You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Tell us about the bug
When deploying a cloud formation template that adds a SecurityGroupEgress to a existing security group that already has a egress rule which allows all outbound traffic, the existing rule is removed.
I encountered this issue when adding a listener rule to a load balancer via the CDK to route traffic to an EC2 instance. This caused the CDK to create an outbound rule for the existing security group of the load balancer to allow traffic to the EC2 instance. This removed the existing outbound rule to allow all traffic which caused the load balancer to stop working for all existing listener rules.
The deletion of the outbound rule is also not mentioned in the summary/diff when deploying (or using diff) via the CDK. The original state is also not restored when deleting the stack.
Expected behavior
The outbound rule is added to the security group without touching the existing rules.
Observed behavior
The existing egress rule which allows all traffic is deleted when adding a new outbound rule.
Community Note
Tell us about the bug
When deploying a cloud formation template that adds a SecurityGroupEgress to a existing security group that already has a egress rule which allows all outbound traffic, the existing rule is removed.
I encountered this issue when adding a listener rule to a load balancer via the CDK to route traffic to an EC2 instance. This caused the CDK to create an outbound rule for the existing security group of the load balancer to allow traffic to the EC2 instance. This removed the existing outbound rule to allow all traffic which caused the load balancer to stop working for all existing listener rules.
The deletion of the outbound rule is also not mentioned in the summary/diff when deploying (or using diff) via the CDK. The original state is also not restored when deleting the stack.
Expected behavior
The outbound rule is added to the security group without touching the existing rules.
Observed behavior
The existing egress rule which allows all traffic is deleted when adding a new outbound rule.
Test cases
Supply the id of an existing security group with a outbound rule that allows all traffic.
The text was updated successfully, but these errors were encountered: