Description
We thought in terraform 0.6.0 #2366 might fix this issue, but we have tested on 0.5.3, and 0.6.0 and it is still broken.
We have a fairly large configuration full of aws_security_group_rules and sometimes multiple security_groups applied to aws_instances. We like having individual rules, rather than lots of rules in an aws_security_group, because they can be labelled, and there were previous bugs with aws_security_group on changing some of the rules, causing us to go down the aws_security_group_rules route. (We like managing the rules independently of the security group)
The problem is, on a fresh terraform apply, terraform reports that all aws_security_group_rules have been created, but some of them (a random selection each time) are not added to the tfstate file. This means that a further terraform plan yields further rules to be created, but because they do exist in Amazon, a further terraform apply does not work, as they come back with "duplicate rule".
I ran the whole thing in TF_LOG=debug mode, so have captured everything, and have tried to show the relevant bits here (as I dont want to share the entire config of what I'm doing), but the key facts are that each time a fresh terraform apply (from nothing) is done, a random set of rules fails to make it into the tfstate file.
I will shortly update this with the relevant snippets of logs/code etc.