Open jpickwell opened 6 months ago
Regardless of the DUAL_STACK
prop, we could always include both 0.0.0.0/0
and ::/0
here, correct?
I have also observed this. The feature was originally introduced in #25297, with a subsequent fix applied in #27039.
@nmussy
Regardless of the DUAL_STACK prop, we could always include both 0.0.0.0/0 and ::/0 here, correct?
I think that routine needs to do 2 things:
@aws-cdk/aws-ec2:restrictDefaultSecurityGroup
feature flag changed to true
@aws-cdk/aws-ec2:restrictDefaultSecurityGroup
feature flag changed to false
In the second case there, if it's not dual stack, then it should not add ::/0
back in, I guess.
Describe the bug
Setting restrictDefaultSecurityGroup to true for a dual-stack VPC will not remove the IPv6 egress rule.
Expected Behavior
For a dual-stack VPC with restrictDefaultSecurityGroup set to true, all (IPv4 and IPv6) ingress and egress rules should be removed.
Current Behavior
For a dual-stack VPC with restrictDefaultSecurityGroup set to true, only IPv4 ingress and egress rules are removed.
Reproduction Steps
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.135.0 (build d46c474)
Framework Version
No response
Node.js Version
v20.12.0
OS
macOS Sonoma 14.4.1 (23E224)
Language
TypeScript
Language Version
TypeScript (5.4.3)
Other information
No response