Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
When using any of the static methods `fromLookup`, `fromLookupById`, `fromLookupByName` the context provider responsible for doing the lookup will be provided with dummy values:
```
{
securityGroupId: 'sg-12345678',
allowAllOutbound: true,
}
```
These values will apply during the construction phase. The actual lookup happens at a later stage.
Unfortunately, the dummy value for `securityGroupId` is invalid – at least according to the input validation defined in the `peer` module:
https://github.com/aws/aws-cdk/blob/9d1b2c7b1f0147089f912c32a61d7ba86edb543c/packages/@aws-cdk/aws-ec2/lib/peer.ts#L224
This means that any attempt to reference an existing security group retrieved through `fromLookup…()` as a peer causes an exception to be thrown during the construction phase (before CDK even attempts to perform the lookup).
Example code:
```
const sg = ec2.SecurityGroup.fromLookupByName(this, "Group", "group-name", vpc);
const peer = ec2.Peer.securityGroupId(sg.securityGroupId);
```
Example output:
```
$ cdk synth
> Error: Invalid security group ID: "sg-12345"
> at new SecurityGroupId (/Users/jsc/code/trustpilot/appmesh-demo/node_modules/aws-cdk-lib/aws-ec2/lib/peer.js:1:2617)
> at Function.securityGroupId (/Users/jsc/code/trustpilot/appmesh-demo/node_modules/aws-cdk-lib/aws-ec2/lib/peer.js:1:549)
```
Changing the dummy value to match the expected pattern will allow the construction phase to complete, the lookup will come into play, and the synth will complete without errors and with the actual ID of the referenced security group rendered in the resulting CloudFormation template.- Loading branch information
