Adding security group rule for incoming HTTP connections via AWS Cloudformation/Sceptre

I am facing an interesting situation. WHen I go manually (using aws we console) I can add a rule in my security group allowing incoming connections HTTP on port 80 from the following IPV6 address: 2605:4300:1e00::/40, but when trying to add it via Cloudformation/sceptre, I get an error:

Resource handler returned message: "CIDR block 2a03:eec0:1d00::/40 is malformed (Service: Ec2, Status Code: 400, Request ID: 0ce4f332-866f-45aa-b032-526337f4e792)" (RequestToken: 20c03c32-2d1e-31b8-5581-461ad89ab0f8, HandlerErrorCode: InvalidRequest)

WHy is that? Any clues?

I know the error message there showed a different address, but I also got it for that one:

Resource handler returned message: "CIDR block 2605:4300:1e00::/40 is malformed (Service: Ec2, Status Code: 400, Request ID: 4cfb6a04-6243-4692-8cb4-aa1ff1c45e7e)" (RequestToken: e46818b5-87ba-6a59-8942-31d1e89d2ecd, HandlerErrorCode: InvalidRequest)

I’m trying to add more than one… but I know for a fact they are valid addresses

Can we see the cloud formation code for that?

just where you’re trying to apply the IP?

Cloudformation has…fun escaping issues.

I didn’t know that cloudformation required different properties for both…

CidrIpvs CidrIpv6