aws · dscpinheiro · Mar 5, 2025 · Feb 28, 2025 · Mar 3, 2025 · Mar 4, 2025
diff --git a/generator/.DevConfigs/a769f591-c10f-45e6-94ec-f49295484df3.json b/generator/.DevConfigs/a769f591-c10f-45e6-94ec-f49295484df3.json
@@ -0,0 +1,11 @@
+{
+    "services": [
+        {
+            "serviceName": "EC2",
+            "type": "patch",
+            "changeLogMessages": [
+                "[Breaking Change] Remove obsolete IPRanges behavior from EC2. IPV4Ranges or IPV6Ranges should be used instead."
+            ]
+        }
+    ]
+}
diff --git a/sdk/src/Services/EC2/Custom/Internal/AmazonEC2PreMarshallHandler.cs b/sdk/src/Services/EC2/Custom/Internal/AmazonEC2PreMarshallHandler.cs
@@ -31,17 +31,6 @@ namespace Amazon.EC2.Internal
     /// </summary>
     public class AmazonEC2PreMarshallHandler : PipelineHandler
     {
-        /// <summary>
-        /// Internal enum IpRangeValue to determine which of IpRange or Ipv4Ranges property will be used
-        /// to make a request. If both properties are set differently, an exception will be thrown.
-        /// </summary>
-        internal enum IpRangeValue
-        {
-            Invalid,
-            IpRanges,
-            Ipv4Ranges
-        }
-
         private readonly AWSCredentials _credentials;
 
         /// <summary>
@@ -179,68 +168,6 @@ protected void PreInvoke(IExecutionContext executionContext)
 
                 copySnapshotRequest.PresignedUrl = url.AbsoluteUri + authorization;
             }
-
-            var authorizeSecurityGroupEgressRequest = request as AuthorizeSecurityGroupEgressRequest;
-            if (authorizeSecurityGroupEgressRequest != null)
-                if (authorizeSecurityGroupEgressRequest.IsSetIpPermissions())
-                    SelectModifiedIpRange(authorizeSecurityGroupEgressRequest.IpPermissions);
-
-            var authorizeSecurityGroupIngressRequest = request as AuthorizeSecurityGroupIngressRequest;
-            if (authorizeSecurityGroupIngressRequest != null)
-                if (authorizeSecurityGroupIngressRequest.IsSetIpPermissions())
-                    SelectModifiedIpRange(authorizeSecurityGroupIngressRequest.IpPermissions);
-
-            var revokeSecurityGroupEgressRequest = request as RevokeSecurityGroupEgressRequest;
-            if (revokeSecurityGroupEgressRequest != null)
-                if (revokeSecurityGroupEgressRequest.IsSetIpPermissions())
-                    SelectModifiedIpRange(revokeSecurityGroupEgressRequest.IpPermissions);
-
-            var revokeSecurityGroupIngressRequest = request as RevokeSecurityGroupIngressRequest;
-            if (revokeSecurityGroupIngressRequest != null)
-                if (revokeSecurityGroupIngressRequest.IsSetIpPermissions())
-                    SelectModifiedIpRange(revokeSecurityGroupIngressRequest.IpPermissions);
-
-            var updateSecurityGroupRuleDescriptionsEgressRequest = request as UpdateSecurityGroupRuleDescriptionsEgressRequest;
-            if (updateSecurityGroupRuleDescriptionsEgressRequest != null)
-                if (updateSecurityGroupRuleDescriptionsEgressRequest.IsSetIpPermissions())
-                    SelectModifiedIpRange(updateSecurityGroupRuleDescriptionsEgressRequest.IpPermissions);
-
-            var updateSecurityGroupRuleDescriptionsIngressRequest = request as UpdateSecurityGroupRuleDescriptionsIngressRequest;
-            if (updateSecurityGroupRuleDescriptionsIngressRequest != null)
-                if (updateSecurityGroupRuleDescriptionsIngressRequest.IsSetIpPermissions())
-                    SelectModifiedIpRange(updateSecurityGroupRuleDescriptionsIngressRequest.IpPermissions);
-        }
-
-        /// <summary>
-        /// Analyse the user provided IpPermissions in the request to determine which of IpRanges/Ipv4ranges property will be used to make the final request.
-        /// If both IpRanges and Ipv4Ranges are set with the same Cidr values, Ipv4Range property is selected. 
-        /// If no modifications have been made on either of IpRanges Ipv4ranges properties, Ipv4Ranges property is selected.
-        /// If both IpRanges and Ipv4Ranges are set differently, an ArgumentException is thrown.
-        /// </summary>
-        /// <param name="IpPermissions"></param>
-        private static void SelectModifiedIpRange(List<IpPermission> IpPermissions)
-        {
-            if (IpPermissions == null)
-                return;
-
-            foreach (var ipPermission in IpPermissions)
-            {
-                switch (ipPermission.CanModify())
-                {
-                    case IpRangeValue.Invalid:
-                        throw new ArgumentException("Cannot set values for both Ipv4Ranges and IpRanges properties on the IpPermission type which is part of the request. Consider using only Ipv4Ranges as IpRanges has been marked obsolete.");
-                    case IpRangeValue.IpRanges:
-#pragma warning disable CS0618
-                        ipPermission.SelectIpRangeForMarshalling(ipPermission.IpRanges);
-#pragma warning restore CS0618
-                        break;
-                    case IpRangeValue.Ipv4Ranges:
-                        ipPermission.SelectIpV4RangeForMarshalling(ipPermission.Ipv4Ranges);
-                        break;
-                    default:
-                        break;
-                }
-            }
         }
     }
 }
diff --git a/sdk/src/Services/EC2/Custom/Internal/AmazonEC2ResponseHandler.cs b/sdk/src/Services/EC2/Custom/Internal/AmazonEC2ResponseHandler.cs
@@ -118,119 +118,6 @@ protected virtual void PostInvoke(IExecutionContext executionContext)
                 PopulateReservationSecurityGroupNames(rir.Reservation);
                 return;
             }
-
-            // In case of DescribeSecurityGroupsResponse type, the Ipv4Ranges values for each of the retured IpPermissions is unmarshalled
-            // and the extracted Cidr values is set on the IpRanges property of IpPermission. If the customer is using IpRanges, then they will not be broken.
-            var describeSecurityGroupsResponse = response as DescribeSecurityGroupsResponse;
-            if(describeSecurityGroupsResponse!=null)
-            {
-                if(describeSecurityGroupsResponse.IsSetSecurityGroups())
-                {
-                    foreach (var securityGroup in describeSecurityGroupsResponse.SecurityGroups)
-                    {
-                        if (securityGroup.IsSetIpPermissions())
-                        {
-                            SetIpRangesProperty(securityGroup.IpPermissions);
-                        }
-                        else if(securityGroup.IsSetIpPermissionsEgress())
-                        {
-                            SetIpRangesProperty(securityGroup.IpPermissionsEgress);
-                        }
-                    }
-                }
-                return;
-            }
-
-            var authorizeSecurityGroupEgressRequest = request as AuthorizeSecurityGroupEgressRequest;
-            if (authorizeSecurityGroupEgressRequest != null)
-                if (authorizeSecurityGroupEgressRequest.IsSetIpPermissions())
-                {
-                    RestoreRequestIpPermissions(authorizeSecurityGroupEgressRequest.IpPermissions);
-                    return;
-                }
-
-            var authorizeSecurityGroupIngressRequest = request as AuthorizeSecurityGroupIngressRequest;
-            if (authorizeSecurityGroupIngressRequest != null)
-                if (authorizeSecurityGroupIngressRequest.IsSetIpPermissions())
-                {
-                    RestoreRequestIpPermissions(authorizeSecurityGroupIngressRequest.IpPermissions);
-                    return;
-                }
-
-
-            var revokeSecurityGroupEgressRequest = request as RevokeSecurityGroupEgressRequest;
-            if (revokeSecurityGroupEgressRequest != null)
-                if (revokeSecurityGroupEgressRequest.IsSetIpPermissions())
-                {
-                    RestoreRequestIpPermissions(revokeSecurityGroupEgressRequest.IpPermissions);
-                    return;
-                }
-
-
-            var revokeSecurityGroupIngressRequest = request as RevokeSecurityGroupIngressRequest;
-            if (revokeSecurityGroupIngressRequest != null)
-                if (revokeSecurityGroupIngressRequest.IsSetIpPermissions())
-                {
-                    RestoreRequestIpPermissions(revokeSecurityGroupIngressRequest.IpPermissions);
-                    return;
-                }
-
-
-            var updateSecurityGroupRuleDescriptionsEgressRequest = request as UpdateSecurityGroupRuleDescriptionsEgressRequest;
-            if (updateSecurityGroupRuleDescriptionsEgressRequest != null)
-                if (updateSecurityGroupRuleDescriptionsEgressRequest.IsSetIpPermissions())
-                {
-                    RestoreRequestIpPermissions(updateSecurityGroupRuleDescriptionsEgressRequest.IpPermissions);
-                    return;
-                }
-
-
-            var updateSecurityGroupRuleDescriptionsIngressRequest = request as UpdateSecurityGroupRuleDescriptionsIngressRequest;
-            if (updateSecurityGroupRuleDescriptionsIngressRequest != null)
-                if (updateSecurityGroupRuleDescriptionsIngressRequest.IsSetIpPermissions())
-                {
-                    RestoreRequestIpPermissions(updateSecurityGroupRuleDescriptionsIngressRequest.IpPermissions);
-                    return;
-                }
-
-        }
-
-        /// <summary>
-        /// Cidr values from Ipv4Ranges is extracted and set on IpRanges.
-        /// The internal dictionary collection is also set to the Ipv4Range values.
-        /// </summary>
-        /// <param name="ipPermissions"></param>
-        private static void SetIpRangesProperty(List<IpPermission> ipPermissions)
-        {
-            foreach (var ipPermission in ipPermissions)
-            {
-                if (ipPermission.Ipv4Ranges == null)
-                {
-                    continue;
-                }
-
-#pragma warning disable CS0612,CS0618
-                ipPermission.IpRanges = ipPermission.Ipv4Ranges.Select(i => i.CidrIp).ToList();
-#pragma warning restore CS0612,CS0618
-                ipPermission.CopyIpv4RangesToInternalCollection(ipPermission.Ipv4Ranges);
-            }
-        }
-
-        /// <summary>
-        /// The original values used by the customer in the Ipv4Ranges property on the request 
-        /// object is restored. This is done when the customer is using the deprecated IpRanges property.
-        /// </summary>
-        /// <param name="IpPermissions"></param>
-        private static void RestoreRequestIpPermissions(List<IpPermission> IpPermissions)
-        {
-            foreach (var ipPermission in IpPermissions)
-            {
-                if (ipPermission.RestoreOldIpV4Range)
-                {
-                    ipPermission.Ipv4Ranges = ipPermission.PreIpv4Ranges;
-                    ipPermission.RestoreOldIpV4Range = false;
-                }
-            }
         }
 
         private static void PopulateLaunchSpecificationSecurityGroupNames(LaunchSpecification launchSpecification)

diff --git a/sdk/src/Services/EC2/Custom/Model/IpPermission.cs b/sdk/src/Services/EC2/Custom/Model/IpPermission.cs
diff --git a/sdk/src/Services/EC2/Custom/Util/_bcl/VPCUtilities.bcl.cs b/sdk/src/Services/EC2/Custom/Util/_bcl/VPCUtilities.bcl.cs
@@ -287,7 +287,7 @@ public static LaunchVPCWithPublicAndPrivateSubnetsResponse LaunchVPCWithPublicAn
                 IpPermission spec = new IpPermission
                 {
                     IpProtocol = "-1",
-                    IpRanges = new List<string>{ "0.0.0.0/0"},
+                    Ipv4Ranges = new List<IpRange> { new IpRange { CidrIp = "0.0.0.0/0", Description = "All Ip ranges"} },
                     UserIdGroupPairs = new List<UserIdGroupPair>() { new UserIdGroupPair() { GroupId = groupId } }
                 };
 #pragma warning restore CS0612,CS0618