Error while creating Security Group with Module

[kozhabergenova]

Error while creating Security Group with Module

Terraform Version

$ terraform -v
Terraform v1.9.1
on darwin_arm64
+ provider registry.terraform.io/aliyun/alicloud v1.237.0

Also tested with:

provider registry.terraform.io/aliyun/alicloud v1.231.0

Affected Resource

resource "alicloud_security_group"

Terraform Configuration Files

terraform {
  required_providers {
    alicloud = {
      source  = "aliyun/alicloud"
      version = "1.237.0"
    }
  }
}

provider "alicloud" {
  region = "cn-hongkong"
}

resource "alicloud_security_group" "test" {
  name        = "sg_test"
  vpc_id      = "vpc-ID"
  description = "test sg created by terraform"
  security_group_type = "normal"
}

Module Configuration

modules/sg/main.tf

### Security Rule Creation

resource "alicloud_security_group" "sg" {
  name        = "sg_${var.name}"
  vpc_id      = var.vpc_id
  description = "sg_${var.name} created by terraform"
  security_group_type = "normal"
}

variables.tf

variable "vpc_id" {
  type = string
}

variable "name" {
  type = string
}

versions.tf

terraform {
  required_providers {
    alicloud = {
      source = "aliyun/alicloud"
      version = "1.237.0"
    }
  }
}

Security Group Module Usage

module "module_test" {
  source   = "./modules/sg"
  name     = "module_test"
  vpc_id   = module.vpc_test.vpc_output

Debug Output

Creating Security Group in Root Module

$ terraform apply

Terraform will perform the following actions:

  # alicloud_security_group.test will be created
  + resource "alicloud_security_group" "test" {
      + description         = "test sg created by terraform"
      + id                  = (known after apply)
      + inner_access        = (known after apply)
      + inner_access_policy = (known after apply)
      + name                = "sg_test"
      + security_group_type = "normal"
      + vpc_id              = "vpc-ID"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

alicloud_security_group.test: Creating...
alicloud_security_group.test: Creation complete after 5s [id=sg-ID]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Creating Security Group in SG Module

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.module_test.alicloud_security_group.sg will be created
  + resource "alicloud_security_group" "sg" {
      + description         = "sg_module_test created by terraform"
      + id                  = (known after apply)
      + inner_access        = (known after apply)
      + inner_access_policy = (known after apply)
      + name                = "sg_module_test_main"
      + security_group_type = "normal"
      + vpc_id              = "vpc-ID"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.module_test.alicloud_security_group.sg: Creating...
╷
│ Error: [ERROR] terraform-provider-alicloud/alicloud/resource_alicloud_security_group.go:127: Resource alicloud_security_group CreateSecurityGroup Failed!!! [SDK alibaba-cloud-sdk-go ERROR]:
│ SDK.ServerError
│ ErrorCode: InvalidVpcId.NotFound
│ Recommend: https://api.alibabacloud.com/troubleshoot?intl_lang=EN_US&q=InvalidVpcId.NotFound&product=Ecs&requestId=95218543-289A-5374-A88D-398C2F515736
│ RequestId: 95218543-289A-5374-A88D-398C2F515736
│ Message: Specified VPC does not exist.
│ RespHeaders: map[Access-Control-Allow-Origin:[*] Access-Control-Expose-Headers:[*] Connection:[keep-alive] Content-Length:[319] Content-Type:[application/json;charset=utf-8] Date:[Mon, 16 Dec 2024 09:58:01 GMT] Keep-Alive:[timeout=25] X-Acs-Request-Id:[95218543-289A-5374-A88D-398C2F515736] X-Acs-Trace-Id:[e449389ebaecd0ee04267ff36e578c92]]
│ 
│   with module.hk1_prod_main.alicloud_security_group.sg,
│   on modules/sg/main.tf line 25, in resource "alicloud_security_group" "sg":
│   25: resource "alicloud_security_group" "sg" {
│ 

Issue Details

The error occurs when trying to create a security_group using a module, even though the VPC ID is valid and the same as when creating the resource directly in the root module.

Sum up:

• Root Module Behavior: Security group creation works as expected.
• Module Behavior: Using the same VPC ID in the module results in an error: Specified VPC does not exist.
  The VPC ID is confirmed correct and consistent across both cases in the Terraform plan output.

Steps to Reproduce

terraform apply

[xiaozhu36]

Hi. @kozhabergenova There is module bug that it will default to init hashicorp/alicloud not aliyun/alicloud when terraorm init. So, if you specify source = "aliyun/alicloud", the hashicorp/alicloud will use cn-beijing region to create and manage resources, and the cn-hongkong's vpc will not be found. You can update source and have a try again.

Please let me know more details.