Merge pull request #32148 from mattburgess/update-security-group-rule…

…-docs Improve doc accuracy for `aws_vpc_security_group_ingress_rule` and `a…
hashicorp · Jun 26, 2023 · 43290b2 · 43290b2
2 parents eeb6c7c + 907a04a
commit 43290b2
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 4 deletions.
diff --git a/.changelog/32148.txt b/.changelog/32148.txt
@@ -0,0 +1,4 @@
+```release-note:bug
+resource/aws_vpc_security_group_egress_rule: Make `security_group_id` a required argument
+resource/aws_vpc_security_group_ingress_rule: Make `security_group_id` a required argument
+```
diff --git a/internal/service/ec2/vpc_security_group_ingress_rule.go b/internal/service/ec2/vpc_security_group_ingress_rule.go
@@ -134,7 +134,7 @@ func (r *resourceSecurityGroupRule) Schema(ctx context.Context, req resource.Sch
  Optional: true,
  },
  "security_group_id": schema.StringAttribute{
- Optional: true,
+ Required: true,
  PlanModifiers: []planmodifier.String{
  stringplanmodifier.RequiresReplace(),
  },

diff --git a/website/docs/r/security_group.html.markdown b/website/docs/r/security_group.html.markdown
@@ -236,6 +236,8 @@ The following arguments are required:
 
 The following arguments are optional:
 
+~> **Note** Although `cidr_blocks`, `ipv6_cidr_blocks`, `prefix_list_ids`, and `security_groups` are all marked as optional, you _must_ provide one of them in order to configure the source of the traffic.
+
 * `cidr_blocks` - (Optional) List of CIDR blocks.
 * `description` - (Optional) Description of this ingress rule.
 * `ipv6_cidr_blocks` - (Optional) List of IPv6 CIDR blocks.
@@ -254,6 +256,8 @@ The following arguments are required:
 
 The following arguments are optional:
 
+~> **Note** Although `cidr_blocks`, `ipv6_cidr_blocks`, `prefix_list_ids`, and `security_groups` are all marked as optional, you _must_ provide one of them in order to configure the destination of the traffic.
+
 * `cidr_blocks` - (Optional) List of CIDR blocks.
 * `description` - (Optional) Description of this egress rule.
 * `ipv6_cidr_blocks` - (Optional) List of IPv6 CIDR blocks.

diff --git a/website/docs/r/security_group_rule.html.markdown b/website/docs/r/security_group_rule.html.markdown
@@ -99,6 +99,8 @@ or `egress` (outbound).
 
 The following arguments are optional:
 
+~> **Note** Although `cidr_blocks`, `ipv6_cidr_blocks`, `prefix_list_ids`, and `source_security_group_id` are all marked as optional, you _must_ provide one of them in order to configure the source of the traffic.
+
 * `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be specified with `source_security_group_id` or `self`.
 * `description` - (Optional) Description of the rule.
 * `ipv6_cidr_blocks` - (Optional) List of IPv6 CIDR blocks. Cannot be specified with `source_security_group_id` or `self`.

diff --git a/website/docs/r/vpc_security_group_egress_rule.html.markdown b/website/docs/r/vpc_security_group_egress_rule.html.markdown
@@ -26,12 +26,14 @@ resource "aws_vpc_security_group_egress_rule" "example" {
  cidr_ipv4 = "10.0.0.0/8"
  from_port = 80
  ip_protocol = "tcp"
- to_port = 8080
+ to_port = 80
 }
 ```
 
 ## Argument Reference
 
+~> **Note** Although `cidr_ipv4`, `cidr_ipv6`, `prefix_list_id`, and `referenced_security_group_id` are all marked as optional, you *must* provide one of them in order to configure the destination of the traffic. The `from_port` and `to_port` arguments are required unless `ip_protocol` is set to `-1` or `icmpv6`.
+
 The following arguments are supported:
 
 * `cidr_ipv4` - (Optional) The destination IPv4 CIDR range.

diff --git a/website/docs/r/vpc_security_group_ingress_rule.html.markdown b/website/docs/r/vpc_security_group_ingress_rule.html.markdown
@@ -26,19 +26,21 @@ resource "aws_vpc_security_group_ingress_rule" "example" {
  cidr_ipv4 = "10.0.0.0/8"
  from_port = 80
  ip_protocol = "tcp"
- to_port = 8080
+ to_port = 80
 }
 ```
 
 ## Argument Reference
 
 The following arguments are supported:
 
+~> **Note** Although `cidr_ipv4`, `cidr_ipv6`, `prefix_list_id`, and `referenced_security_group_id` are all marked as optional, you *must* provide one of them in order to configure the destination of the traffic. The `from_port` and `to_port` arguments are required unless `ip_protocol` is set to `-1` or `icmpv6`.
+
 * `cidr_ipv4` - (Optional) The source IPv4 CIDR range.
 * `cidr_ipv6` - (Optional) The source IPv6 CIDR range.
 * `description` - (Optional) The security group rule description.
 * `from_port` - (Optional) The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type.
-* `ip_protocol` - (Optional) The IP protocol name or number. Use `-1` to specify all protocols. Note that if `ip_protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined.
+* `ip_protocol` - (Required) The IP protocol name or number. Use `-1` to specify all protocols. Note that if `ip_protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined.
 * `prefix_list_id` - (Optional) The ID of the source prefix list.
 * `referenced_security_group_id` - (Optional) The source security group that is referenced in the rule.
 * `security_group_id` - (Required) The ID of the security group.