Adding second scenario where IPv6 is not supported

[missingcharacter]

When trying to create a security group in AWS CN I ran into the following error:

* module.security_groups.aws_security_group.dev-https-in: 1 error(s) occurred:

* aws_security_group.dev-https-in: Error revoking default IPv6 egress rule for Security Group (sg-56489bc5): InvalidParameterValue: remote-ipv6-range
	status code: 400, request id: beeb90dd-7b32-4905-9b94-59e3e00f77f5

Added this check as another way to determine IPv6 is not supported therefore ignore the error and continue.
I already tested with the same case that gave me these errors and I no longer get them and my security groups are created.

I'm not sure the code is exactly how it should be, I'll be more than happy to modify it if needed.

[missingcharacter]

I'm now confident this works, let me know if I should change anything.

[radeksimko]

Hi @missingcharacter
thanks for the PR.

While we do have some AWS CN specific code, it's always scoped explicitly to that region, so it's safe to assume it will only affect users of that region.

We (HashiCorp) do not have access to the Chinese AWS region, unfortunately, so we can't reliably test this - which is the main reason this is hanging here. Is this something you could potentially help us with?

An acceptable alternative is pasting full HTTP response (available from debug log) and decide how to tighten the condition to something like isAWSErr("InvalidParameterValue", "specific IPv6 err message"). The error code seems to be a bit too generic and there's risk of ignoring errors we don't intend to ignore.

Admittedly InvalidPermission.NotFound code match is already quite generic and brings some risk.

[timonwong]

FYI: The HTTP 400 bad request returned from AWS CN is:

<Response>
<Errors>
<Error><Code>InvalidParameterValue</Code><Message>remote-ipv6-range</Message></Error></Errors>
<RequestID>xxxxxxxxxxxxxxxxxxxxxxxxxxx</RequestID>
</Response>

[Ninir]

Hi @timonwong

Is remote-ipv6-range the exact message that is returned by AWS or actually a placeholder?
If it's a placeholder, we should check that this message is actually in the form of 2620:0:2d0:200::7/32, etc.

[timonwong]

Hi @Ninir, it's the exact message returned from AWS CN.

[Ninir]

Then as Radek exposed it, can you update this work using:

isAWSErr("InvalidParameterValue", "remote-ipv6-range")

to handle this case?

Thanks!

[missingcharacter]

Sorry for the long delay on this change, made the change and tested, this time I kept TF_LOG=DEBUG and saved the logs TF_LOG_PATH=~/terraform.log in case you need them.

[Ninir]

Hi @missingcharacter,

As we cannot test it, is the last change you made fixing your issue?

Thank you for your quick answer and the work made! 👍

[missingcharacter]

@Ninir yes, this fixes my issue too

[Ninir]

Thank you @missingcharacter ! :)

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!