hashicorp · justinretzolk · Jun 26, 2023 · Jun 21, 2023 · Jun 21, 2023 · Jun 21, 2023
@@ -0,0 +1,4 @@
+```release-note:bug
+resource/aws_vpc_security_group_egress_rule: Make `security_group_id` a required argument
+resource/aws_vpc_security_group_ingress_rule: Make `security_group_id` a required argument
+```
@@ -134,7 +134,7 @@ func (r *resourceSecurityGroupRule) Schema(ctx context.Context, req resource.Sch
  Optional: true,
  },
  "security_group_id": schema.StringAttribute{
- Optional: true,
+ Required: true,
  PlanModifiers: []planmodifier.String{
  stringplanmodifier.RequiresReplace(),
  },

@@ -236,6 +236,8 @@ The following arguments are required:
 
 The following arguments are optional:
 
+~> **Note** Although `cidr_blocks`, `ipv6_cidr_blocks`, `prefix_list_ids`, and `security_groups` are all marked as optional, you _must_ provide one of them in order to configure the source of the traffic.
+
 * `cidr_blocks` - (Optional) List of CIDR blocks.
 * `description` - (Optional) Description of this ingress rule.
 * `ipv6_cidr_blocks` - (Optional) List of IPv6 CIDR blocks.
@@ -254,6 +256,8 @@ The following arguments are required:
 
 The following arguments are optional:
 
+~> **Note** Although `cidr_blocks`, `ipv6_cidr_blocks`, `prefix_list_ids`, and `security_groups` are all marked as optional, you _must_ provide one of them in order to configure the destination of the traffic.
+
 * `cidr_blocks` - (Optional) List of CIDR blocks.
 * `description` - (Optional) Description of this egress rule.
 * `ipv6_cidr_blocks` - (Optional) List of IPv6 CIDR blocks.

@@ -99,6 +99,8 @@ or `egress` (outbound).
 
 The following arguments are optional:
 
+~> **Note** Although `cidr_blocks`, `ipv6_cidr_blocks`, `prefix_list_ids`, and `source_security_group_id` are all marked as optional, you _must_ provide one of them in order to configure the source of the traffic.
+
 * `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be specified with `source_security_group_id` or `self`.
 * `description` - (Optional) Description of the rule.
 * `ipv6_cidr_blocks` - (Optional) List of IPv6 CIDR blocks. Cannot be specified with `source_security_group_id` or `self`.

@@ -26,12 +26,14 @@ resource "aws_vpc_security_group_egress_rule" "example" {
  cidr_ipv4 = "10.0.0.0/8"
  from_port = 80
  ip_protocol = "tcp"
- to_port = 8080
+ to_port = 80
 }
 ```
 
 ## Argument Reference
 
+~> **Note** Although `cidr_ipv4`, `cidr_ipv6`, `prefix_list_id`, and `referenced_security_group_id` are all marked as optional, you *must* provide one of them in order to configure the destination of the traffic. The `from_port` and `to_port` arguments are required unless `ip_protocol` is set to `-1` or `icmpv6`.
+
 The following arguments are supported:
 
 * `cidr_ipv4` - (Optional) The destination IPv4 CIDR range.

@@ -26,19 +26,21 @@ resource "aws_vpc_security_group_ingress_rule" "example" {
  cidr_ipv4 = "10.0.0.0/8"
  from_port = 80
  ip_protocol = "tcp"
- to_port = 8080
+ to_port = 80
 }
 ```
 
 ## Argument Reference
 
 The following arguments are supported:
 
+~> **Note** Although `cidr_ipv4`, `cidr_ipv6`, `prefix_list_id`, and `referenced_security_group_id` are all marked as optional, you *must* provide one of them in order to configure the destination of the traffic. The `from_port` and `to_port` arguments are required unless `ip_protocol` is set to `-1` or `icmpv6`.
+
 * `cidr_ipv4` - (Optional) The source IPv4 CIDR range.
 * `cidr_ipv6` - (Optional) The source IPv6 CIDR range.
 * `description` - (Optional) The security group rule description.
 * `from_port` - (Optional) The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type.
-* `ip_protocol` - (Optional) The IP protocol name or number. Use `-1` to specify all protocols. Note that if `ip_protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined.
+* `ip_protocol` - (Required) The IP protocol name or number. Use `-1` to specify all protocols. Note that if `ip_protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined.
 * `prefix_list_id` - (Optional) The ID of the source prefix list.
 * `referenced_security_group_id` - (Optional) The source security group that is referenced in the rule.
 * `security_group_id` - (Required) The ID of the security group.