Include more client side validation

[bcsgh]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Please include more client side validation for all rules where it can be done hermetically.

For example, wit aws_security_group there are some interactions between the ingress port and protocol parameter that can be checked locally.

In general, for any error that can be found without interacting with external resources, there is significant practical utility in reporting it during terraform plan or before updates are attempted by terraform apply rather than deferring that reporting to the point where someone is actually trying to modify the live state.

(That said, things should err on the side of lenience to avoid blocking things that AWS it self would allow. Or maybe make those case warnings?)

New or Affected Resource(s)

• aws_* (potentially many)

Potential Terraform Configuration

resource "aws_security_group" "main" {
  ingress {
    from_port = 22
    to_port = 22
    protocol = "-1"  # ERROR/WARNING: to/from ports must be zero when protocol=-1.  
    ...
  }
  ...
}

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[bcsgh]

FWIW, I still think this is a good idea and don't think it should be closed.

(I also don't think a lack of activity on an issue is a sound reason for assuming the maintainers should decide to avoid doing something. Furthermore, closing issues as "not important enough" seems like a bad idea to me. That's what the lowest priority setting should be used for.)