aws_default_security_group fails on a repetitive run when description is defined

[MaximF]

Hi there,

Terraform Version

» terraform -v
Terraform v0.11.3
+ provider.aws v1.9.0

Affected Resource

• aws_default_security_group

Terraform Configuration Files

resource "aws_default_security_group" "default" {
  vpc_id = "${aws_vpc.company.id}"

  ingress {
    protocol  = -1
    from_port = 0
    to_port   = 0
    description = "My Security Group"
  }

Panic Output

* aws_default_security_group.default: Error revoking security group ingress rules: InvalidPermission.NotFound: The specified rule does not exist in this security group.
	status code: 400, request id: 41707628-1b5c-4659-ae2f-0621259d0515

Expected Behavior

Nothing should be changed

Actual Behavior

When description value is defined it works well on the first run and then reprovisioning fails even with no changes got introduced.
Without description value it works no matter how many times it got reran.

Steps to Reproduce

1. Define description in aws_default_security_group resource.
2. Run it for the first time. It should add description.
3. Run it again. It would fail with the mentioned error.
4. Manually remove that rule and re-run script. It would go through.
5. Run it again and it would show you an error message again.

[pmacdougall]

I believe this is the same issue as #2069 but for aws_default_security_group instead of the generic aws_security_group

[bflad]

Hi folks 👋 I believe the fix for this should be contained in #4416 which will be released with v1.19.0 of the AWS provider, likely middle of next week.

Given there were so many various issues surrounding this bug (this resource uses the same code as aws_security_group for rules handling), I will be locking this issue (amongst all the others) to encourage any lingering issues/discussion to be fully described in new issue(s) for consolidation. Thanks for your understanding.