terraformoracle-cloud-infrastructureterraform-provider-ocinetwork-load-balancer

Terraform OCI error when creating Network Load Balancer

I am trying to create a network Load Balancer in OCI but i am getting the error below:

│ Error: 404-NotAuthorizedOrNotFound, Authorization failed or requested resource not found.
│ Suggestion: Either the resource has been deleted or service Network Load Balancer need policy to access this resource. Policy reference: https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm
│ Documentation: https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_load_balancer_network_load_balancer 
│ API Reference: https://docs.oracle.com/iaas/api/#/en/networkloadbalancer/20200501/NetworkLoadBalancer/CreateNetworkLoadBalancer 
│ Request Target: POST https://network-load-balancer-api.af-johannesburg-1.oci.oraclecloud.com/20200501/networkLoadBalancers 
│ Provider version: 5.31.0, released on 2024-02-29. This provider is 4 Update(s) behind to current. 
│ Service: Network Load Balancer 
│ Operation Name: CreateNetworkLoadBalancer 
│ OPC request ID: 0256511fde90f28584e79623b17f1b38/190C305D6D14F898BC9F8EEFCB93878A/4ED76C648A27CAEBD406E5EE79D813C2 
│ │ 
│   with oci_network_load_balancer_network_load_balancer.web,
│   on nlb.tf line 3, in resource "oci_network_load_balancer_network_load_balancer" "web":
│    3: resource "oci_network_load_balancer_network_load_balancer" "web" {

If i create the NLB manually and import it into my tfstate i get this error now:

404-NotAuthorizedOrNotFound, Authorization failed or requested resource not found.
│ Suggestion: Either the resource has been deleted or service Network Load Balancer need policy to access this resource. Policy reference: https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm
│ Documentation: https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_load_balancer_network_load_balancer 
│ API Reference: https://docs.oracle.com/iaas/api/#/en/networkloadbalancer/20200501/NetworkLoadBalancer/CreateNetworkLoadBalancer 
│ Request Target: POST https://network-load-balancer-api.af-johannesburg-1.oci.oraclecloud.com/20200501/networkLoadBalancers 
│ Provider version: 5.31.0, released on 2024-02-29. This provider is 4 Update(s) behind to current. 
│ Service: Network Load Balancer 
│ Operation Name: CreateNetworkLoadBalancer 
│ OPC request ID: 393f50d1bc243450e5d99f5d35b2633a/6BE524CE75B807B16CE03B3CCC3EFF51/F18A5909F19EBA97E64AACB30AECFE36

Below is the code for my NLB:

# Create a network load balancer for web servers
resource "oci_network_load_balancer_network_load_balancer" "web" {
  compartment_id                 = "ocid1.compartment.oc1xxxx"
  display_name                   = "web"
  subnet_id                      = oci_core_subnet.web_public_01.id
  freeform_tags                  = local.tags.defaults
  is_preserve_source_destination = true
  is_private                     = false
  network_security_group_ids = [
    oci_core_network_security_group_security_rule.web.id
  ]
}

# NSG Backend Sets
resource "oci_network_load_balancer_backend_set" "web" {

  name                     = "web-backend-sets"
  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.web.id
  policy                   = "FIVE_TUPLE"


  health_checker {

    protocol = "HTTP"

    #Optional
    interval_in_millis = 10000
    port               = 80
    # request_data        = var.backend_set_health_checker_request_data
    # response_body_regex = var.backend_set_health_checker_response_body_regex
    # response_data       = var.backend_set_health_checker_response_data
    # retries             = var.backend_set_health_checker_retries
    # return_code         = var.backend_set_health_checker_return_code
    # timeout_in_millis   = var.backend_set_health_checker_timeout_in_millis
    url_path = "/"
  }

  #Optional
  # ip_version = var.backend_set_ip_version
  # is_preserve_source = var.backend_set_is_preserve_source
}

# NSG Backends
resource "oci_network_load_balancer_backend" "web_01" {
  backend_set_name         = oci_network_load_balancer_backend_set.web.name
  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.web.id
  port                     = 80

  is_backup  = false
  is_drain   = false
  is_offline = false
  # name       = oci_core_instance.web_01.display_name
  target_id = oci_core_instance.web_01.id
  weight    = 1
}

resource "oci_network_load_balancer_backend" "web_02" {
  backend_set_name         = oci_network_load_balancer_backend_set.web.name
  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.web.id
  port                     = 80

  is_backup  = false
  is_drain   = false
  is_offline = false
  # name       = oci_core_instance.web_02.display_name
  target_id = oci_core_instance.web_02.id
  weight    = 1
}

# NSG Listeners
resource "oci_network_load_balancer_listener" "web" {
  #Required
  default_backend_set_name = oci_network_load_balancer_backend_set.web.name
  name                     = "web-listeners"
  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.web.id
  port                     = 80
  protocol                 = "TCP_AND_UDP"
}

Am i missing a policy or something that will enable me to create NLB resources ?

Solution

  • The issue seems to be at this part:

    network_security_group_ids = [
    oci_core_network_security_group_security_rule.web.id
  ]

    Instead of oci_core_network_security_group_security_rule.web.id it should be oci_core_network_security_group.web.id