From 5e4292fc639e88309b604d67a2bd859869eb19eb Mon Sep 17 00:00:00 2001
From: Michael CC <333mmcc@gmail.com>
Date: Thu, 25 Apr 2024 01:33:57 +0000
Subject: [PATCH] Handle denyAllIgwTraffic for Ipv4 LB

---
 .../lib/shared/base-load-balancer.ts                         | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts
index c04757e4cd11b..b97119187fc05 100644
--- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts
+++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts
@@ -1,4 +1,5 @@
 import { Construct } from 'constructs';
+import { IpAddressType } from './enums';
 import { Attributes, ifUndefined, mapTagMapToCxschema, renderAttributes } from './util';
 import * as ec2 from '../../../aws-ec2';
 import * as iam from '../../../aws-iam';
@@ -250,7 +251,9 @@ export abstract class BaseLoadBalancer extends Resource {
       this.setAttribute('load_balancing.cross_zone.enabled', baseProps.crossZoneEnabled === true ? 'true' : 'false');
     }
 
-    if (baseProps.denyAllIgwTraffic !== undefined) {
+    if (additionalProps.ipAddressType === IpAddressType.IPV4 && baseProps.denyAllIgwTraffic === false) {
+      throw new Error('\'denyAllIgwTraffic\' cannot be false on load balancers with IPv4 addressing.');
+    } else if (additionalProps.ipAddressType === IpAddressType.DUAL_STACK && baseProps.denyAllIgwTraffic !== undefined) {
       this.setAttribute('ipv6.deny_all_igw_traffic', baseProps.denyAllIgwTraffic.toString());
     }