diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.js.snapshot/integ-globalaccelerator.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.js.snapshot/integ-globalaccelerator.template.json index 353a75f0ef52b..1e0e4a30e936f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.js.snapshot/integ-globalaccelerator.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.js.snapshot/integ-globalaccelerator.template.json @@ -691,6 +691,18 @@ } }, { + "ClientIPPreservationEnabled": true, + "EndpointId": { + "Ref": "ALBAEE750D2" + } + }, + { + "EndpointId": { + "Ref": "NLB55158F82" + } + }, + { + "ClientIPPreservationEnabled": true, "EndpointId": { "Ref": "NLB55158F82" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.ts index 39a808fcdcf84..8a5aadbc397d0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.ts @@ -38,7 +38,9 @@ class GaStack extends Stack { listener, endpoints: [ new endpoints.ApplicationLoadBalancerEndpoint(alb), + new endpoints.ApplicationLoadBalancerEndpoint(alb, { preserveClientIp: true }), new endpoints.NetworkLoadBalancerEndpoint(nlb), + new endpoints.NetworkLoadBalancerEndpoint(nlb, { preserveClientIp: true }), new endpoints.CfnEipEndpoint(eip), new endpoints.InstanceEndpoint(instances[0]), new endpoints.InstanceEndpoint(instances[1]), diff --git a/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/lib/nlb.ts b/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/lib/nlb.ts index a4c6b59328ffb..cc295bdbbbe98 100644 --- a/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/lib/nlb.ts +++ b/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/lib/nlb.ts @@ -14,6 +14,19 @@ export interface NetworkLoadBalancerEndpointProps { * @default 128 */ readonly weight?: number; + + /** + * Forward the client IP address in an `X-Forwarded-For` header + * + * GlobalAccelerator will create Network Interfaces in your VPC in order + * to preserve the client IP address. + * + * Client IP address preservation is supported only in specific AWS Regions. + * See the GlobalAccelerator Developer Guide for a list. + * + * @default true if available + */ + readonly preserveClientIp?: boolean; } /** @@ -31,6 +44,7 @@ export class NetworkLoadBalancerEndpoint implements ga.IEndpoint { return { endpointId: this.loadBalancer.loadBalancerArn, weight: this.options.weight, + clientIpPreservationEnabled: this.options.preserveClientIp, } as ga.CfnEndpointGroup.EndpointConfigurationProperty; } } \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/test/endpoints.test.ts b/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/test/endpoints.test.ts index d1c65e531b17c..9c29d02dfd2d7 100644 --- a/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/test/endpoints.test.ts +++ b/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/test/endpoints.test.ts @@ -74,6 +74,7 @@ test('Network Load Balancer with all properties', () => { endpoints: [ new endpoints.NetworkLoadBalancerEndpoint(nlb, { weight: 50, + preserveClientIp: true, }), ], }); @@ -84,6 +85,7 @@ test('Network Load Balancer with all properties', () => { { EndpointId: { Ref: 'NLB55158F82' }, Weight: 50, + ClientIPPreservationEnabled: true, }, ], }); diff --git a/packages/aws-cdk-lib/aws-globalaccelerator/README.md b/packages/aws-cdk-lib/aws-globalaccelerator/README.md index 8630620939dea..fca5f4faf68dc 100644 --- a/packages/aws-cdk-lib/aws-globalaccelerator/README.md +++ b/packages/aws-cdk-lib/aws-globalaccelerator/README.md @@ -116,6 +116,7 @@ listener.addEndpointGroup('Group', { endpoints: [ new ga_endpoints.NetworkLoadBalancerEndpoint(nlb, { weight: 128, + preserveClientIp: true, }), ], });