> security_groups = ["${aws_security_group.test.name}"]
The documentation states:
security_groups- (Optional) A list of security group IDs or names to associate with. If you are within a VPC, you'll need to use the security group ID. Otherwise, for EC2, use the security group name.
Maybe it is implicit knowledge that the default VPC falls under the "EC2 classic" case (which I am not aware of) OR the documentation needs updating. I am happy to provide the one-liner update for that, but first I wanted to find out what an assumption an "average" AWS user would have when reading the documentation and applying it to the default VPC. Also, are there other ways in which the default VPC differs from a "regular" VPC that is relevant for terraform?