CLI: Error Cannot use 'in' operator to search for 'XXX' in YYY occurs during cdk diff and deploy #26323

wongni · 2023-07-11T18:34:16Z

Describe the bug

Error I got during cdk diff command;

Cannot use 'in' operator to search for 'CidrIp' in {"Fn::If":["ExternalLB",{"CidrIp":"0.0.0.0/0","FromPort":"${LBExternalPort}","IpProtocol":"tcp","ToPort":"${LBExternalPort}"}]}

Stacktrace during dk deploy


 ❌ Deployment failed: TypeError: Cannot use 'in' operator to search for 'CidrIp' in {"Fn::If":["ExternalLB",{"CidrIp":"0.0.0.0/0","FromPort":"${LBExternalPort}","IpProtocol":"tcp","ToPort":"${LBExternalPort}"}]}
    at findFirst (/Users/wonkun/brazil-pkg-cache/packages/CDKBuild/CDKBuild-4.x.134007.0/AL2_x86_64/DEV.STD.PTHREAD/build/staging-cdk/node_modules/aws-cdk/lib/index.js:376:418325)
    at new SecurityGroupRule (/Users/wonkun/brazil-pkg-cache/packages/CDKBuild/CDKBuild-4.x.134007.0/AL2_x86_64/DEV.STD.PTHREAD/build/staging-cdk/node_modules/aws-cdk/lib/index.js:376:418747)
    at /Users/wonkun/brazil-pkg-cache/packages/CDKBuild/CDKBuild-4.x.134007.0/AL2_x86_64/DEV.STD.PTHREAD/build/staging-cdk/node_modules/aws-cdk/lib/index.js:376:422524
    at Array.map (<anonymous>)
    at SecurityGroupChanges.readInlineRules (/Users/wonkun/brazil-pkg-cache/packages/CDKBuild/CDKBuild-4.x.134007.0/AL2_x86_64/DEV.STD.PTHREAD/build/staging-cdk/node_modules/aws-cdk/lib/index.js:376:422517)
    at new SecurityGroupChanges (/Users/wonkun/brazil-pkg-cache/packages/CDKBuild/CDKBuild-4.x.134007.0/AL2_x86_64/DEV.STD.PTHREAD/build/staging-cdk/node_modules/aws-cdk/lib/index.js:376:420429)
    at new TemplateDiff (/Users/wonkun/brazil-pkg-cache/packages/CDKBuild/CDKBuild-4.x.134007.0/AL2_x86_64/DEV.STD.PTHREAD/build/staging-cdk/node_modules/aws-cdk/lib/index.js:376:424451)
    at calculateTemplateDiff (/Users/wonkun/brazil-pkg-cache/packages/CDKBuild/CDKBuild-4.x.134007.0/AL2_x86_64/DEV.STD.PTHREAD/build/staging-cdk/node_modules/aws-cdk/lib/index.js:376:436320)
    at Object.diffTemplate (/Users/wonkun/brazil-pkg-cache/packages/CDKBuild/CDKBuild-4.x.134007.0/AL2_x86_64/DEV.STD.PTHREAD/build/staging-cdk/node_modules/aws-cdk/lib/index.js:376:434628)
    at printSecurityDiff (/Users/wonkun/brazil-pkg-cache/packages/CDKBuild/CDKBuild-4.x.134007.0/AL2_x86_64/DEV.STD.PTHREAD/build/staging-cdk/node_modules/aws-cdk/lib/index.js:415:126404)

Cannot use 'in' operator to search for 'CidrIp' in {"Fn::If":["ExternalLB",{"CidrIp":"0.0.0.0/0","FromPort":"${LBExternalPort}","IpProtocol":"tcp","ToPort":"${LBExternalPort}"}]}

Expected Behavior

cdk diff and deploy work

Current Behavior

cdk diff and deploy fails

Reproduction Steps

Deploy a stack in CFN console with the following template.

