Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ec2: Create an ec2.Port and add it to SG, it won't work #26867

Closed
NB3025 opened this issue Aug 24, 2023 · 3 comments
Closed

ec2: Create an ec2.Port and add it to SG, it won't work #26867

NB3025 opened this issue Aug 24, 2023 · 3 comments
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/medium Medium work item – several days of effort p2

Comments

@NB3025
Copy link

NB3025 commented Aug 24, 2023
edited by pahud
Loading

Describe the bug

(I'm using Python.)

I am trying to add 2 rules to a security group.

  1. SCTP, to_port=38412, from_port=38412
  2. SCTP, to_port=3868, from_port=3868

I created the above ports using ec2.Port.
And add it to the ingress rule of Security Group.

However, what is actually applied is SCTP, to_port=all, from_port=all.

Expected Behavior

There should be 2 rules in the security group's ingress rule.

  1. SCTP, to_port=38412, from_port=38412
  2. SCTP, to_port=3868, from_port=3868

Current Behavior

The ingress rule of the scurity group contains 1 rule.

  1. SCTP, to_port=all, from_port=all

Reproduction Steps

(Python 3.9.16)

multus_security_group_new = ec2.SecurityGroup(self, "MySecurityGroup", vpc=my_vpc)

sctp_port_36412 = ec2.Port(protocol=ec2.Protocol.SCTP, string_representation="sctp", from_port=36412, to_port=36412)
sctp_port_3868 = ec2.Port(protocol=ec2.Protocol.SCTP, string_representation="sctp", from_port=3868, to_port=3868)
multus_security_group_new.add_ingress_rule(ec2.Peer.any_ipv4(), sctp_port_36412, 'allow sctp from port 36412')
multus_security_group_new.add_ingress_rule(ec2.Peer.any_ipv4(), sctp_port_3868, 'allow sctp from port 3868')

Possible Solution

No response

Additional Information/Context

sctp_bug

CDK CLI Version

2.82.0 (build 3a8648a)

Framework Version

No response

Node.js Version

v18.16.0

OS

Linux

Language

Python

Language Version

파이썬(3.9.16)

Other information

No response
@NB3025 NB3025 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Aug 24, 2023
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Aug 24, 2023
@pahud pahud changed the title (ec2.Port): Create an ec2.Port and add it to SG, it won't work ec2: Create an ec2.Port and add it to SG, it won't work Aug 24, 2023
@pahud
Copy link
Contributor

pahud commented Aug 24, 2023

image

Looks like SCTP would not allow you to specify port range.

Are you able to configure that in the AWS console?
Can you show me what the AWS console looks like with correct configuration?

@pahud pahud added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Aug 24, 2023
@NB3025
Copy link
Author

NB3025 commented Aug 25, 2023

I think I made a mistake.
Thank you.

@NB3025 NB3025 closed this as completed Aug 25, 2023
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot mentioned this issue Sep 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/medium Medium work item – several days of effort p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pahud @NB3025