fix(cloudformation-diff): cdk diff throws `toUpperCase is not a fun…

…ction` when `ipProtocol` is a number (#28023)

Fix the describe protocol method when running a diff with a processed existing cloudformation template that has a security group rule with ipprotocol = -1

Closes #28021

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk/cloudformation-diff/lib/network/security-group-rule.ts

@@ -28,7 +28,7 @@ export class SecurityGroupRule {
   public readonly peer?: RulePeer;
 
   constructor(ruleObject: any, groupRef?: string) {
-    this.ipProtocol = ruleObject.IpProtocol || '*unknown*';
+    this.ipProtocol = ruleObject.IpProtocol?.toString() || '*unknown*';
     this.fromPort = ruleObject.FromPort;
     this.toPort = ruleObject.ToPort;
     this.groupId = ruleObject.GroupId || groupRef || '*unknown*'; // In case of an inline rule

packages/@aws-cdk/cloudformation-diff/test/network/rule.test.ts

@@ -74,3 +74,12 @@ test('equality is symmetric', () => {
     },
   ));
 });
+
+test('can describe protocol', () => {
+  expect(new SecurityGroupRule({ IpProtocol: -1 }).describeProtocol()).toEqual('Everything');
+  expect(new SecurityGroupRule({ IpProtocol: '-1' }).describeProtocol()).toEqual('Everything');
+  expect(new SecurityGroupRule({ FromPort: -1 }).describeProtocol()).toEqual('All *UNKNOWN*');
+  expect(new SecurityGroupRule({ IpProtocol: 'tcp', FromPort: -1, ToPort: -1 }).describeProtocol()).toEqual('All TCP');
+  expect(new SecurityGroupRule({ IpProtocol: 'tcp', FromPort: 10, ToPort: 20 }).describeProtocol()).toEqual('TCP 10-20');
+  expect(new SecurityGroupRule({ IpProtocol: 'tcp', FromPort: 10, ToPort: 10 }).describeProtocol()).toEqual('TCP 10');
+});