Terraform: Creating security_group with ingress defined by security group name fails, expects sg id

According to the docs you should be able to create a security group and define an ingress rule that is based on other security groups. In addition if the security group you are creating will be in the default VPC you should be able to define the ingress rule using security group names. https://www.terraform.io/docs/providers/aws/r/security_group.html#security_groups

for example:

resource "aws_security_group" "rancherServer" {
    name = "rancherServer_${var.os}"
    description = "Rancher Server traffic and ipsec coordination"

    ingress {
        from_port = 0
        to_port = 65535
        protocol = "tcp"
        self = true
    }

    ingress {
        from_port = 0
        to_port = 65535
        protocol = "udp"
        self = true
    }

    ingress {
        from_port = 0
        to_port = 65535
        protocol = "tcp"
        security_groups = ["${split(",", var.elb_security_groups)}"]
    }

    // This is for outbound internet access
    egress {
        from_port = 0
        to_port = 0
        protocol = "-1"
        cidr_blocks = ["0.0.0.0/0"]
    }
}

were elb_security_groups is a comma separated string of security group names. for this example lets just pretend it is: "sample-security-group"

When executing the above terraform spits out the following error:

* aws_security_group.rancherServer: Error authorizing security group ingress rules: InvalidGroupId.Malformed: Invalid id: "sample-security-group" (expecting "sg-...")
    status code: 400

this seems to suggest only id's are possible, regardless of what VPC you are creating the security group in.

using latest 0.6.14 release.

using the ID does work