aws-controllers-k8s · ack-prow · Sep 12, 2025 · Sep 11, 2025 · michaelhtm · Sep 12, 2025
diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml
@@ -1,13 +1,13 @@
 ack_generate_info:
-  build_date: "2025-08-28T17:59:00Z"
-  build_hash: 1d9076d0211773ff8ab8682b28b912c7ece10676
+  build_date: "2025-09-11T20:48:05Z"
+  build_hash: 9e29f017d9e942548af133d2f31aecae248a8816
   go_version: go1.25.0
-  version: v0.51.0-2-g1d9076d
+  version: v0.51.0-3-g9e29f01
 api_directory_checksum: b32f97274be98ca3f4cf5cbf559258210c872946
 api_version: v1alpha1
 aws_sdk_go_version: v1.32.6
 generator_config_info:
-  file_checksum: d5e0ce1661bd55bd3c0a8c4316de6885c8039ea0
+  file_checksum: 381d3f31a88cd00e07717b8957ffb5141218130a
   original_file_name: generator.yaml
 last_modification:
   reason: API generation
diff --git a/apis/v1alpha1/generator.yaml b/apis/v1alpha1/generator.yaml
@@ -750,6 +750,8 @@ resources:
         template_path: hooks/security_group/sdk_read_many_post_set_output.go.tpl
       sdk_delete_pre_build_request:
         template_path: hooks/security_group/sdk_delete_pre_build_request.go.tpl
+      sdk_read_many_pre_build_request:
+        template_path: hooks/security_group/sdk_read_many_pre_build_request.go.tpl
     update_operation:
       custom_method_name: customUpdateSecurityGroup
   NetworkAcl:

diff --git a/generator.yaml b/generator.yaml
@@ -750,6 +750,8 @@ resources:
         template_path: hooks/security_group/sdk_read_many_post_set_output.go.tpl
       sdk_delete_pre_build_request:
         template_path: hooks/security_group/sdk_delete_pre_build_request.go.tpl
+      sdk_read_many_pre_build_request:
+        template_path: hooks/security_group/sdk_read_many_pre_build_request.go.tpl
     update_operation:
       custom_method_name: customUpdateSecurityGroup
   NetworkAcl:

diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
@@ -10,6 +10,9 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
     k8s-app: {{ include "ack-ec2-controller.app.name" . }}
     helm.sh/chart: {{ include "ack-ec2-controller.chart.name-version" . }}
+{{- range $key, $value := .Values.deployment.labels }}
+    {{ $key }}: {{ $value | quote }}
+{{- end }}
 spec:
   replicas: {{ .Values.deployment.replicas }}
   selector:

diff --git a/pkg/resource/security_group/hooks.go b/pkg/resource/security_group/hooks.go
@@ -515,3 +515,45 @@ func toStrPtr(str string) *string {
 func toInt64Ptr(integer int64) *int64 {
 	return &integer
 }
+
+func (rm *resourceManager) getSecurityGroupID(
+	ctx context.Context,
+	r *resource,
+) (id *string, err error) {
+	rlog := ackrtlog.FromContext(ctx)
+	exit := rlog.Trace("rm.getSecurityGroupID")
+	defer func() {
+		exit(err)
+	}()
+
+	// Both name and VPC ID are required for safe lookup
+	if r.ko.Spec.Name == nil || r.ko.Spec.VPCID == nil {
+		return nil, nil
+	}
+
+	// Build filters for name and VPC ID
+	filters := []svcsdktypes.Filter{
+		{
+			Name:   aws.String("group-name"),
+			Values: []string{*r.ko.Spec.Name},
+		},
+		{
+			Name:   aws.String("vpc-id"),
+			Values: []string{*r.ko.Spec.VPCID},
+		},
+	}
+
+	resp, err := rm.sdkapi.DescribeSecurityGroups(ctx, &svcsdk.DescribeSecurityGroupsInput{
+		Filters: filters,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	if resp == nil || len(resp.SecurityGroups) == 0 {
+		return nil, nil
+	}
+
+	// Security group names are unique within a VPC, so there should be exactly one match
+	return resp.SecurityGroups[0].GroupId, nil
+}
diff --git a/pkg/resource/security_group/sdk.go b/pkg/resource/security_group/sdk.go
diff --git a/templates/hooks/security_group/sdk_read_many_pre_build_request.go.tpl b/templates/hooks/security_group/sdk_read_many_pre_build_request.go.tpl
@@ -0,0 +1,9 @@
+	if rm.requiredFieldsMissingFromReadManyInput(r) {
+		id, err := rm.getSecurityGroupID(ctx, r)
+		if err != nil {
+			return nil, err
+		}
+		if id != nil {
+			r.ko.Status.ID = id
+		}
+	}