aws-elasticloadbalancingv2: ApplicationListener open prop does not account for LB type DUAL_STACK_WITHOUT_PUBLIC_IPV4 #32197
Labels
@aws-cdk/aws-elasticloadbalancingv2
Related to Amazon Elastic Load Balancing V2
bug
This issue is a bug.
effort/small
Small work item – less than a day of effort
p2
Describe the bug
The automatically generated security group ingress rules for an ALB are incorrect when 1) an ApplicationLoadBalancer IP address type is set to
DUAL_STACK_WITHOUT_PUBLIC_IPV4
and 2) a listener on the LB is set to allow anyone to connect to the load balancer on the listener portopen: true
. The generated rules only allow IPV4 inbound traffic and no IPV6 inbound traffic, which effectively allows no external traffic.Support for DUAL_STACK_WITHOUT_PUBLIC_IPV4 was added in CDK v2.159.0, but missed this change.
Regression Issue
Last Known Working CDK Version
No response
Expected Behavior
Example security group ingress rules:
Current Behavior
Example security group ingress rules:
Reproduction Steps
I'm using the ECS patterns module, which automatically generated the load balancer:
Possible Solution
I have what I believe is a fix, but I still need to update tests and validate:
Additional Information/Context
No response
CDK CLI Version
2.164.1
Framework Version
No response
Node.js Version
v20.18.0
OS
Linux
Language
TypeScript
Language Version
5.6.2
Other information
No response
The text was updated successfully, but these errors were encountered: