"Error: Invalid index" in module "security_group_splunk" v3.3.0

[mmacvicar-splunk]

"Error: Invalid index" in module "security_group_splunk" v3.3.0

started occurring in v3.2.0 (doesn't occur in v3.1.0), using terraform v0.12 cli

Reproducible Steps

1. terraform plan on the file below reports the following errors:

Error: Invalid index

  on .terraform/modules/security_group_splunk/main.tf line 65, in resource "aws_security_group_rule" "ingress_rules":
  65:   description      = var.rules[var.ingress_rules[count.index]][3]
    |----------------
    | count.index is 1
    | var.ingress_rules is list of string with 5 elements
    | var.rules is map of list of string with 97 elements

The given key does not identify an element in this collection value.


Error: Invalid index

  on .terraform/modules/security_group_splunk/main.tf line 67, in resource "aws_security_group_rule" "ingress_rules":
  67:   from_port = var.rules[var.ingress_rules[count.index]][0]
    |----------------
    | count.index is 1
    | var.ingress_rules is list of string with 5 elements
    | var.rules is map of list of string with 97 elements

The given key does not identify an element in this collection value.


Error: Invalid index

  on .terraform/modules/security_group_splunk/main.tf line 68, in resource "aws_security_group_rule" "ingress_rules":
  68:   to_port   = var.rules[var.ingress_rules[count.index]][1]
    |----------------
    | count.index is 1
    | var.ingress_rules is list of string with 5 elements
    | var.rules is map of list of string with 97 elements

The given key does not identify an element in this collection value.


Error: Invalid index

  on .terraform/modules/security_group_splunk/main.tf line 69, in resource "aws_security_group_rule" "ingress_rules":
  69:   protocol  = var.rules[var.ingress_rules[count.index]][2]
    |----------------
    | count.index is 1
    | var.ingress_rules is list of string with 5 elements
    | var.rules is map of list of string with 97 elements

The given key does not identify an element in this collection value.

main.tf

variable "region" {
  default = "eu-west-1"
}

provider "template" {
  version = "~> 2.1"
}

provider "aws" {
  region  = var.region
  version = "~> 2.7"
}

data "aws_vpc" "default" {
  default = true
}

# Default security group for Splunk resources
module "security_group_splunk" {
  source      = "terraform-aws-modules/security-group/aws//modules/splunk"
  version     = "3.3.0"
  name        = "splunk-default-sg"
  description = "Default Security Group for Splunk instances"

  vpc_id = data.aws_vpc.default.id

  ingress_cidr_blocks = [data.aws_vpc.default.cidr_block]
  ingress_rules       = ["all-all"]
  egress_rules        = ["all-all"]

  tags = {
    Name          = "splunk-default-sg"
  }
}

[pprocacci]

I think I'm running into something similar except I'm not using splunk. Instead my module source is:

source = "terraform-aws-modules/security-group/aws"

  number_of_computed_ingress_with_source_security_group_id = 4
  computed_ingress_with_source_security_group_id = [
  {
    rule = "http-80-tcp"
    source_security_group_id = data.aws_security_group.id1.id
  },
  {
    rule = "http-443-tcp"
    source_security_group_id = data.aws_security_group.id2.id
  },
  {
    rule = "http-80-tcp"
    source_security_group_id = data.aws_security_group.id3.id
  },
  {
    rule = "http-443-tcp"
    source_security_group_id = data.aws_security_group.id4.id
  }]

With the above definition .... works fine if number_of_computed_ingress_with_source_security_group_id = 1

It doesn't work if set to anything larger.

The error message is simliar to what the OP reported:

Error: Invalid index

  on .terraform/modules/web_cluster.web_cluster_sg/main.tf line 174, in resource "aws_security_group_rule" "computed_ingress_with_source_security_group_id":
 174:     var.rules[lookup(
 175:       var.computed_ingress_with_source_security_group_id[count.index],
 176:       "rule",
 177:       "_",
 178:     )][2],
    |----------------
    | count.index is 1
    | var.computed_ingress_with_source_security_group_id is list of map of string with 4 elements
    | var.rules is map of list of string with 97 elements

The given key does not identify an element in this collection value.

