cloudformation-coverage-roadmap [AWS::EC2::SecurityGroup] - [BUG] - drift does not determine SecurityGroupIngress changes when property list is empty

[AWS::EC2::SecurityGroup] - [BUG] - drift does not determine SecurityGroupIngress changes when property list is empty

Open sanya151 opened this issue 1 year ago • 0 comments

trafficstars

Name of the resource

AWS::EC2::SecurityGroup

Resource Name

No response

Issue Description

Create a AWS::EC2::SecurityGroup resource with "SecurityGroupIngress" property value as empty list in cloudformation stack. Then, add an ingress rule to this security group manually (from outside the stack). During drift detection, drift result show AWS::EC2::SecurityGroup resource status as 'In_Sync'. Drift does not determine SecurityGroupIngress changes when property list is empty.

Expected Behavior

Drift detection identifies changes to "SecurityGroupIngress" property and shows status 'Modified'.

Observed Behavior

Drift result shows AWS::EC2::SecurityGroup status as 'In_Sync'

Test Cases

Resources:
  TestSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: description
      VpcId: <VPCID>
      SecurityGroupIngress: []
      SecurityGroupEgress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0

Other Details

No response

Jul 19 '24 09:07 sanya151

cloudformation-coverage-roadmap cloudformation-coverage-roadmap copied to clipboard

[AWS::EC2::SecurityGroup] - [BUG] - drift does not determine SecurityGroupIngress changes when property list is empty

Name of the resource

Resource Name

Issue Description

Expected Behavior

Observed Behavior

Test Cases

Other Details

cloudformation-coverage-roadmap
cloudformation-coverage-roadmap copied to clipboard