Skip to content

(aws-ec2): Replace any return types with specific interfaces in IPeer methods #36636

New issue
New issue
Open
#36637
Open
(aws-ec2): Replace any return types with specific interfaces in IPeer methods#36636
#36637
Labels
@aws-cdk/aws-ec2Related to Amazon Elastic Compute Cloudeffort/mediumMedium work item – several days of effortfeature-requestA feature should be added or improved.p2
@yasomaru

Description

@yasomaru
yasomaru
opened on Jan 9, 2026

Describe the feature

The IPeer interface in aws-ec2 module uses any as the return type for toIngressRuleConfig() and toEgressRuleConfig() methods. This reduces type safety and makes it harder for TypeScript users to understand what these methods return.

Current implementation (peer.ts):
export interface IPeer extends IConnectable {
toIngressRuleConfig(): any;
toEgressRuleConfig(): any;
}

The same any return types are used across multiple implementations

  • CidrIPv4
  • CidrIPv6
  • PrefixList
  • SecurityGroupId
  • SecurityGroupBase in security-group.ts
  • PrefixListImpl in prefix-list.ts

Use Case

As a TypeScript developer using AWS CDK, I expect strong typing throughout the library. When working with security group rules, the any return type

  1. Prevents IDE autocompletion for the returned object properties
  2. Allows potential runtime errors that could be caught at compile time
  3. Makes it unclear what properties are available in the returned configuration object

Proposed Solution

Introduce two new interfaces to replace the any return types

  /**
   * Configuration for an ingress security group rule
   */
  export interface IngressRuleConfig {
    readonly cidrIp?: string;
    readonly cidrIpv6?: string;
    readonly sourcePrefixListId?: string;
    readonly sourceSecurityGroupId?: string;
    readonly sourceSecurityGroupOwnerId?: string;
  }

  /**
   * Configuration for an egress security group rule
   */
  export interface EgressRuleConfig {
    readonly cidrIp?: string;
    readonly cidrIpv6?: string;
    readonly destinationPrefixListId?: string;
    readonly destinationSecurityGroupId?: string;
  }

  Then update the IPeer interface:

  export interface IPeer extends IConnectable {
    toIngressRuleConfig(): IngressRuleConfig;
    toEgressRuleConfig(): EgressRuleConfig;
  }

Files to modify

  • packages/aws-cdk-lib/aws-ec2/lib/peer.ts
  • packages/aws-cdk-lib/aws-ec2/lib/security-group.ts
  • packages/aws-cdk-lib/aws-ec2/lib/prefix-list.ts

Other Information

  • This change is not breaking - narrowing return types from any to a specific interface is backward compatible
  • The proposed interfaces align with the properties used in CfnSecurityGroupIngressProps and CfnSecurityGroupEgressProps
  • Currently there are no unit tests for peer.ts - adding tests for the type contracts would be beneficial

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

AWS CDK Library version (aws-cdk-lib)

2.x

AWS CDK CLI version

2.x

Environment details (OS name and version, etc.)

all

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-ec2Related to Amazon Elastic Compute Cloudeffort/mediumMedium work item – several days of effortfeature-requestA feature should be added or improved.p2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions