cdk synth prints a table of resources. For security groups, this table comprises:
Group
Dir(ection)
Protocol
Peer
The protocol printed for GRE is 47 undefined. At a guess, it is printing the protocol name followed by the uninitialized port number. Because GRE, as with numerous other protocols, has no concepts of ports, it would be better to simply print 47 or ideally some variant of GRE (47).
Expected Behavior
Expected security group with inbound protocol 47 (GRE) printout:
┌───┬─────────────────────────────────┬─────┬──────────────┬──────────────────────┐
│ │ Group │ Dir │ Protocol │ Peer │
├───┼─────────────────────────────────┼─────┼──────────────┼──────────────────────┤
│ + │ ${sg1.GroupId} │ In │ All ICMP │ Everyone (IPv4) │
│ + │ ${sg1.GroupId} │ In │ TCP 22 │ Everyone (IPv4) │
│ + │ ${sg1.GroupId} │ In │ GRE 47 │ ${sg2.GroupId} │
├───┼─────────────────────────────────┼─────┼──────────────┼──────────────────────┤
Current Behavior
Example of security group with inbound protocol 47 (GRE) allowed:
┌───┬─────────────────────────────────┬─────┬──────────────┬──────────────────────┐
│ │ Group │ Dir │ Protocol │ Peer │
├───┼─────────────────────────────────┼─────┼──────────────┼──────────────────────┤
│ + │ ${sg1.GroupId} │ In │ All ICMP │ Everyone (IPv4) │
│ + │ ${sg1.GroupId} │ In │ TCP 22 │ Everyone (IPv4) │
│ + │ ${sg1.GroupId} │ In │ 47 undefined │ ${sg2.GroupId} │
├───┼─────────────────────────────────┼─────┼──────────────┼──────────────────────┤
Reproduction Steps
Pre-create an ec2.VPC and ec2.SecurityGroup and associate the following ingress rule with the latter:
Describe the bug
cdk synth
prints a table of resources. For security groups, this table comprises:The protocol printed for GRE is
47 undefined
. At a guess, it is printing the protocol name followed by the uninitialized port number. Because GRE, as with numerous other protocols, has no concepts of ports, it would be better to simply print47
or ideally some variant ofGRE (47)
.Expected Behavior
Expected security group with inbound protocol 47 (GRE) printout:
Current Behavior
Example of security group with inbound protocol 47 (GRE) allowed:
Reproduction Steps
Pre-create an
ec2.VPC
andec2.SecurityGroup
and associate the following ingress rule with the latter:Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.104.0
Framework Version
No response
Node.js Version
v18.17.1
OS
Max OS X Sonoma
Language
TypeScript
Language Version
No response
Other information
No response