EC2: Why does Vpc.FromLookup return a IVpc making VpcDefaultSecurityGroup not work

[werebear73-tritelph]

Describe the bug

I have a String Parameter with a VPC ID from another stack (completely different CDK Project) which I need to lookup so that I can add a Ingress Rule to that Security Group to allow traffic.

Expected Behavior

I expect the following code to add the rule

        var rdsVpcId = StringParameter.ValueFromLookup(this, $"vpc-id");

        var rdsVpc = Vpc.FromLookup(this, "VPC", new VpcLookupOptions
        {
            VpcId = rdsVpcId,
        });
        var sgName = rdsVpc.VpcDefaultSecurityGroup;
        var sg = SecurityGroup.FromSecurityGroupId(this, "RdsSecurityGroup", sgName);
        var modulePeer = Peer.Ipv4(vpc.VpcCidrBlock);
        sg.AddIngressRule(modulePeer, Port.Tcp(5432),"Microservice VPC");

Current Behavior

I get the following error

error CS1061: 'IVpc' does not contain a definition for 'VpcDefaultSecurityGroup' and no accessible extension method 'VpcDefaultSecurityGroup' accepting a first argument of type 'IVpc' could be found (are you missing a using directive or an assembly reference?)

Reproduction Steps

Create VPC and store the ID in a string parameter.

Include the above code in a CDK project stack.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.128.0 (build d995261)

Framework Version

No response

Node.js Version

10.2.3

OS

Windows 11

Language

.NET

Language Version

8.0.102

Other information

No response

[pahud]

Yes VpcDefaultSecurityGroup is only assigned when new VPC is created. You probably need to pass this from the export of the VPC stack or store/retrieve it from the parameter store.

[werebear73-tritelph]

@pahud, I was able to do it this way as a work around. But this seems like it should be information that is accessible through the method.