aws-ec2: SecurityGroupIngress resources create volatile, stage-scope dependent names
moltar opened this issue · comments
Describe the bug
After placing an existing Stack into a Stage, and even when hard-coding the Stack name to the one deployed, there's a large diff produced, where each AWS::EC2::SecurityGroupIngress
(CfnSecurityGroupIngress
) resource inherits the Stage name.
- DBSecurityGroupfromrdsdbfoodevDBSecurityGroup8C2C7014IndirectPort2D31B69D
+ DBSecurityGroupfromdevrdsdbfoodevDBSecurityGroup15286DE1IndirectPort48BD0C23
# ^^^ This is the stage name being added
Expected Behavior
Stage name should not leak into the naming scope, when Stack names are provided.
Current Behavior
Stage name affects the resource IDs.
Reproduction Steps
Already described in the bug.
Possible Solution
N/A
Additional Information/Context
Probably happens here:
aws-cdk/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts
Lines 93 to 98 in 3c36fe9
Why is the scope
value (not this
) passed to CfnSecurityGroupIngress
?
CDK CLI Version
2.144.0
Framework Version
No response
Node.js Version
v20.14.0
OS
macOS
Language
TypeScript
Language Version
No response
Other information
No response
Thank you for the callout. We'll bring this to team's attention.