diff --git a/.changelog/32148.txt b/.changelog/32148.txt new file mode 100644 index 000000000000..58285c8859ee --- /dev/null +++ b/.changelog/32148.txt @@ -0,0 +1,4 @@ +```release-note:bug +resource/aws_vpc_security_group_egress_rule: Make `security_group_id` a required argument +resource/aws_vpc_security_group_ingress_rule: Make `security_group_id` a required argument +``` diff --git a/internal/service/ec2/vpc_security_group_ingress_rule.go b/internal/service/ec2/vpc_security_group_ingress_rule.go index db4d25b0b417..58134bb153af 100644 --- a/internal/service/ec2/vpc_security_group_ingress_rule.go +++ b/internal/service/ec2/vpc_security_group_ingress_rule.go @@ -134,7 +134,7 @@ func (r *resourceSecurityGroupRule) Schema(ctx context.Context, req resource.Sch Optional: true, }, "security_group_id": schema.StringAttribute{ - Optional: true, + Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, diff --git a/website/docs/r/security_group.html.markdown b/website/docs/r/security_group.html.markdown index 4ed02d408e61..4f1aa59b575d 100644 --- a/website/docs/r/security_group.html.markdown +++ b/website/docs/r/security_group.html.markdown @@ -236,6 +236,8 @@ The following arguments are required: The following arguments are optional: +~> **Note** Although `cidr_blocks`, `ipv6_cidr_blocks`, `prefix_list_ids`, and `security_groups` are all marked as optional, you _must_ provide one of them in order to configure the source of the traffic. + * `cidr_blocks` - (Optional) List of CIDR blocks. * `description` - (Optional) Description of this ingress rule. * `ipv6_cidr_blocks` - (Optional) List of IPv6 CIDR blocks. @@ -254,6 +256,8 @@ The following arguments are required: The following arguments are optional: +~> **Note** Although `cidr_blocks`, `ipv6_cidr_blocks`, `prefix_list_ids`, and `security_groups` are all marked as optional, you _must_ provide one of them in order to configure the destination of the traffic. + * `cidr_blocks` - (Optional) List of CIDR blocks. * `description` - (Optional) Description of this egress rule. * `ipv6_cidr_blocks` - (Optional) List of IPv6 CIDR blocks. diff --git a/website/docs/r/security_group_rule.html.markdown b/website/docs/r/security_group_rule.html.markdown index 342283ddab05..ebcfd1534674 100644 --- a/website/docs/r/security_group_rule.html.markdown +++ b/website/docs/r/security_group_rule.html.markdown @@ -99,6 +99,8 @@ or `egress` (outbound). The following arguments are optional: +~> **Note** Although `cidr_blocks`, `ipv6_cidr_blocks`, `prefix_list_ids`, and `source_security_group_id` are all marked as optional, you _must_ provide one of them in order to configure the source of the traffic. + * `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be specified with `source_security_group_id` or `self`. * `description` - (Optional) Description of the rule. * `ipv6_cidr_blocks` - (Optional) List of IPv6 CIDR blocks. Cannot be specified with `source_security_group_id` or `self`. diff --git a/website/docs/r/vpc_security_group_egress_rule.html.markdown b/website/docs/r/vpc_security_group_egress_rule.html.markdown index f3250f0aad01..8fea624aaaf9 100644 --- a/website/docs/r/vpc_security_group_egress_rule.html.markdown +++ b/website/docs/r/vpc_security_group_egress_rule.html.markdown @@ -26,12 +26,14 @@ resource "aws_vpc_security_group_egress_rule" "example" { cidr_ipv4 = "10.0.0.0/8" from_port = 80 ip_protocol = "tcp" - to_port = 8080 + to_port = 80 } ``` ## Argument Reference +~> **Note** Although `cidr_ipv4`, `cidr_ipv6`, `prefix_list_id`, and `referenced_security_group_id` are all marked as optional, you *must* provide one of them in order to configure the destination of the traffic. The `from_port` and `to_port` arguments are required unless `ip_protocol` is set to `-1` or `icmpv6`. + The following arguments are supported: * `cidr_ipv4` - (Optional) The destination IPv4 CIDR range. diff --git a/website/docs/r/vpc_security_group_ingress_rule.html.markdown b/website/docs/r/vpc_security_group_ingress_rule.html.markdown index 97ae7a476036..75ea178f0ff9 100644 --- a/website/docs/r/vpc_security_group_ingress_rule.html.markdown +++ b/website/docs/r/vpc_security_group_ingress_rule.html.markdown @@ -26,7 +26,7 @@ resource "aws_vpc_security_group_ingress_rule" "example" { cidr_ipv4 = "10.0.0.0/8" from_port = 80 ip_protocol = "tcp" - to_port = 8080 + to_port = 80 } ``` @@ -34,11 +34,13 @@ resource "aws_vpc_security_group_ingress_rule" "example" { The following arguments are supported: +~> **Note** Although `cidr_ipv4`, `cidr_ipv6`, `prefix_list_id`, and `referenced_security_group_id` are all marked as optional, you *must* provide one of them in order to configure the destination of the traffic. The `from_port` and `to_port` arguments are required unless `ip_protocol` is set to `-1` or `icmpv6`. + * `cidr_ipv4` - (Optional) The source IPv4 CIDR range. * `cidr_ipv6` - (Optional) The source IPv6 CIDR range. * `description` - (Optional) The security group rule description. * `from_port` - (Optional) The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type. -* `ip_protocol` - (Optional) The IP protocol name or number. Use `-1` to specify all protocols. Note that if `ip_protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined. +* `ip_protocol` - (Required) The IP protocol name or number. Use `-1` to specify all protocols. Note that if `ip_protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined. * `prefix_list_id` - (Optional) The ID of the source prefix list. * `referenced_security_group_id` - (Optional) The source security group that is referenced in the rule. * `security_group_id` - (Required) The ID of the security group.