Terraform: aws_security_groups empty list of SecurityGroups

2 min read

If we try to use the aws_security_groups data source but the tags we choose do not match any SecurityGroup:

data "aws_security_groups" "eks-pod" {
  tags = {
     "NotAnActualTag" = "WontMatchAnything"

When we try to execute terraform (a plan or an apply) it will fail with the following message:

$ terraform plan 
Acquiring state lock. This may take a few moments...
│ Error: Your query returned no results. Please change your search criteria and try again.
│   with module.pet2cattle.data.aws_security_groups.pet2cattle-by-tags,
│   on modules/pet2cattle/main.tf line 140, in data "aws_security_groups" "pet2cattle-by-tags":
│  140: data "aws_security_groups" "pet2cattle-by-tags" {
Releasing state lock. This may take a few moments...

This is an annoying behavior since if we take a look at their own provide design guidelines it explicitly states that for Plural Data Sources (like in aws_security_groups):

These data sources are intended to return zero, one, or many results, (...)

Although there are other plural data sources that behave in the same exact way (like aws_vpcs or aws_vpc_peering_connections) I think it would make sense to allow to return empty sets instead of failing altogether. That's why I have create this PR for aws_security_groups. If you agree, please vote on this pull request by adding a thumps up reaction

Posted on 21/10/2021