Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EC2: Why does Vpc.FromLookup return a IVpc making VpcDefaultSecurityGroup not work #29139

Open
werebear73-tritelph opened this issue Feb 16, 2024 · 2 comments
Open

EC2: Why does Vpc.FromLookup return a IVpc making VpcDefaultSecurityGroup not work #29139

werebear73-tritelph opened this issue Feb 16, 2024 · 2 comments
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/medium Medium work item – several days of effort p2

Comments

@werebear73-tritelph
Copy link

Describe the bug

I have a String Parameter with a VPC ID from another stack (completely different CDK Project) which I need to lookup so that I can add a Ingress Rule to that Security Group to allow traffic.

Expected Behavior

I expect the following code to add the rule

        var rdsVpcId = StringParameter.ValueFromLookup(this, $"vpc-id");

        var rdsVpc = Vpc.FromLookup(this, "VPC", new VpcLookupOptions
        {
            VpcId = rdsVpcId,
        });
        var sgName = rdsVpc.VpcDefaultSecurityGroup;
        var sg = SecurityGroup.FromSecurityGroupId(this, "RdsSecurityGroup", sgName);
        var modulePeer = Peer.Ipv4(vpc.VpcCidrBlock);
        sg.AddIngressRule(modulePeer, Port.Tcp(5432),"Microservice VPC");

Current Behavior

I get the following error

error CS1061: 'IVpc' does not contain a definition for 'VpcDefaultSecurityGroup' and no accessible extension method 'VpcDefaultSecurityGroup' accepting a first argument of type 'IVpc' could be found (are you missing a using directive or an assembly reference?)

Reproduction Steps

Create VPC and store the ID in a string parameter.

Include the above code in a CDK project stack.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.128.0 (build d995261)

Framework Version

No response

Node.js Version

10.2.3

OS

Windows 11

Language

.NET

Language Version

8.0.102

Other information

No response
@werebear73-tritelph werebear73-tritelph added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Feb 16, 2024
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Feb 16, 2024
@pahud
Copy link
Contributor

pahud commented Feb 19, 2024

Yes VpcDefaultSecurityGroup is only assigned when new VPC is created. You probably need to pass this from the export of the VPC stack or store/retrieve it from the parameter store.

@pahud pahud added p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Feb 19, 2024
@werebear73-tritelph
Copy link
Author

@pahud, I was able to do it this way as a work around. But this seems like it should be information that is accessible through the method.

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Feb 20, 2024
@github-actions github-actions bot mentioned this issue Mar 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/medium Medium work item – several days of effort p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pahud @werebear73-tritelph