Improve doc accuracy for aws_vpc_security_group_ingress_rule and `a…

…ws_vpc_security_group_egress_rule` * `ip_protocol` was marked as `Required` in the schema but `Optional` in the docs * `security_group_id` is `Required` but was `Optional` in the schema * Try to clarify the situations where `Optional` arguments are actually `Required` * Make examples less confusing by using a single port; using different ports makes it look like some kind of port mapping
hashicorp · Jun 21, 2023 · ee8af4f · ee8af4f
1 parent 59ae58d
commit ee8af4f
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 4 deletions.
diff --git a/internal/service/ec2/vpc_security_group_ingress_rule.go b/internal/service/ec2/vpc_security_group_ingress_rule.go
@@ -134,7 +134,7 @@ func (r *resourceSecurityGroupRule) Schema(ctx context.Context, req resource.Sch
 				Optional: true,
 			},
 			"security_group_id": schema.StringAttribute{
-				Optional: true,
+				Required: true,
 				PlanModifiers: []planmodifier.String{
 					stringplanmodifier.RequiresReplace(),
 				},

diff --git a/website/docs/r/vpc_security_group_egress_rule.html.markdown b/website/docs/r/vpc_security_group_egress_rule.html.markdown
@@ -26,12 +26,15 @@ resource "aws_vpc_security_group_egress_rule" "example" {
   cidr_ipv4   = "10.0.0.0/8"
   from_port   = 80
   ip_protocol = "tcp"
-  to_port     = 8080
+  to_port     = 80
 }
 ```
 
 ## Argument Reference
 
+~> **NOTE on optional/required attributes:** Although `cidr_ipv4`, `cidr_ipv6`, `prefix_list_id`, and `referenced_security_group_id` are all marked as optional, you *must* provide one of them in order to configure the destination of the traffic.
+`from_port` and `to_port` are required, unless `ip_protocol` is set to `-1` or `icmpv6`.
+
 The following arguments are supported:
 
 * `cidr_ipv4` - (Optional) The destination IPv4 CIDR range.

diff --git a/website/docs/r/vpc_security_group_ingress_rule.html.markdown b/website/docs/r/vpc_security_group_ingress_rule.html.markdown
@@ -26,19 +26,22 @@ resource "aws_vpc_security_group_ingress_rule" "example" {
   cidr_ipv4   = "10.0.0.0/8"
   from_port   = 80
   ip_protocol = "tcp"
-  to_port     = 8080
+  to_port     = 80
 }
 ```
 
 ## Argument Reference
 
 The following arguments are supported:
 
+~> **NOTE on optional/required attributes:** Although `cidr_ipv4`, `cidr_ipv6`, `prefix_list_id`, and `referenced_security_group_id` are all marked as optional, you *must* provide one of them in order to configure the source of the traffic.
+`from_port` and `to_port` are required, unless `ip_protocol` is set to `-1` or `icmpv6`.
+
 * `cidr_ipv4` - (Optional) The source IPv4 CIDR range.
 * `cidr_ipv6` - (Optional) The source IPv6 CIDR range.
 * `description` - (Optional) The security group rule description.
 * `from_port` - (Optional) The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type.
-* `ip_protocol` - (Optional) The IP protocol name or number. Use `-1` to specify all protocols. Note that if `ip_protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined.
+* `ip_protocol` - (Required) The IP protocol name or number. Use `-1` to specify all protocols. Note that if `ip_protocol` is set to `-1`, it translates to all protocols, all port ranges, and `from_port` and `to_port` values should not be defined.
 * `prefix_list_id` - (Optional) The ID of the source prefix list.
 * `referenced_security_group_id` - (Optional) The source security group that is referenced in the rule.
 * `security_group_id` - (Required) The ID of the security group.