[ec2-sg] added logic to create a second default egress rule for ipv6

2019-12-18 17:29:13 -05:00 · 2019-12-18 17:29:13 -05:00 · 5b9b965647
commit 5b9b965647
parent f8af496445
2 changed files with 18 additions and 0 deletions
--- a/moto/ec2/models.py
+++ b/moto/ec2/models.py
@ -1722,6 +1722,12 @@ class SecurityGroup(TaggedEC2Resource):
        self.vpc_id = vpc_id
        self.owner_id = OWNER_ID

+        # Append default IPv6 egress rule for VPCs with IPv6 support
+        if vpc_id:
+            vpc = self.ec2_backend.vpcs.get(vpc_id)
+            if vpc and len(vpc.get_cidr_block_association_set(ipv6=True)) > 0:
+                self.egress_rules.append(SecurityRule("-1", None, None, [], []))
+
    @classmethod
    def create_from_cloudformation_json(
        cls, resource_name, cloudformation_json, region_name