search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
447 stars 155 forks source link

SecurityGroupRule throws misleading error message when cidrBlocks or sourceSecurityGroupId or self is not set. #2413

Open MitchellGerdisch opened 1 year ago

MitchellGerdisch commented 1 year ago

What happened?

Ran the code below (i.e. forgot to add cidrBlocks property in the security rule resource) and received this error:

  aws:ec2:SecurityGroupRule (sg-ssh-access):
    error: 1 error occurred:
        * waiting for Security Group (sg-09258add16ff71eac) Rule (sgrule-3463784416) create: couldn't find resource

There is no hint that the issue is due to a missing cidrBlocks (or sourceSecurityGroupId or self) property. Furthermore, the docs don't make it clear that one of these properties is required.

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = new awsx.ec2.Vpc("myvpc", {
  cidrBlock: "10.0.0.0/24",
});

const sg = new aws.ec2.SecurityGroup("mysg",{
    vpcId: vpc.vpcId
})

const allowSsh = new aws.ec2.SecurityGroupRule("sg-ssh-access",{
    type: "ingress",
    // cidrBlocks: ["0.0.0.0/0"],
    description: "Allow SSH access for crypto miners",
    securityGroupId: sg.id,
    fromPort: 22,
    toPort: 22,
    protocol: "TCP",
}, 
// when things work the rule is created within a couple of seconds.
{customTimeouts: { create: "15s"}
})

Expected Behavior

The error message (and optimally the documentation) should make it clear that the root cause of the issue is due to missing cidrBlocks, sourceSecurityGroupId, or self property.

Steps to reproduce

Output of pulumi about

CLI
Version 3.57.1 Go Version go1.20.1 Go Compiler gc

Plugins NAME VERSION aws 5.31.0 awsx 1.0.2 docker 3.6.1 nodejs unknown

Host
OS darwin Version 12.5.1 Arch x86_64

This project is written in nodejs: executable='/Users/mitch/.nvm/versions/node/v18.0.0/bin/node' version='v18.0.0'

Found no pending operations associated with dev

Backend
Name pulumi.com URL https://app.pulumi.com/MitchGerdisch

Dependencies: NAME VERSION @pulumi/pulumi 3.57.1 @types/node 16.18.16 @pulumi/aws 5.31.0 @pulumi/awsx 1.0.2

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

squaremo commented 1 year ago

I can only agree with your diagnosis :-) Thanks Mitch!