[AWS::EC2::SecurityGroup] - [BUG] - No IPv6 egress by default

[gautaz]

Name of the resource

AWS::EC2::SecurityGroup

Resource Name

No response

Issue Description

While the AWS::EC2::SecurityGroup documentation says:

If you do not specify an egress rule, we add egress rules that allow IPv4 and IPv6 traffic on all ports and protocols to any destination.
We do not add these rules if you specify your own egress rules.

Deploying a security group with no egress rule with CloudFormation results with only one IPv4 egress rule:

Expected Behavior

I expect the default IPv6 egress rule to be present once CloudFormation has deployed a security group template with no egress.

Observed Behavior

See the screenshot in the issue description, no default IPv6 egress rule is deployed.

Test Cases

Here is a template extract of the failing security group:

  TestLoadBalancerSecurityGroup:
    Properties:
      GroupDescription: Internet to load balancer firewall rules
      SecurityGroupIngress:
        - CidrIpv6: ::/0
          FromPort: 80
          IpProtocol: TCP
          ToPort: 80
        - CidrIp: '0.0.0.0/0'
          FromPort: 80
          IpProtocol: TCP
          ToPort: 80
      VpcId: !Ref 'VPC'
    Type: AWS::EC2::SecurityGroup

Other Details

No response