Terraform: how to to Update Security Group Rules Dynamically Based on Module Input
Quick question that's been bugging me - I'm having trouble dynamically updating security group rules in AWS using Terraform. I have a module that takes a list of IP addresses as input to control access to a specific resource. However, when I update the list and run `terraform apply`, Terraform isn’t reflecting the changes in the security group as expected. Here’s a simplified version of my module's code: ```hcl variable "allowed_ips" { description = "List of allowed IP addresses" type = list(string) } resource "aws_security_group" "example" { name = "example-sg" description = "Example Security Group" ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = var.allowed_ips } } ``` In my root module, I’m passing the `allowed_ips` variable like this: ```hcl module "example_sg" { source = "./path/to/module" allowed_ips = ["192.168.1.1/32", "192.168.1.2/32"] } ``` When I change the `allowed_ips` to something else, for example: ```hcl allowed_ips = ["192.168.1.3/32", "192.168.1.4/32"] ``` I run `terraform plan`, and it shows that the security group should be updated. However, after applying, I check the AWS console and see that the ingress rules remain unchanged, retaining the previous IPs. I’ve tried several things including forcing the recreation of the security group by adding a lifecycle block: ```hcl lifecycle { prevent_destroy = false } ``` I also checked for potential dependency issues, but I don’t see anything that might prevent the update. The output of `terraform apply` doesn’t show any errors or warnings, it simply states that no changes were made to the security group. Am I missing something in how Terraform handles dynamic lists for security group rules, or is there a best practice I should follow to ensure these updates are reflected? Any help would be appreciated! My development environment is Ubuntu. Thanks in advance!