pulumi-awsx icon indicating copy to clipboard operation
pulumi-awsx copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Error creating Security Group: InvalidParameterValue: Value (sg-86c8964) for parameter GroupName is invalid.

Open crucialfelix opened this issue 6 years ago • 4 comments

Default naming construction needs to omit the -

const sg = new awsx.ec2.SecurityGroup("sg", { vpc });

Diagnostics: aws:ec2:SecurityGroup (sg): error: Plan apply failed: Error creating Security Group: InvalidParameterValue: Value (sg-86c8964) for parameter GroupName is invalid. Group names may not be in the format sg-*. status code: 400, request id: 5de30d96-b590-4e6c-9493-e27e1aed9486

Thanks! Great so far.

crucialfelix avatar Jun 14 '19 09:06 crucialfelix

btw. the ec2 SecurityGroup docs seems to be copypasted from terraform: https://pulumi.io/reference/pkg/nodejs/pulumi/aws/ec2/#SecurityGroup

NOTE on Security Groups and Security Group Rules: Terraform currently provides both a standalone Security Group Rule resource

crucialfelix avatar Jun 14 '19 09:06 crucialfelix

This seems to only happen if you name your security group sg, and is an unfortunate byproduct of how we auto-append a random suffix to help to avoid naming collisions.

One option would be to do eager verification in the constructor to check for this. That would have the benefit of failing during preview (rather than during the update, as the above will do), in addition to letting us give a better error message (since the user didn't add the suffix, it can be confusing at first).

joeduffy avatar Jun 21 '19 14:06 joeduffy

Same issue for starting name with sg- for pulumi_aws.ec2.SecurityGroup:

pulumi_aws.ec2.SecurityGroup(
        "sg-ec-pr"
        description="Enable Redis inbound traffic",
        ingress=[{
            "from_port": 6379,
            "to_port": 6379,
            "protocol": "tcp",
            "cidr_blocks": ["0.0.0.0/0"],
        }],
        vpc_id=vpc_id,
        tags={
            "Name": name,
        }
    )


Diagnostics:
  aws:ec2:SecurityGroup (sg-ec-pr):
    error: aws:ec2/securityGroup:SecurityGroup resource 'sg-ec-pr' has a problem: 
invalid value for name (cannot begin with sg-). Examine values at 'SecurityGroup.Name'.

omidraha avatar Aug 15 '23 16:08 omidraha

The problem is using "sg-" in lowercase. AWS reserves that prefix "sg-" for the identifiers of automatically generated Security Groups. This can cause conflicts or unexpected behavior in the configuration and management of resources.

You can use it with uppercase "SG-" instade.

jarroniz-nt avatar Jul 10 '24 11:07 jarroniz-nt

This issue refers to the previous version of awsx, now referred to as awsx-classic.

The current version of awsx does not include a SecurityGroup component anymore and awsx-classic will only receive updates for critical security fixes. The good news is that awsx-classic is just copy&paste-able typescript code, so you can adapt it to your needs: https://github.com/pulumi/pulumi-awsx/tree/master/awsx-classic.

flostadler avatar Sep 26 '24 12:09 flostadler