security_group :outbound_rule_count showing an additional rule

Question

security_group :outbound_rule_count showing an additional rule

glasswalk3r opened this issue 5 years ago · 2 comments

I used security_group resource type property :outbound_rule_count on a Security Group with a single egress rule and got a count of 2 instead of 1.

I did a test with the Ruby SDK and indeed the value returned is a single rule:

    ip_permissions_egress=
     [#<struct Aws::EC2::Types::IpPermission
       from_port=nil,
       ip_protocol="-1",
       ip_ranges=[#<struct Aws::EC2::Types::IpRange cidr_ip="0.0.0.0/0", description=nil>],
       ipv_6_ranges=[],
       prefix_list_ids=[],
       to_port=nil,
       user_id_group_pairs=
        [#<struct Aws::EC2::Types::UserIdGroupPair
          description=nil,
          group_id="sg-0b78dc8XXXXXXX",
          group_name=nil,
          peering_status=nil,
          user_id="123456789",
          vpc_id=nil,
          vpc_peering_connection_id=nil>]>],
    tags=
     [#<struct Aws::EC2::Types::Tag key="Created_by", value="terraform">,

I redacted the partial output, but that's it.

Answer 1 · 2020-06-01T10:35:00.000Z

Because you've got both an ip_range and a user_id_group_pair in there, that counts as two rules - if you look on the AWS console, you'll see the egress rules listed on two separate lines.

Answer 2 · 2020-06-03T03:50:12.000Z

Your right @carolinebeauchamp , shame on me for not noticing it earlier.
Thanks!