aws_security_group: revoke_rules_on_delete conflict with 'terraform plan'

[carmas]

Version 1.2.0 (released October 31, 2017)

In this version, a new feature was added:
-resource/aws_security_group: Add revoke_rules_on_delete option to force a security

Problem:
-When you import a security group into terraform, the parameter 'revoke_rules_on_delete' is not imported into terraform.tfstate. Let's assume one imported, say:

$ terraform import aws_security_group.sg-1 sg-234xxxx12

-If after importing one runs 'terraform plan' the following change is reported:

$terraform plan
.....
.....
~ aws_security_group.sg-1
revoke_rules_on_delete: "" => "false"

There is no trace of revoke_rules_on_delete in terraform.tfstate.
I tried to specify the value explicitly in the main.tf file with both 'true' and 'false', and even an empty string (""). In all cases the plan is to introduce a change.

(brute force): to validate/test, I manually edited terraform.tfstate and added:

"revoke_rules_on_delete": "false",

then 'terraform plan' passed with 'No changes'

Workaround (until bug is fixed):

For now, I pinned the provider plugin to the previous version, (using which the problem does not manifest), in main.tf:

provider "aws" {
version = "~> 1.1.0"
.....
......
}

So essentially, it looks like 'terraform import' should explicitly import the value of the parameter revoke_rules_on_delete explicitly as 'true' or 'false'

[klaus993]

We have the same problem every time with two security groups we have instanced. Is there any progress with this? Every time we change something in that directory we end up having to edit terraform.tfstate manually.

[kaylacrowder]

Still getting this issue.
revoke_rules_on_delete: "" => "false"

[pokle]

Same issue with aws provider 1.51.
2018's nearly over :)

[github-actions]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!