Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(elasticloadbalancingv2): open, dual-stack-without-public-ipv4 ALB allows IPv6 inbound traffic #32203

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(elasticloadbalancingv2): open, dual-stack-without-public-ipv4 ALB allows IPv6 inbound traffic #32203

wants to merge 1 commit into from

Conversation

clareliguori
Copy link
Member

Issue

Closes #32197

Reason for this change

Default generated security group ingress rules for open, dual-stack-without-public-ipv4 ALB does not allow IPv6 traffic. Only a rule for IPv4 ingress traffic is added to the security group rules currently.

Description of changes

Default generated security group ingress rules now have an additional rule that allows IPv6 ingress from anywhere.

Description of how you validated changes

Added a unit test, and updated an existing integration test

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added bug This issue is a bug. p2 labels Nov 19, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team November 19, 2024 23:28
@github-actions github-actions bot added the admired-contributor [Pilot] contributed between 13-24 PRs to the CDK label Nov 19, 2024
aws-cdk-automation
aws-cdk-automation previously requested changes Nov 19, 2024
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

@clareliguori
Copy link
Member Author

Exemption Request
I updated the integration test snapshot - the integration test itself did not need to be updated.

@aws-cdk-automation aws-cdk-automation added the pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. label Nov 19, 2024
@codecov Codecov
Copy link

codecov bot commented Nov 19, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 77.18%. Comparing base (5e835f3) to head (d39abfb).
Report is 60 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #32203   +/-   ##
=======================================
  Coverage   77.18%   77.18%           
=======================================
  Files         105      105           
  Lines        7161     7161           
  Branches     1312     1312           
=======================================
  Hits         5527     5527           
  Misses       1454     1454           
  Partials      180      180
Flag Coverage Δ
suite.unit 77.18% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
packages/aws-cdk 77.18% <ø> (ø)

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: d39abfb
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Nov 20, 2024
mazyu36
mazyu36 approved these changes Nov 22, 2024
View reviewed changes
Copy link
Contributor

@mazyu36 mazyu36 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the contribution!

@aws-cdk-automation aws-cdk-automation added pr/needs-maintainer-review This PR needs a review from a Core Team Member and removed pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. labels Nov 22, 2024
@gracelu0 gracelu0 added the pr-linter/exempt-integ-test The PR linter will not require integ test changes label Nov 28, 2024
@aws-cdk-automation aws-cdk-automation dismissed their stale review November 28, 2024 01:31

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

gracelu0
gracelu0 requested changes Nov 28, 2024
View reviewed changes
packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts
Comment on lines +129 to +135
{
Description: 'Allow from anyone on port 80',
CidrIp: '0.0.0.0/0',
FromPort: 80,
IpProtocol: 'tcp',
ToPort: 80,
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be removed from the default? Since for dualstack-without-public-ipv4, "clients must connect to the load balancer using public IPv6 addresses" so we should not allow public IPv4 addresses. Let me know if I misunderstood something.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My understanding is that the ALB still gets a private IPV4 address in the VPC, just not a public one.

@aws-cdk-automation aws-cdk-automation removed the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Nov 28, 2024
@github-actions github-actions bot mentioned this pull request Dec 1, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gracelu0 gracelu0 gracelu0 requested changes

@mazyu36 mazyu36 mazyu36 approved these changes

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
admired-contributor [Pilot] contributed between 13-24 PRs to the CDK bug This issue is a bug. p2 pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback.
Projects
None yet
Milestone
No milestone
4 participants
@clareliguori @aws-cdk-automation @mazyu36 @gracelu0