Terraform shows plan changes when inline security group rules are converted to aws_security_group_rule

[ghost]

This issue was originally opened by @pkr1234 as hashicorp/terraform#18487. It was migrated here as a result of the provider split. The original body of the issue is below.

---

I have a security group with inline rules. Example:

resource "aws_security_group" "mysecgroup" {
    name        = "lala"
    vpc_id      = "xxx"
     ingress {
     ....
     }
     egress {
     }

}

I was getting terraform cycle error. In order to resolve that, I removed the inline blocks and moved them to aws_security_group_rule like this:

resource "aws_security_group_rule" "Rule1" {
  type                     = "ingress"
  from_port                = 22
  to_port                  = 22
  protocol                 = "tcp"
  cidr_blocks              = ["0.0.0.0/0"]
  security_group_id        = "${aws_security_group.mysecgroup.id}"
}

resource "aws_security_group_rule" "Rule2" {
  type                     = "egress"
  from_port                = 0
  to_port                  = 0
  protocol                 = "all"
  cidr_blocks              = ["0.0.0.0/0"]
  security_group_id        = "${aws_security_group.mysecgroup.id}"
}

Now I run terraform plan and it shows it will add 2 resources. There should be no changes.

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + aws_security_group_rule.Rule1
      id:                       <computed>
      cidr_blocks.#:            "1"
      cidr_blocks.0:            "0.0.0.0/0"
      from_port:                "22"
      protocol:                 "tcp"
      security_group_id:        "sg-xxxxxx"
      self:                     "false"
      source_security_group_id: <computed>
      to_port:                  "22"
      type:                     "ingress"

  + aws_security_group_rule.Rule2
      id:                       <computed>
      cidr_blocks.#:            "1"
      cidr_blocks.0:            "0.0.0.0/0"
      from_port:                "0"
      protocol:                 "-1"
      security_group_id:        "sg-xxxxxx"
      self:                     "false"
      source_security_group_id: <computed>
      to_port:                  "0"
      type:                     "egress"


Plan: 2 to add, 0 to change, 0 to destroy.

How do I resolve this? I do not want terraform plan to show any changes and I'm importing an existing infrastructure.

[YakDriver]

Same cause/effect as issue #6036

[tracypholmes]

Thank you for using Terraform and for opening up this question, @pkr1234! Issues on GitHub are intended to be related to bugs or feature requests with the provider codebase. Please use https://discuss.hashicorp.com/c/terraform-providers for community discussions, and questions around Terraform.

If you believe that your issue was miscategorized as a question or closed in error, please create a new issue using one of the following provided templates: bug report or feature request. Please make sure to provide us with the appropriate information so we can best determine how to assist with the given issue.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!