3 Comments
I've tried to restrict SSH access to a security group like this.
option_settings:
aws:autoscaling:launchconfiguration:
SSHSourceRestriction: tcp, 22, 22, sg-05325d0a65efe65b3
but I get this error:
2024-08-19 20:37:27 INFO Environment update is starting.
2024-08-19 20:37:50 ERROR Service:AmazonCloudFormation, Message:Stack named 'awseb-e-d28wppwkia-stack' aborted operation. Current state: 'UPDATE_ROLLBACK_COMPLETE' Reason: null
2024-08-19 20:37:50 ERROR Updating security group ingress named: sgr-092e9bf7b6c825257 failed Reason: Resource handler returned message: "Exactly one of CidrIp, CidrIpv6, SourceSecurityGroupId, and SourcePrefixListId must be specified and not empty" (RequestToken: 6f2f6767-50f5-78d0-47f6-e3ae5f31a92f, HandlerErrorCode: InvalidRequest)
2024-08-19 20:37:51 ERROR Failed to deploy application.
replied a month ago
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
I've had the exact same problem when updating SSHSourceRestriction via Terraform. Here's the GitHub issue I've opened: https://github.com/hashicorp/terraform-provider-aws/issues/39201
My guess is that this happens because an attempt is made to modify the original CIDR rule (which is impossible), rather than creating a brand new rule for the security group source. I've explained it in the GitHub issue above.
replied 11 days ago
Relevant content
- Accepted Answerasked a month ago
- asked 5 years ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago