feat(ec2): add vpcArn to IVpc and Vpc (#16666)

fixes #16493 introduces context aware ARN for VPC, dervied from the current stack. This allows easier referencing compared to constructing the ARN from the vpc id. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Oct 25, 2021 · 7b31376 · 7b31376
1 parent 8d0c555
commit 7b31376
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 3 deletions.
diff --git a/packages/@aws-cdk/aws-ec2/README.md b/packages/@aws-cdk/aws-ec2/README.md
@@ -744,7 +744,7 @@ By default, a new security group is created and logging is enabled. Moreover, a
 authorize all users to the VPC CIDR is created.
 
 To customize authorization rules, set the `authorizeAllUsersToVpcCidr` prop to `false`
-and use `addaddAuthorizationRule()`:
+and use `addAuthorizationRule()`:
 
 ```ts fixture=client-vpn
 const endpoint = vpc.addClientVpnEndpoint('Endpoint', {

diff --git a/packages/@aws-cdk/aws-ec2/lib/vpc.ts b/packages/@aws-cdk/aws-ec2/lib/vpc.ts
@@ -1,7 +1,7 @@
 import * as cxschema from '@aws-cdk/cloud-assembly-schema';
 import {
   Annotations, ConcreteDependable, ContextProvider, DependableTrait, IConstruct,
-  IDependable, IResource, Lazy, Resource, Stack, Token, Tags, Names,
+  IDependable, IResource, Lazy, Resource, Stack, Token, Tags, Names, Arn,
 } from '@aws-cdk/core';
 import * as cxapi from '@aws-cdk/cx-api';
 import { Construct, Node } from 'constructs';
@@ -78,6 +78,12 @@ export interface IVpc extends IResource {
    */
   readonly vpcId: string;
 
+  /**
+   * ARN for this VPC
+   * @attribute
+   */
+  readonly vpcArn: string;
+
   /**
    * CIDR range for this VPC
    *
@@ -357,6 +363,11 @@ abstract class VpcBase extends Resource implements IVpc {
    */
   public abstract readonly vpcId: string;
 
+  /**
+   * Arn of this VPC
+   */
+  public abstract readonly vpcArn: string;
+
   /**
    * CIDR range for this VPC
    */
@@ -1153,6 +1164,11 @@ export class Vpc extends VpcBase {
    */
   public readonly vpcId: string;
 
+  /**
+   * @attribute
+   */
+  public readonly vpcArn: string;
+
   /**
    * @attribute
    */
@@ -1283,6 +1299,11 @@ export class Vpc extends VpcBase {
     this.availabilityZones = this.availabilityZones.slice(0, maxAZs);
 
     this.vpcId = this.resource.ref;
+    this.vpcArn = Arn.format({
+      service: 'ec2',
+      resource: 'vpc',
+      resourceName: this.vpcId,
+    }, stack);
 
     const defaultSubnet = props.natGateways === 0 ? Vpc.DEFAULT_SUBNETS_NO_NAT : Vpc.DEFAULT_SUBNETS;
     this.subnetConfiguration = ifUndefined(props.subnetConfiguration, defaultSubnet);
@@ -1859,6 +1880,7 @@ function ifUndefined<T>(value: T | undefined, defaultValue: T): T {
 
 class ImportedVpc extends VpcBase {
   public readonly vpcId: string;
+  public readonly vpcArn: string;
   public readonly publicSubnets: ISubnet[];
   public readonly privateSubnets: ISubnet[];
   public readonly isolatedSubnets: ISubnet[];
@@ -1870,6 +1892,11 @@ class ImportedVpc extends VpcBase {
     super(scope, id);
 
     this.vpcId = props.vpcId;
+    this.vpcArn = Arn.format({
+      service: 'ec2',
+      resource: 'vpc',
+      resourceName: this.vpcId,
+    }, Stack.of(this));
     this.cidr = props.vpcCidrBlock;
     this.availabilityZones = props.availabilityZones;
     this._vpnGatewayId = props.vpnGatewayId;
@@ -1903,6 +1930,7 @@ class ImportedVpc extends VpcBase {
 
 class LookedUpVpc extends VpcBase {
   public readonly vpcId: string;
+  public readonly vpcArn: string;
   public readonly internetConnectivityEstablished: IDependable = new ConcreteDependable();
   public readonly availabilityZones: string[];
   public readonly publicSubnets: ISubnet[];
@@ -1914,6 +1942,11 @@ class LookedUpVpc extends VpcBase {
     super(scope, id);
 
     this.vpcId = props.vpcId;
+    this.vpcArn = Arn.format({
+      service: 'ec2',
+      resource: 'vpc',
+      resourceName: this.vpcId,
+    }, Stack.of(this));
     this.cidr = props.vpcCidrBlock;
     this._vpnGatewayId = props.vpnGatewayId;
     this.incompleteSubnetDefinition = isIncomplete;

diff --git a/packages/@aws-cdk/aws-ec2/test/vpc.test.ts b/packages/@aws-cdk/aws-ec2/test/vpc.test.ts
@@ -36,7 +36,12 @@ describe('vpc', () => {
         const stack = getTestStack();
         const vpc = new Vpc(stack, 'TheVPC');
         expect(stack.resolve(vpc.vpcId)).toEqual({ Ref: 'TheVPC92636AB0' });
+      });
 
+      test('vpc.vpcArn returns a token to the VPC ID', () => {
+        const stack = getTestStack();
+        const vpc = new Vpc(stack, 'TheVPC');
+        expect(stack.resolve(vpc.vpcArn)).toEqual({ 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':ec2:us-east-1:123456789012:vpc/', { Ref: 'TheVPC92636AB0' }]] });
       });
 
       test('it uses the correct network range', () => {
@@ -1786,4 +1791,4 @@ function hasTags(expectedTags: Array<{Key: string, Value: string}>): (props: any
       throw e;
     }
   };
-}
+}