vpc/sg_ingress_rule: Clarify best practice

hashicorp · Jul 25, 2024 · c52bbe9 · c52bbe9
1 parent 86c1251
commit c52bbe9
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/website/docs/r/vpc_security_group_ingress_rule.html.markdown b/website/docs/r/vpc_security_group_ingress_rule.html.markdown
@@ -12,10 +12,9 @@ Manages an inbound (ingress) rule for a security group.
 
 When specifying an inbound rule for your security group in a VPC, the configuration must include a source for the traffic.
 
-~> **NOTE on Security Groups and Security Group Rules:** Terraform currently provides a [Security Group resource](security_group.html) with `ingress` and `egress` rules defined in-line and a [Security Group Rule resource](security_group_rule.html) which manages one or more `ingress` or
-`egress` rules. Both of these resource were added before AWS assigned a [security group rule unique ID](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules.html), and they do not work well in all scenarios using the`description` and `tags` attributes, which rely on the unique ID.
-The `aws_vpc_security_group_ingress_rule` resource has been added to address these limitations and should be used for all new security group rules.
-You should not use the `aws_vpc_security_group_ingress_rule` resource in conjunction with an `aws_security_group` resource with in-line rules or with `aws_security_group_rule` resources defined for the same Security Group, as rule conflicts may occur and rules will be overwritten.
+~> **NOTE:** Using [`aws_vpc_security_group_egress_rule`](vpc_security_group_egress_rule.html) and `aws_vpc_security_group_ingress_rule` resources is the current best practice. Avoid using the [`aws_security_group_rule`](security_group_rule.html) resource and the `ingress` and `egress` arguments of the [`aws_security_group`](security_group.html) resource for configuring in-line rules, as they struggle with managing multiple CIDR blocks, and tags and descriptions due to the historical lack of unique IDs.
+
+!> **WARNING:** You should not use the [`aws_vpc_security_group_egress_rule`](vpc_security_group_egress_rule.html) and `aws_vpc_security_group_ingress_rule` resources in conjunction with the [`aws_security_group`](security_group.html) resource with _in-line rules_ (using the `ingress` and `egress` arguments of `aws_security_group`) or the [`aws_security_group_rule`](security_group_rule.html) resource. Doing so may cause rule conflicts, perpetual differences, and result in rules being overwritten.
 
 ## Example Usage