-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(lambda): added new property allowAllIpv6Outbound to FunctionOptions #31013
feat(lambda): added new property allowAllIpv6Outbound to FunctionOptions #31013
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request
. Additionally, if clarification is needed add Clarification Request
to a comment.
e7ec65a
to
660f7bb
Compare
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
af797b7
to
b59fbc9
Compare
fb094a6
to
d02ed91
Compare
dbd79a9
to
57b6abc
Compare
57b6abc
to
3fa4d8c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just some minor nit
Question - what happens if |
3fa4d8c
to
f834cb2
Compare
@pahud I will test it tomorrow with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
generally LGTM except for some nit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we are not really deploying vpc in unit tests so I prefer to keep the code as simple as possible
f834cb2
to
57d5f9c
Compare
@pahud Using the code mySecurityGroup6B1044D0:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: CdktestStack/mySecurityGroup
SecurityGroupEgress:
- CidrIp: 255.255.255.255/32
Description: Disallow all traffic
FromPort: 252
IpProtocol: icmp
ToPort: 86
- CidrIpv6: ::/0
Description: Allow all outbound ipv6 traffic by default
IpProtocol: "-1"
VpcId:
Ref: myVpc3CC7CF9E
Metadata:
aws:cdk:path: CdktestStack/mySecurityGroup/Resource Below is deployed Security Group: Thanks, |
57d5f9c
to
e8b5620
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks 👍
## Outbound traffic | ||
By default, when creating a Lambda function, it would add a security group outbound rule to allow sending all network traffic (except IPv6). This is controlled by `allowAllOutbound` in function properties, which has a default value of `true`. | ||
|
||
To allow outbound IPv6 traffic by default, explicitly set `allowAllIpv6Outbound` to `true` in function properties as shown below (the default value for `allowAllIpv6Outbound` is `false`): | ||
```ts |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
## Outbound traffic | |
By default, when creating a Lambda function, it would add a security group outbound rule to allow sending all network traffic (except IPv6). This is controlled by `allowAllOutbound` in function properties, which has a default value of `true`. | |
To allow outbound IPv6 traffic by default, explicitly set `allowAllIpv6Outbound` to `true` in function properties as shown below (the default value for `allowAllIpv6Outbound` is `false`): | |
```ts | |
## Outbound traffic | |
By default, when creating a Lambda function, it would add a security group outbound rule to allow sending all network traffic (except IPv6). | |
You can override the default behavior by setting the `allowAllOutbound` property to `false`. | |
To allow outbound IPv6 traffic by default, explicitly set the `allowAllIpv6Outbound` property to `true`, as shown below. | |
The default value for `allowAllIpv6Outbound` is `false`. | |
```ts |
e8b5620
to
3410455
Compare
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Comments on closed issues and PRs are hard for our team to see. |
Issue # (if applicable)
Closes #30994.
Reason for this change
SecurityGroupProps supports
allowAllIpv6Outbound
property. The existing Lambda FunctionOptions only supports allowAllOutbound, which is used in configureVpc() while creating a newSecurityGroup
here.Description of changes
Added new property
allowAllIpv6Outbound
toFunctionOptions
.Description of how you validated changes
Added unit and integration tests.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license