aws / aws-cdk

Describe the bug

After placing an existing Stack into a Stage, and even when hard-coding the Stack name to the one deployed, there's a large diff produced, where each AWS::EC2::SecurityGroupIngress (CfnSecurityGroupIngress) resource inherits the Stage name.

- DBSecurityGroupfromrdsdbfoodevDBSecurityGroup8C2C7014IndirectPort2D31B69D
+ DBSecurityGroupfromdevrdsdbfoodevDBSecurityGroup15286DE1IndirectPort48BD0C23
#                    ^^^ This is the stage name being added

Expected Behavior

Stage name should not leak into the naming scope, when Stack names are provided.

Current Behavior

Stage name affects the resource IDs.

Reproduction Steps

Already described in the bug.

Possible Solution

N/A

Additional Information/Context

Probably happens here:

aws-cdk/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts

Lines 93 to 98 in 3c36fe9

    
           new CfnSecurityGroupIngress(scope, id, { 
        
             groupId: this.securityGroupId, 
        
             ...peer.toIngressRuleConfig(), 
        
             ...connection.toRuleJson(), 
        
             description, 
        
           });

Why is the scope value (not this) passed to CfnSecurityGroupIngress?

CDK CLI Version

2.144.0

Framework Version

No response

Node.js Version

v20.14.0

OS

macOS

Language

TypeScript

Language Version

No response

Other information

No response

Thank you for the callout. We'll bring this to team's attention.

	new CfnSecurityGroupIngress(scope, id, {
	groupId: this.securityGroupId,
	...peer.toIngressRuleConfig(),
	...connection.toRuleJson(),
	description,
	});

aws-ec2: SecurityGroupIngress resources create volatile, stage-scope dependent names

Describe the bug

Expected Behavior

Current Behavior

Reproduction Steps

Possible Solution

Additional Information/Context

CDK CLI Version

Framework Version

Node.js Version

OS

Language

Language Version

Other information