(ec2): Warnings emitted for valid configurations

[Styerp]

Describe the bug

Valid EC2 Security Group policies emit warnings at synth. Originally reported: #9565 (comment)

Expected Behavior

No warnings for valid configurations?

Current Behavior

Warnings!

Reproduction Steps

#9565 (comment) is close. I'll try to circle back with a full repro.

Possible Solution

Remove the warnings? Not really sure what the desired behavior is.

Additional Information/Context

No response

CDK CLI Version

2.40.0

Framework Version

No response

Node.js Version

16

OS

N/A

Language

Typescript

Language Version

No response

Other information

No response

[peterwoodworth]

I know you linked a comment which loosely describes the issue, but could you please populate this new issue with a full description that includes:

• which valid configurations throw warnings?
• stack code which I can copy+paste to easily reproduce
• What is the warning message you are observing?

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[metametadata]

@peterwoodworth @Styerp @rix0rrr

Was this issue fixed or simply closed? There are no linked commits.

Please read the discussion of the original issue and specifically the example in #9565 (comment). The expected behavior is that there should be no Ignoring Egress rule since 'allowAllOutbound' is set to true ... warnings at all because such setups are valid.

Also @NetaNir wrote there on Sep 2020:

We will remove the warning once we add Ipv6 to the allowAllOutBound implementation.

But it's unclear where this is tracked and what the status is. In a meantime these warnings keep polluting the logs and confuse the developers:

P.S. On a related note, since recently our logs are additionally polluted by deprecation warnings [WARNING] aws-cdk-lib.aws_certificatemanager.DnsValidatedCertificate is deprecated. which we can't hide and fixing requires extra effort. See related issue about at least hiding the logs in #24512 and unresolved discussions #23931, #23952.

Thank you.

[peterwoodworth]

This was closed because I asked for more information and didn't receive a response. We can absolutely track this, I would really prefer that the issue that tracks this has helpful information beyond "read this other thread that was closed" so that we can properly consolidate this issue into one issue

[metametadata]

• What is the warning message you are observing?

Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customized rules, set allowAllOutbound=false on the SecurityGroup.

• which valid configurations throw warnings?

• stack code which I can copy+paste to easily reproduce

Well, I can come up with a reproducible example. But it will be in Clojure. And I kind of hoped that the linked short example gives the clear idea to let CDK team build the reproducible unit test themselves (or come up with a summary to update the issue to the required standard).

[Styerp]

@metametadata - The original thread was co-opted from general warning spam, which my commit fixed, to some specific discussion around the warnings emitted by the Security Group construct. I created this to encapsulate the issue you want to discuss, rather than continuing to pollute the thread around duplicate warnings, which was appropriately closed when that issue was resolved.

I could repro this, but it isn't actually something I was worried about. I didn't want the report to get lost when the other ticket resolved, but this one didn't get any traction from folks who care about the egress warnings.

[peterwoodworth]

All in all, if this is something people still care about. Please create a new issue that details the specific warning that is thrown, as well as stack code that demonstrates the warning is thrown when it should not.