self-reference not allowed in Security Group definition

Question

I am trying to create an sg with Terraform.

I want all instances of a particular SG to have all communication allowed among them, so I am adding the SG itself to the ingress rules as follows:

resource "aws_security_group" "rancher-server-sg" {
  vpc_id = "${aws_vpc.rancher-vpc.id}"
  name = "rancher-server-sg"
  description = "security group for rancher server"

  ingress {
      from_port = 0
      to_port = 0
      protocol = -1
      security_groups = ["${aws_security_group.rancher-server-sg.id}"]              
  }

However when running terraform plan, I get:

However, in the AWS console, I am allowed to add an SG name in the inbound rules and I see that I can add the group itself (i.e. self-referenced).

Why is that?

I have also tried this without success:

security_groups = ["${self.id}"]

Jakub Kania · Accepted Answer · 2018-04-24T08:28:29.503

58

Citing the manual:

self - (Optional) If true, the security group itself will be added as a source to this ingress rule.

  ingress {
      from_port = 0
      to_port = 0
      protocol = -1
      self = true
  }

edited Apr 24 '18 at 08:28

answered Apr 24 '18 at 07:28

Jakub Kania

15,665
2
37
47

Does this mean you do not provide the `cidr_blocks` value for the egress attribute? – user1091968 Jul 19 '22 at 15:48
Updated link to [the manual](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) – LisaLisa Oct 25 '22 at 13:06

self-reference not allowed in Security Group definition

1 Answers1