import * as awsx from '@pulumi/awsx';

export const vpc = new awsx.ec2.Vpc('custom', {
  cidrBlock: '10.0.0.0/16',
  numberOfAvailabilityZones: 3,
  subnets: [
    { type: 'public' },
    { type: 'private' },
    { type: 'isolated', name: 'db' },
    { type: 'isolated', name: 'redis' }
  ]
});

export const sg = new awsx.ec2.SecurityGroup('sg', { vpc });
awsx.ec2.SecurityGroupRule.ingress(
  'https',
  sg,
  new awsx.ec2.AnyIPv4Location(),
  new awsx.ec2.TcpPorts(443),
  'allow https access'
);
awsx.ec2.SecurityGroupRule.ingress(
  'ssh',
  sg,
  new awsx.ec2.AnyIPv4Location(),
  new awsx.ec2.TcpPorts(22),
  'allow ssh access'
);

For this above code I am running into this error

aws:ec2:SecurityGroup (sg):
    error: Plan apply failed: Error creating Security Group: InvalidParameterValue: Value (sg-34e72cd) for parameter GroupName is invalid. Group names may not be in the format sg-*.
    	status code: 400, request id: 5a65b4e8-298c-4b18-9e85-94c61d7e19b4

Looks like the

sg

with an

-

is an issue. Am I doing something wrong? Or is it a bug?

Looks like this is an AWS restriction. You’ll presumably need a name other than

sg

in your code above. From https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html: Names and descriptions can be up to 255 characters in length. Names and descriptions are limited to the following characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*. A security group name cannot start with sg-. A security group name must be unique within the VPC.

Thanks, that solved the problem.