From 379c3676d735ecad17cfdc94fcbc636aadec25ee Mon Sep 17 00:00:00 2001
From: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
Date: Wed, 30 Jul 2025 18:29:17 +0200
Subject: [PATCH] [no-relnote] fix aws security ground create

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
---
 pkg/provider/aws/create.go | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/pkg/provider/aws/create.go b/pkg/provider/aws/create.go
index 040c356e2..4f46a10c6 100644
--- a/pkg/provider/aws/create.go
+++ b/pkg/provider/aws/create.go
@@ -249,22 +249,30 @@ func (p *Provider) createSecurityGroup(cache *AWS) error {
 	cache.SecurityGroupid = *sgOutput.GroupId
 
 	// Enter the Ingress rules for the security group
+	ipRangeMap := make(map[string]bool)
 	ipRanges := []types.IpRange{}
+
 	// First lookup for the IP address of the user
 	ip, err := utils.GetIPAddress()
 	if err != nil {
 		p.fail()
 		return fmt.Errorf("error getting IP address: %v", err)
 	}
+
+	// Add the auto-detected IP to the map and list
+	ipRangeMap[ip] = true
 	ipRanges = append(ipRanges, types.IpRange{
 		CidrIp: &ip,
 	})
 
-	// Then add the IP ranges from the spec
+	// Then add the IP ranges from the spec, skipping duplicates
 	for _, ip := range p.Spec.IngressIpRanges {
-		ipRanges = append(ipRanges, types.IpRange{
-			CidrIp: &ip,
-		})
+		if !ipRangeMap[ip] {
+			ipRangeMap[ip] = true
+			ipRanges = append(ipRanges, types.IpRange{
+				CidrIp: &ip,
+			})
+		}
 	}
 
 	irInput := &ec2.AuthorizeSecurityGroupIngressInput{