No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I think the error is kinda self-explanatory. You have to pass CIDR there, not a string name (like `sg-12345678`).

I checked the docs and it looks like SecurityGroup can get `security_groups` instead of `cidr_blocks`:
<https://www.pulumi.com/registry/packages/aws/api-docs/ec2/securitygroup/#securitygroupingress>

I’d check if changing:
```cidr_blocks=[lb_sg.id]```
to
```security_groups=[lb_sg.id]```
works for you.