Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[core] Do not emit duplicate messages (warnings/errors/...)

See original GitHub issue

When synthesizing the EKS integration test I am getting the following output:

[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/KubectlProviderSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/Nodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/Nodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/Nodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/Nodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/Nodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/BottlerocketNodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/BottlerocketNodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/BottlerocketNodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/BottlerocketNodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/BottlerocketNodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/spot/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/spot/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/spot/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/spot/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/spot/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/InferenceInstances/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/InferenceInstances/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/InferenceInstances/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/InferenceInstances/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/InferenceInstances/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup

Reproduction Steps

In the CDK repo:

$ cd packages/@aws-cdk/aws-eks
$ cdk synth -a test/integ.eks-cluster.ts

What did you expect to happen?

Don’t display the same warning twice:

[Warning at /aws-cdk-eks-cluster-test/Cluster/ControlPlaneSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/KubectlProviderSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/Nodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/BottlerocketNodes/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/spot/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup
[Warning at /aws-cdk-eks-cluster-test/Cluster/InferenceInstances/InstanceSecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup

What actually happened?

Environment

  • CLI Version : 1.57.0
  • Framework Version: 1.57.0
  • Node.js Version: 14.5.0
  • OS : Mac OSX
  • Language (Version): all

This is 🐛 Bug Report

Issue Analytics

  • State:open
  • Created 3 years ago
  • Reactions:5
  • Comments:17 (8 by maintainers)

github_iconTop GitHub Comments

11reactions
heibacommented, Apr 11, 2021

@NetaNir Please see the picture below. This is a horrible amount of needless warnings that are emitted every time I build a project In CDK all related to the exact same ALB security group, albeit from different ALB listeners.

Please apply a fix to not emit this warning, or at least only emit it once.

This issue has been raised since 10th August 2020, i.e. 10 months ago.

Appreciate your kind action.

image

9reactions
joerxcommented, Sep 19, 2020

Assuming I’m creating an SG for an ECS service, like this:

    const serviceSg = new ec2.SecurityGroup(this, "MySg", {
      vpc: props.vpc,
    });

    const service = new ecs.FargateService(this, "Service", {
      securityGroups: [serviceSg],
    });

Then allow ingress from, let’s say a database:

db.connections.allowFrom(serviceSg, ec2.Port.tcp(1234));

At this point I’ll get the warning, in a (to my knowledge) perfectly valid setup. Trying to “fix” it by setting allowAllOutbound=false will break the ECS service since it now can’t pull docker images anymore.

IMHO a warning shouldn’t be shown here. It can be irritating and in this case counterproductive.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Long tasks lead to duplicate messages · Issue #593 - GitHub
Hi, I'm having an issue where I have a long process (up to 80 minutes) running on a Kubernetes docker instance. The instance...
Read more >
C# Compiler Options - errors and warnings - Microsoft Learn
The following options control how the compiler reports errors and warnings. The new MSBuild syntax is shown in Bold.
Read more >
Xcode 10 Error: Multiple commands produce for 'app' and ...
One of a possible issues causing the "Multiple commands produce" error may be several targets with conflicting module name.
Read more >
Process | Node.js v19.3.0 Documentation
js emits a process warning. A process warning is similar to an error in that it describes exceptional conditions that are being brought...
Read more >
Core Command-line Options - Valgrind
You don't have to do this, but doing so helps Valgrind produce more accurate ... The process of detecting duplicate errors is quite...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[cdk-pipelines] unable to determine cloud assembly output directory. Assets must be defined indirectly within a "Stage" or an "App" scope .

Next page

[s3 + cloudfront] Allow cross-region references