New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Don't use var.(in|e)gress_ipv6_cidr_blocks on security group sourced (in|e)gress #148
fix: Don't use var.(in|e)gress_ipv6_cidr_blocks on security group sourced (in|e)gress #148
Conversation
… apply egress_ipv6_cidr_blocks for security group sourced egress
@antonbabenko can you take a look at this? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Can we get some traction on this? This is a big security issue. |
can we get some traction on this? |
Could we merge this ASAP? |
Hello @antonbabenko @tcarrondo can we release this? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good
Thanks, @michaelaw320 and all of you who looked into this issue! v3.6.0 has been just released. |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Description
Don't include
var.ingress_ipv6_cidr_blocks
orvar.egress_ipv6_cidr_blocks
for security group sourced ingress / egress rules.Error such as:
Error message: the specified rule "peer: ::/0, TCP, from port: 3306, to port: 3306, ALLOW" already exists
is caused by multiple redefinition of the same IPv6 cidr from the variables mentioned above
Fixes #147
Also fix: #130 #79