search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.33k stars 3.76k forks source link

aws-ec2: SecurityGroupIngress resources create volatile, stage-scope dependent names #30588

Open moltar opened 1 week ago

moltar commented 1 week ago

Describe the bug

After placing an existing Stack into a Stage, and even when hard-coding the Stack name to the one deployed, there's a large diff produced, where each AWS::EC2::SecurityGroupIngress (CfnSecurityGroupIngress) resource inherits the Stage name.

- DBSecurityGroupfromrdsdbfoodevDBSecurityGroup8C2C7014IndirectPort2D31B69D
+ DBSecurityGroupfromdevrdsdbfoodevDBSecurityGroup15286DE1IndirectPort48BD0C23
#                    ^^^ This is the stage name being added

Expected Behavior

Stage name should not leak into the naming scope, when Stack names are provided.

Current Behavior

Stage name affects the resource IDs.

Reproduction Steps

Already described in the bug.

Possible Solution

N/A

Additional Information/Context

Probably happens here:

https://github.com/aws/aws-cdk/blob/3c36fe968e2f2c121e5bfc828100a9e7dafb5c26/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts#L93-L98

Why is the scope value (not this) passed to CfnSecurityGroupIngress?

CDK CLI Version

2.144.0

Framework Version

No response

Node.js Version

v20.14.0

OS

macOS

Language

TypeScript

Language Version

No response

Other information

No response

pahud commented 2 days ago

Thank you for the callout. We'll bring this to team's attention.