No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

```  const allowPostgresSgRule =
      env === 'prod' &amp;&amp;
      tfCCCRdsPostgresSg &amp;&amp;
      new aws.ec2.SecurityGroupRule('ccc-postgres-access-rule', {
        type: 'ingress',
        fromPort: 5432,
        toPort: 5432,
        protocol: 'tcp',
        sourceSecurityGroupId: sg.id,
        securityGroupId: tfCCCRdsPostgresSg.id,
      });
   // NOTE: Sunguard GP VPN
   const allowLocalAccessGPSgRule = new aws.ec2.SecurityGroupRule('allow-gp-access-rule', {
    type: 'ingress',
    fromPort: 5432,
    toPort: 5432,
    protocol: 'tcp',
    cidrBlocks: ['XXX.XX.0.0/19'],
    securityGroupId: XXXXXRdsPostgresSg.id,
  });
  // NOTE: Bethpage GP VPN
  const allowLocalAccessGPBPSgRule = new aws.ec2.SecurityGroupRule('allow-gp-bp-access-rule', {
    type: 'ingress',
    fromPort: 5432,
    toPort: 5432,
    protocol: 'tcp',
    cidrBlocks: ['XXX.XX.X.0/24'],
    securityGroupId: XXXXRdsPostgresSg.id,
  });```

Are you saying that when you use `allowPostgresSgRule` later, its value is possibly undefined? Because it is. You're conditionally creating it.

If env isn't `prod` or tfCCCRdsPostgresSg is falsy, then allowPostgresSgRule will be undefined.

Can I suggest changing that to use more traditional if-statements? Or maybe just not make it conditional? SGs are free, just make it no matter what.