[Enhancement]: tagging inline security group rules in existing resource or a new aws_security_group_v2

[nitrocode]

Description

Id like exclusive management of my security group rules to be in terraform and i want tagging.

There isnt an easy way to do this unless i want to forego exclusive management (vulnerable to clickops) or forego tagging.

Perhaps the original resource can be updated to allow tagging of inline rules or a new v2 resource can be created?

Affected Resource(s) and/or Data Source(s)

• aws_security_group

Potential Terraform Configuration

resource "aws_security_group" "example" {
  # ... other configuration ...

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    prefix_list_ids = [aws_vpc_endpoint.my_endpoint.prefix_list_id]
    tags            = var.tags
  }

  tags = var.tags
}

References

No response

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[ewbankkit]

@nitrocode The aws_vpc_security_group_ingress_rule and aws_vpc_security_group_egress_rule resources are now the preferred way to managed security group rules and they both support rule tagging.

[nitrocode]

Yes but they don't allow me to enforce the entire security group in code like the inline rules do. This is why I'm suggesting either a separate sg resource or a modification of the existing sg resource