"AWSTemplateFormatVersion": "2010-09-09"

"Conditions":
  "ExternalLB":
    "Fn::Equals":
    - "Ref": "CreateExternalLB"
    - "true"

"Parameters":
  "LBExternalPort":
    "Default": "443"
    "Type": "Number"
  "CreateExternalLB":
    "AllowedValues":
    - "true"
    - "false"
    "Default": "true"
    "Type": "String"

"Resources":
  "ELBSecurityGroup":
    "Metadata":
      "Comment": ""
    "Properties":
      "GroupDescription": "Allow inbound port HTTP, outbound to Invoke fleet"
      "SecurityGroupEgress":
      - "CidrIp": "0.0.0.0/0"
        "FromPort": !!int "0"
        "IpProtocol": "tcp"
        "ToPort": !!int "65535"
      - "CidrIp": "0.0.0.0/0"
        "IpProtocol": "41"
      "SecurityGroupIngress":
      - "Fn::If":
        - "ExternalLB"
        - "CidrIp": "0.0.0.0/0"
          "FromPort":
            "Ref": "LBExternalPort"
          "IpProtocol": "tcp"
          "ToPort":
            "Ref": "LBExternalPort"
        - "Ref": "AWS::NoValue"
      "Tags":
      - "Key": "Name"
        "Value":
          "Fn::Join":
          - " "
          - - "Ref": "AWS::StackName"
            - "ELB Security Group"
      "VpcId": "vpc-[REDACTED]"
    "Type": "AWS::EC2::SecurityGroup"

cdk diff against the following CDK stack code.

import { DeploymentStackProps, DeploymentStack } from "@amzn/pipelines";
import * as cdk from "aws-cdk-lib";
import * as ec2 from "aws-cdk-lib/aws-ec2";

export interface NoctStackProps extends DeploymentStackProps {
    /**
     * @default 443
     */
    readonly lbExternalPort?: number;
    /**
     * @default "true"
     */
    readonly createExternalLb?: string;
}

export class NoctStack extends DeploymentStack {
    public constructor(scope: cdk.App, id: string, props: NoctStackProps) {
        super(scope, id, props);

        // Applying default props
        props = {
            ...props,
            createExternalLb: props.createExternalLb ?? "true",
            lbExternalPort: props.lbExternalPort ?? 443,
        };

        // Conditions
        const externalLb = props.createExternalLb === "true";

        // Resources
        const elbSecurityGroup = new ec2.CfnSecurityGroup(this, "ELBSecurityGroup", {
            groupDescription: "Allow inbound port HTTP, outbound to Invoke fleet",
            securityGroupEgress: [
                {
                    cidrIp: "0.0.0.0/0",
                    fromPort: 0,
                    ipProtocol: "tcp",
                    toPort: 65535,
                },
                {
                    cidrIp: "0.0.0.0/0",
                    ipProtocol: "41",
                },
            ],
            securityGroupIngress: [
                {
                    cidrIp: "0.0.0.0/0",
                    fromPort: props.lbExternalPort,
                    ipProtocol: "tcp",
                    toPort: props.lbExternalPort,
                },
            ],
            tags: [
                {
                    key: "Name",
                    value: [this.stackName, "ELB Security Group"].join(" "),
                },
            ],
            vpcId: "vpc-[REDACTED]",
        });
        elbSecurityGroup.cfnOptions.metadata = {
            Comment: "",
        };
    }
}

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.85.0 and 2.87.0

Framework Version

No response

Node.js Version

v18.16.0

OS

Linux and MacOS (M1)

Language

Typescript

Language Version

Typescript(5.1.3)

Other information

No response

The text was updated successfully, but these errors were encountered:

peterwoodworth · 2023-07-11T19:53:50Z

Thanks for reporting, this is the same issue as described here

github-actions · 2023-07-11T20:15:41Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

wongni added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 11, 2023

github-actions bot added the package/tools Related to AWS CDK Tools or CLI label Jul 11, 2023

peterwoodworth added duplicate This issue is a duplicate. and removed needs-triage This issue or PR still needs to be triaged. labels Jul 11, 2023

wongni closed this as completed Jul 11, 2023

github-actions bot mentioned this issue Aug 1, 2023

Monthly PRs metrics report - July 2023 #26582

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CLI: Error Cannot use 'in' operator to search for 'XXX' in YYY occurs during cdk diff and deploy #26323

CLI: Error Cannot use 'in' operator to search for 'XXX' in YYY occurs during cdk diff and deploy #26323

wongni commented Jul 11, 2023

peterwoodworth commented Jul 11, 2023

github-actions bot commented Jul 11, 2023