In Terraform you might want to replace ingress
/egress
rules directly on an aws_security_group
with individual aws_security_group_rule
s, so that they work properly.
To do this, first make the required *.tf
changes. Great. Now the plan contains only rule additions, and application fails due to the collision with the undeleted old rules.
terraform state rm aws_security_group.the_sg
terraform import aws_security_group.the_sg sg-deadbeef
Great. Now it's imported a bunch of aws_security_group_rule
s called aws_security_group_rule.the_sg
and aws_security_group_rule.the_sg-1
up to -whatever
, rather than the aws_security_group_rule.descriptive_name
you wanted.