AWS Importing SG Rule from tfstate file doesn't work

[vibhor13]

What happened?

while trying to import SG Rule from tfstate file , relevant section :

Get this error :

 aws:ec2:SecurityGroupRule (eks_worker_nodeport):
    error: Preview failed: importing sgrule-123456: unexpected format for ID ("sgrule-123456"), expected SECURITYGROUPID_TYPE_PROTOCOL_FROMPORT_TOPORT_SOURCE[_SOURCE]*: too few parts

while importing security group itself works fine .

Example

while trying to import SG Rule from tfstate file , relevant section :

  {
     "mode": "managed",
     "type": "aws_security_group_rule",
     "name": "eks_worker_nodeport",
     "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
     "instances": [
       {
         "schema_version": 2,
         "attributes": {
           "cidr_blocks": [
            <REDACTED>
           ],
           "description": "Allows communication with the cluster API Server",
           "from_port": 443,
           "id": "sgr-1234567",
           "ipv6_cidr_blocks": null,
           "prefix_list_ids": null,
           "protocol": "tcp",
           "security_group_id": "s<REDACTED>",
           "security_group_rule_id": "",
           "self": false,
           "source_security_group_id": null,
           "timeouts": null,
           "to_port": 443,
           "type": "ingress"
         },
         "sensitive_attributes": [],
         "private": "<REDACTED>",
         "dependencies": [
           "aws_security_group.eks_master"
         ]
       }
     ]
   },

got this error :

 aws:ec2:SecurityGroupRule (eks_worker_nodeport):
    error: Preview failed: importing sgrule-123456: unexpected format for ID ("sgrule-123456"), expected SECURITYGROUPID_TYPE_PROTOCOL_FROMPORT_TOPORT_SOURCE[_SOURCE]*: too few parts

Output of pulumi about

CLI
Version 3.134.1
Go Version go1.23.1
Go Compiler gc

Plugins
KIND NAME VERSION
resource aws 6.37.1
language go unknown

Host
OS ubuntu
Version 22.04
Arch x86_64

This project is written in go: executable='/usr/bin/go' version='go version go1.23.1 linux/amd64'

Backend
Name vanand-ThinkPad-P14s-Gen-2a
URL file:///home/vanand/work/pulumi-state-dev/
User vanand
Organizations
Token type personal

Dependencies:
NAME VERSION
github.com/pulumi/pulumi-aws/sdk/v6 v6.37.1
github.com/pulumi/pulumi/sdk/v3 v3.117.0

Pulumi locates its logs in /tmp by default
warning: Failed to get information about the current stack: No current snapshot

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[justinvp]

Thanks for opening the issue @vibhor13. We likely need to implement a custom mapping for SecurityGroupRule to map it to the appropriate import id format.

[vibhor13]

Thanks for acknowledging this , is there a suggestive fix for now ? O/w I will need to modify the state to include the security group rule with the security group itself .

Also any ballpark ETA would be of great help , Thanks !