fix(ec2): restrictDefaultSecurityGroup fails when default rules are n…

…ot present (#27039) When using [restrictDefaultSecurityGroup](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2-readme.html#restricting-access-to-the-vpc-default-security-group) to remove default security group rules, an error is thrown and the deploy rolls back if the default rules are not found. This error usually happens when developers previously removed default rules manually or by other means, and then want to switch to using `restrictDefaultSecurityGroup`. They have to re-add default rules and deploy again to cope with the error. This PR fixes the custom resource to ignore the error when default rules are not found. Closes #26390 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Sep 20, 2023 · 1e67f9d · 1e67f9d
1 parent a8f0a71
commit 1e67f9d
Show file tree

Hide file tree

Showing 12 changed files with 32,362 additions and 100 deletions.
diff --git a/...ot/asset.d4087f9b90522f437499693de83d9bb1d3d93a99d4d34dad4625e71132244692.bundle/index.js b/...ot/asset.d4087f9b90522f437499693de83d9bb1d3d93a99d4d34dad4625e71132244692.bundle/index.js
@@ -1,4 +1,3 @@
-"use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
@@ -32092,7 +32091,6 @@ var CustomResourceHandler = class {
   constructor(event, context) {
     this.event = event;
     this.context = context;
-    this.timedOut = false;
     this.timeout = setTimeout(async () => {
       await this.respond({
         status: "FAILED",
@@ -32104,6 +32102,9 @@ var CustomResourceHandler = class {
     this.event = event;
     this.physicalResourceId = extractPhysicalResourceId(event);
   }
+  physicalResourceId;
+  timeout;
+  timedOut = false;
   /**
    * Handles executing the custom resource event. If `stateMachineArn` is present
    * in the props then trigger the waiter statemachine
@@ -32237,6 +32238,7 @@ var AssertionHandler = class extends CustomResourceHandler {
   }
 };
 var MatchCreator = class {
+  parsedObj;
   constructor(obj) {
     this.parsedObj = {
       matcher: obj

diff --git a/.../test/aws-elasticloadbalancingv2/test/integ.alb.oidc.js.snapshot/IntegAlbOidc.assets.json b/.../test/aws-elasticloadbalancingv2/test/integ.alb.oidc.js.snapshot/IntegAlbOidc.assets.json
@@ -1,15 +1,15 @@
 {
   "version": "34.0.0",
   "files": {
-    "18d379b052acd60e0d086d5b19d9bef956ebc0bd018c5570960125aab0c7f837": {
+    "1be0bac6581864b510bdbf0a114f1d3429244758da7657cc365f73d371fe70ed": {
       "source": {
-        "path": "asset.18d379b052acd60e0d086d5b19d9bef956ebc0bd018c5570960125aab0c7f837",
+        "path": "asset.1be0bac6581864b510bdbf0a114f1d3429244758da7657cc365f73d371fe70ed",
         "packaging": "zip"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "18d379b052acd60e0d086d5b19d9bef956ebc0bd018c5570960125aab0c7f837.zip",
+          "objectKey": "1be0bac6581864b510bdbf0a114f1d3429244758da7657cc365f73d371fe70ed.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
@@ -40,15 +40,15 @@
         }
       }
     },
-    "f1fb2cedf775ba9061a3a81a24cd729ed3530f03bf3d9b426f8cbd6efe9c945a": {
+    "fb9900acb2994b9169f569dd68a0d17965c3044008b791311d96be6cfe55bbc5": {
       "source": {
         "path": "IntegAlbOidc.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "f1fb2cedf775ba9061a3a81a24cd729ed3530f03bf3d9b426f8cbd6efe9c945a.json",
+          "objectKey": "fb9900acb2994b9169f569dd68a0d17965c3044008b791311d96be6cfe55bbc5.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

diff --git a/...est/aws-elasticloadbalancingv2/test/integ.alb.oidc.js.snapshot/IntegAlbOidc.template.json b/...est/aws-elasticloadbalancingv2/test/integ.alb.oidc.js.snapshot/IntegAlbOidc.template.json
@@ -489,7 +489,7 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "18d379b052acd60e0d086d5b19d9bef956ebc0bd018c5570960125aab0c7f837.zip"
+     "S3Key": "1be0bac6581864b510bdbf0a114f1d3429244758da7657cc365f73d371fe70ed.zip"
     },
     "Timeout": 900,
     "MemorySize": 128,

diff --git a/...st/integ.alb.oidc.js.snapshot/IntegTestAlbOidcDefaultTestDeployAssert2476ECB6.assets.json b/...st/integ.alb.oidc.js.snapshot/IntegTestAlbOidcDefaultTestDeployAssert2476ECB6.assets.json
@@ -1,28 +1,28 @@
 {
   "version": "34.0.0",
   "files": {
-    "144a0fcf5cb08c347ee9f860c889f4c2921b613fe68e84aae74fbbd448fbbe08": {
+    "63ae5d5f48d3638501e722718b99b5f2fddb9ab73a15d7cb607215a500df19e1": {
       "source": {
-        "path": "asset.144a0fcf5cb08c347ee9f860c889f4c2921b613fe68e84aae74fbbd448fbbe08.bundle",
+        "path": "asset.63ae5d5f48d3638501e722718b99b5f2fddb9ab73a15d7cb607215a500df19e1.bundle",
         "packaging": "zip"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "144a0fcf5cb08c347ee9f860c889f4c2921b613fe68e84aae74fbbd448fbbe08.zip",
+          "objectKey": "63ae5d5f48d3638501e722718b99b5f2fddb9ab73a15d7cb607215a500df19e1.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
     },
-    "65e1fbcc8f1bca9cfd6e6c3a1f3f1eff2625dfb8a98c1e2abf896a1cdabee8e3": {
+    "1fcb5fbc3068d3437742a4ff4539694cf17f0ffd96791be266458be45866ae78": {
       "source": {
         "path": "IntegTestAlbOidcDefaultTestDeployAssert2476ECB6.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "65e1fbcc8f1bca9cfd6e6c3a1f3f1eff2625dfb8a98c1e2abf896a1cdabee8e3.json",
+          "objectKey": "1fcb5fbc3068d3437742a4ff4539694cf17f0ffd96791be266458be45866ae78.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

diff --git a/.../integ.alb.oidc.js.snapshot/IntegTestAlbOidcDefaultTestDeployAssert2476ECB6.template.json b/.../integ.alb.oidc.js.snapshot/IntegTestAlbOidcDefaultTestDeployAssert2476ECB6.template.json
@@ -27,7 +27,7 @@
      }
     },
     "flattenResponse": "false",
-    "salt": "1694766833913"
+    "salt": "1695146725968"
    },
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
@@ -127,7 +127,7 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "144a0fcf5cb08c347ee9f860c889f4c2921b613fe68e84aae74fbbd448fbbe08.zip"
+     "S3Key": "63ae5d5f48d3638501e722718b99b5f2fddb9ab73a15d7cb607215a500df19e1.zip"
     },
     "Timeout": 120,
     "Handler": "index.handler",

diff --git a/....snapshot/asset.18d379b052acd60e0d086d5b19d9bef956ebc0bd018c5570960125aab0c7f837/index.js b/....snapshot/asset.18d379b052acd60e0d086d5b19d9bef956ebc0bd018c5570960125aab0c7f837/index.js
diff --git a/...18c5570960125aab0c7f837/__entrypoint__.js → ...a7657cc365f73d371fe70ed/__entrypoint__.js b/...18c5570960125aab0c7f837/__entrypoint__.js → ...a7657cc365f73d371fe70ed/__entrypoint__.js