[dogfish182]

I am running into this as well

module "instance_access" {
  source      = "terraform-aws-modules/security-group/aws"
  version     = "4.2.0"
  name        = "sgp-egress"
  description = "allow access out via https"
  vpc_id      = data.aws_vpc.current.id
  egress_with_cidr_blocks = [
    {
      rule        = "https-443-tcp"
      cidr_blocks = "0.0.0.0/0"
    },
    {
      rule        = "http-80-tcp"
      cidr_blocks = "0.0.0.0/0"
    }
  ]
  computed_egress_with_source_security_group_id = [
    {
      rule                     = "smtp"
      source_security_group_id = module.sgp_smtp_ecs_task.security_group_id
    },
  ]
  number_of_computed_egress_with_source_security_group_id = 1
}

Error: Invalid index
│ 
│   on .terraform/modules/instance_access/main.tf line 528, in resource "aws_security_group_rule" "computed_egress_with_source_security_group_id":
│  528:     var.rules[lookup(
│  529:       var.computed_egress_with_source_security_group_id[count.index],
│  530:       "rule",
│  531:       "_",
│  532:     )][0],
│     ├────────────────
│     │ count.index is 0
│     │ var.computed_egress_with_source_security_group_id is list of map of string with 1 element
│     │ var.rules is map of list of string with 120 elements
│ 
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│ 
│   on .terraform/modules/instance_access/main.tf line 537, in resource "aws_security_group_rule" "computed_egress_with_source_security_group_id":
│  537:     var.rules[lookup(
│  538:       var.computed_egress_with_source_security_group_id[count.index],
│  539:       "rule",
│  540:       "_",
│  541:     )][1],
│     ├────────────────
│     │ count.index is 0
│     │ var.computed_egress_with_source_security_group_id is list of map of string with 1 element
│     │ var.rules is map of list of string with 120 elements
│ 
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│ 
│   on .terraform/modules/instance_access/main.tf line 546, in resource "aws_security_group_rule" "computed_egress_with_source_security_group_id":
│  546:     var.rules[lookup(
│  547:       var.computed_egress_with_source_security_group_id[count.index],
│  548:       "rule",
│  549:       "_",
│  550:     )][2],
│     ├────────────────
│     │ count.index is 0
│     │ var.computed_egress_with_source_security_group_id is list of map of string with 1 element
│     │ var.rules is map of list of string with 120 elements
│ 
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│ 
│   on .terraform/modules/sgp_smtp_ecs_task/main.tf line 152, in resource "aws_security_group_rule" "computed_ingress_with_source_security_group_id":
│  152:     var.rules[lookup(
│  153:       var.computed_ingress_with_source_security_group_id[count.index],
│  154:       "rule",
│  155:       "_",
│  156:     )][0],
│     ├────────────────
│     │ count.index is 0
│     │ var.computed_ingress_with_source_security_group_id is list of map of string with 1 element
│     │ var.rules is map of list of string with 126 elements
│ 
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│ 
│   on .terraform/modules/sgp_smtp_ecs_task/main.tf line 161, in resource "aws_security_group_rule" "computed_ingress_with_source_security_group_id":
│  161:     var.rules[lookup(
│  162:       var.computed_ingress_with_source_security_group_id[count.index],
│  163:       "rule",
│  164:       "_",
│  165:     )][1],
│     ├────────────────
│     │ count.index is 0
│     │ var.computed_ingress_with_source_security_group_id is list of map of string with 1 element
│     │ var.rules is map of list of string with 126 elements
│ 
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│ 
│   on .terraform/modules/sgp_smtp_ecs_task/main.tf line 170, in resource "aws_security_group_rule" "computed_ingress_with_source_security_group_id":
│  170:     var.rules[lookup(
│  171:       var.computed_ingress_with_source_security_group_id[count.index],
│  172:       "rule",
│  173:       "_",
│  174:     )][2],
│     ├────────────────
│     │ count.index is 0
│     │ var.computed_ingress_with_source_security_group_id is list of map of string with 1 element
│     │ var.rules is map of list of string with 126 elements
│ 
│ The given key does not identify an element in this collection value.

running terraform 1.0.4
seems to work without introducing computed egress?

[github-actions]

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

[github-actions]

This issue was automatically closed because of stale in 10 days

[logic2code]

I was also stuck usage issue of security group module while creating security group based on source from other security group

basic idea is to pass matching/required rule name from rule.tf

here is example

like enabling ssh traffic from public security group to private network instances by creating/applying new public-to-private-security group

module "public_to_priavte_ssh" {
source = "terraform-aws-modules/security-group/aws//modules/ssh"
version = "~> 4.0"
name = var.public_to_priavte_group_name
description = var.public_to_priavte_description
vpc_id = module.vpc.vpc_id
ingress_rules = ["ssh-tcp"]
ingress_cidr_blocks = ["0.0.0.0/0"]
ingress_with_source_security_group_id = [
{
rule = "ssh-tcp" ## rule name from rule.tf
source_security_group_id = module.public-subnet-security-group.security_group_id
},
]
}

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.