diff --git a/internal/service/ec2/vpc_security_group_ingress_rule.go b/internal/service/ec2/vpc_security_group_ingress_rule.go index db4d25b0b41..58134bb153a 100644 --- a/internal/service/ec2/vpc_security_group_ingress_rule.go +++ b/internal/service/ec2/vpc_security_group_ingress_rule.go @@ -134,7 +134,7 @@ func (r *resourceSecurityGroupRule) Schema(ctx context.Context, req resource.Sch Optional: true, }, "security_group_id": schema.StringAttribute{ - Optional: true, + Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, diff --git a/website/docs/r/vpc_security_group_egress_rule.html.markdown b/website/docs/r/vpc_security_group_egress_rule.html.markdown index f3250f0aad0..0ddc87258a5 100644 --- a/website/docs/r/vpc_security_group_egress_rule.html.markdown +++ b/website/docs/r/vpc_security_group_egress_rule.html.markdown @@ -26,12 +26,15 @@ resource "aws_vpc_security_group_egress_rule" "example" { cidr_ipv4 = "10.0.0.0/8" from_port = 80 ip_protocol = "tcp" - to_port = 8080 + to_port = 80 } ``` ## Argument Reference +~> **NOTE on optional/required attributes:** Although `cidr_ipv4`, `cidr_ipv6`, `prefix_list_id`, and `referenced_security_group_id` are all marked as optional, you *must* provide one of them in order to configure the destination of the traffic. +`from_port` and `to_port` are required, unless `ip_protocol` is set to `-1` or `icmpv6`. + The following arguments are supported: * `cidr_ipv4` - (Optional) The destination IPv4 CIDR range. diff --git a/website/docs/r/vpc_security_group_ingress_rule.html.markdown b/website/docs/r/vpc_security_group_ingress_rule.html.markdown index 97ae7a47603..6db678f43af 100644 --- a/website/docs/r/vpc_security_group_ingress_rule.html.markdown +++ b/website/docs/r/vpc_security_group_ingress_rule.html.markdown @@ -26,7 +26,7 @@ resource "aws_vpc_security_group_ingress_rule" "example" { cidr_ipv4 = "10.0.0.0/8" from_port = 80 ip_protocol = "tcp" - to_port = 8080 + to_port = 80 } ``` @@ -34,11 +34,14 @@ resource "aws_vpc_security_group_ingress_rule" "example" { The following arguments are supported: +~> **NOTE on optional/required attributes:** Although `cidr_ipv4`, `cidr_ipv6`, `prefix_list_id`, and `referenced_security_group_id` are all marked as optional, you *must* provide one of them in order to configure the source of the traffic. +`from_port` and `to_port` are required, unless `ip_protocol` is set to `-1` or `icmpv6`. + * `cidr_ipv4` - (Optional) The source IPv4 CIDR range. * `cidr_ipv6` - (Optional) The source IPv6 CIDR range. * `description` - (Optional) The security group rule description. * `from_port` - (Optional) The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type. -* `ip_protocol` - (Optional) The IP protocol name or number. Use `-1` to specify all protocols. Note that if `ip_protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined. +* `ip_protocol` - (Required) The IP protocol name or number. Use `-1` to specify all protocols. Note that if `ip_protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined. * `prefix_list_id` - (Optional) The ID of the source prefix list. * `referenced_security_group_id` - (Optional) The source security group that is referenced in the rule. * `security_group_id` - (Required) The ID of the security group.