terraform-yc-modules/terraform-yc-vpc

No default security group in VPC

Closed this issue · 5 comments

sanyocc commented

No idea if it's a platform bug or something changed recently, but I get no default security group in VPC. Therefore the module fails with

module.vpc.yandex_vpc_default_security_group.default_sg[0]: Creating...
╷
│ Error: network <network_id> has no default security group
│
│   with module.vpc.yandex_vpc_default_security_group.default_sg[0],
│   on .terraform/modules/vpc/main.tf line 99, in resource "yandex_vpc_default_security_group" "default_sg":
│   99: resource "yandex_vpc_default_security_group" "default_sg" {

Simply changing "yandex_vpc_default_security_group" in main.tf to "yandex_vpc_security_group" worked for me.

romati88 commented

Do you use module in existing vpc? @sanyocc

sanyocc commented

Do you use module in existing vpc? @sanyocc

No, I use it to create VPC. My code is as follows:

module "vpc" {

  network_description = "Main VPC"
  network_name        = "main"
  create_vpc          = true
  create_sg           = true
romati88 commented

I can't reproduce your case. let's open a ticket in YC support. Attach TF manifests and other IDs.

dushasokol-tasks commented

Looks same, I run in 1.5.5 on Windows. The VPC exists.

Manifest:

module "vpc" {
  source              = "git::https://github.com/terraform-yc-modules/terraform-yc-vpc.git"
  network_name        = "swarm"
  network_description = ""
  private_subnets = [{
    name           = "docker_swarm"
    zone           = "ru-central1-a"
    v4_cidr_blocks = ["10.128.0.0/24"]
  }
  ]
  create_sg = true
}

Output:

module.vpc.yandex_vpc_network.this[0]: Creating...
module.vpc.yandex_vpc_network.this[0]: Creation complete after 1s [id=enpXXXXXXa6ohh]
module.vpc.yandex_vpc_route_table.private[0]: Creating...
module.vpc.yandex_vpc_default_security_group.default_sg[0]: Creating...
module.vpc.yandex_vpc_route_table.private[0]: Creation complete after 2s [id=enp9XXXXXX8du48]
module.vpc.yandex_vpc_subnet.private["10.128.0.0/24"]: Creating...
module.vpc.yandex_vpc_subnet.private["10.128.0.0/24"]: Creation complete after 1s [id=e9bmXXXXXuu0s]
╷
│ Error: network enpn14vvffdnfbea6ohh has no default security group
│
│   with module.vpc.yandex_vpc_default_security_group.default_sg[0],
│   on .terraform\modules\vpc\main.tf line 99, in resource "yandex_vpc_default_security_group" "default_sg":
│   99: resource "yandex_vpc_default_security_group" "default_sg" {
│
╵
romati88 commented

The reason has been clarified. Before security group General Availability default sg does not exist, until you ask support to enable it in cloud.