Hi all I'm coming across an error an aws error... I have one custom resource instantiating a security group and another instantiating another security group and adding an ingress rule to allow traffic from the former; the security group id of the former is passed to the second resource by creating a dataclass the

pulumi up

spints out this error:

Diagnostics:
  pulumi:pulumi:Stack (mystack-dev):
    error: update failed

  aws:vpc:SecurityGroupIngressRule (mystack-sg-alb):
    error: creating VPC Security Group Rule: InvalidGroup.NotFound: The security group 'sg-XXXXXXXXX' does not exist  
        status code: 400, request id: 5226661c-0000-0000-0000-88ab245d4355

Resources:
    41 unchanged

Duration: 13s

I can see the resource available and even subsequent

pulumi up

commands lead to the same issue I looked into cloudtrail and i can see the request contains what appear to be a user id for this request, the other requests to add ingress tules don't have it...

"requestParameters": {
        "groupId": "sg-XXXXXX",
        "ipPermissions": {
            "items": [
                {
                    "ipProtocol": "tcp",
                    "fromPort": 0,
                    "toPort": 65535,
                    "groups": {
                        "items": [
                            {
                                "userId": "arn:aws:ec2:eu-west-1:12345678:security-group",
                                "groupId": "sg-XXXXXXXX"
                            }
                        ]
                    },
                    "ipRanges": {},
                    "ipv6Ranges": {},
                    "prefixListIds": {}
                }
            ]
        }
    },

can anyone provide any input as to what may be going wrong?? I'm using python and pulumi version

v3.102.0

Can you share relevant snippets of the code you're using?

Are you sure you're targetting the same region?

hi both, thank you for coming back to me! no, i was passing the arn of the security group instead of the id... i have several other security groups and that was the only one where i made that mistake so didn't spot it for hours... thanks tho! FYI: it is very weird that the cloudtrail seem to receive this missformed user id in the payload...