aws-cdk: [core] Do not emit duplicate messages (warnings/errors/...)
When synthesizing the EKS integration test I am getting the following output:
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/KubectlProviderSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/Nodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/Nodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/Nodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/Nodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/Nodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/BottlerocketNodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/BottlerocketNodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/BottlerocketNodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/BottlerocketNodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/BottlerocketNodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/spot/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/spot/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/spot/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/spot/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/spot/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/InferenceInstances/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/InferenceInstances/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/InferenceInstances/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/InferenceInstances/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/InferenceInstances/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
Reproduction Steps
In the CDK repo:
$ cd packages/@aws-cdk/aws-eks
$ cdk synth -a test/integ.eks-cluster.ts
What did you expect to happen?
Don’t display the same warning twice:
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/KubectlProviderSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/Nodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/BottlerocketNodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/spot/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/InferenceInstances/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
What actually happened?
Environment
- CLI Version : 1.57.0
- Framework Version: 1.57.0
- Node.js Version: 14.5.0
- OS : Mac OSX
- Language (Version): all
This is 🐛 Bug Report
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 5
- Comments: 20 (9 by maintainers)
Commits related to this issue
- fix: comment out the allowOutBound error condition to fix the duplicate error message for issue #9565 — committed to bora-7/aws-cdk by bora-7 2 years ago
- fix: comment out the allowOutBound error condition to fix the duplicate error message for issue #9565 — committed to bora-7/aws-cdk by bora-7 2 years ago
- fix(core): messages are displayed multiple times per construct (#24019) Annotations added many times clog terminal space and make debugging difficult. Deduplicate annotations based on the message. C... — committed to aws/aws-cdk by Styerp a year ago
@NetaNir Please see the picture below. This is a horrible amount of needless warnings that are emitted every time I build a project In CDK all related to the exact same ALB security group, albeit from different ALB listeners.
Please apply a fix to not emit this warning, or at least only emit it once.
This issue has been raised since 10th August 2020, i.e. 10 months ago.
Appreciate your kind action.
Assuming I’m creating an SG for an ECS service, like this:
Then allow ingress from, let’s say a database:
At this point I’ll get the warning, in a (to my knowledge) perfectly valid setup. Trying to “fix” it by setting
allowAllOutbound=falsewill break the ECS service since it now can’t pull docker images anymore.IMHO a warning shouldn’t be shown here. It can be irritating and in this case counterproductive.
Also that warning should probably not be emitted at all.
@NetaNir any news on this please ?
Yeah, the
allowFromis trying to add an ingress rule to the connection and an egress rule to security group. Since the security group already allows all outbound traffic the warning will be added. I agree that in this case it is not helpful. We will remove the warning once we add Ipv6 to theallowAllOutBoundimplementation.In my opinion, using of this issue to track unwanted messages from the ec2 module subverts the original bug report: duplicate messages in the core module.
In the interest of not losing the “bad warnings” report, I opened https://github.com/aws/aws-cdk/issues/24109