https://pulumi.com logo
#python
Title
# python
f

full-sugar-56177

11/19/2021, 11:47 AM
I am trying to create a security group with CIDR another security group using its ID but I am getting the following error has a problem: "sg-12345678" is not a valid CIDR block: invalid CIDR address: sg-12345678. Examine values at 'SecurityGroup.Ingresses'. My code:
Copy code
lb_sg = aws.ec2.get_security_group(                        
    tags={"Name": "my-lb"}"
)                                                          

sg = aws.ec2.SecurityGroup(                                  
    "web-lb",                                            
    vpc_id=vpc_id,                                           
    description="Enable HTTP access from Load Balancer",     
    ingress=[                                                
        aws.ec2.SecurityGroupIngressArgs(                    
            protocol="tcp",                                  
            from_port=args.port,                             
            to_port=args.port,                               
            cidr_blocks=[lb_sg.id)],                     
        )                                                    
    ],                                                       
    egress=[                                                 
        aws.ec2.SecurityGroupEgressArgs(                     
            protocol="-1",                                   
            from_port=0,                                     
            to_port=0,                                       
            cidr_blocks=["0.0.0.0/0"],                       
        )                                                    
    ],                                                       
)
p

prehistoric-activity-61023

11/19/2021, 12:10 PM
I think the error is kinda self-explanatory. You have to pass CIDR there, not a string name (like
sg-12345678
).
I checked the docs and it looks like SecurityGroup can get
security_groups
instead of `cidr_blocks`: https://www.pulumi.com/registry/packages/aws/api-docs/ec2/securitygroup/#securitygroupingress
I’d check if changing:
Copy code
cidr_blocks=[lb_sg.id]
to
Copy code
security_groups=[lb_sg.id]
works for you.
🙏 1
f

full-sugar-56177

11/19/2021, 12:22 PM
Thank you!