Context - I want to move my aws_security_group_rule resources to aws_vpc_security_group_ingress_rule/ aws_vpc_security_group_egress_rule so I can start tagging my rules.
The older resource type has a handy property for creating a self-reference (the SG accepts from its own SG ID) Terraform Registry
However I don’t see such a thing for Terraform Registry
My first thought was to supply
referenced_security_group_id = resource.aws_vpc_security_group_ingress_rule.ec2_self_1.id
However as I expected, terraform did not like me referencing something in its self.
My question is, how can I achieve a self referential rule using the new resource types?
It helps when you don’t try to put a rule ID where a security group ID ought be - it’s what I meant but not what I wrote. disregard 
Hi there,
I know this is an old post, but I was in the exact same situation today. If I’m understanding the last comment correctly, it sounds like you ended up figuring it out.
I went through the motions myself, wanting to migrate off of in-line ingress/egress blocks in my aws_security_group resource. Found that self = true
isn’t an accepted argument for aws_vpc_security_group_ingress_rule or aws_vpc_security_group_egress_rule, so I went to Google for the solution and found this post.
So to be clear, in the end, this is the solution:
resource "aws_security_group" "main" {
vpc_id = "vpc-xxxx"
name = "foo"
}
resource "aws_vpc_security_group_ingress_rule" "ingress_self" {
security_group_id = aws_security_group.main.id
ip_protocol = "-1"
referenced_security_group_id = aws_security_group.main.id
description = "blah"
}
Which is equivalent to:
resource "aws_security_group" "main" {
vpc_id = "vpc-xxxx"
name = "foo"
ingress {
self = true
from_port = 0
to_port = 0
protocol = "-1"
description = "blah"
}
}