Skip to content

Commit

Permalink
chore(ecs-patterns): allow setting TLS listener forr NLB patterns
Browse files Browse the repository at this point in the history
  • Loading branch information
@iamhopaul123
iamhopaul123 committed Mar 24, 2020
1 parent 0af2d2e commit ab32b36
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 14 deletions.
36 changes: 24 additions & 12 deletions packages/@aws-cdk/aws-ecs-patterns/lib/base/network-multiple-target-groups-service-base.ts
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { IVpc } from '@aws-cdk/aws-ec2';
import { AwsLogDriver, BaseService, CloudMapOptions, Cluster, ContainerDefinition, ContainerImage, ICluster, LogDriver,
PropagatedTagSource, Protocol, Secret } from '@aws-cdk/aws-ecs';
import { NetworkListener, NetworkLoadBalancer, NetworkTargetGroup } from '@aws-cdk/aws-elasticloadbalancingv2';
PropagatedTagSource, Protocol as ecsProtocol, Secret } from '@aws-cdk/aws-ecs';
import { IListenerCertificate, NetworkListener, NetworkLoadBalancer, NetworkTargetGroup, Protocol as elbv2Protocol } from '@aws-cdk/aws-elasticloadbalancingv2';
import { IRole } from '@aws-cdk/aws-iam';
import { ARecord, IHostedZone, RecordTarget } from '@aws-cdk/aws-route53';
import { LoadBalancerTarget } from '@aws-cdk/aws-route53-targets';
Expand Down Expand Up @@ -232,6 +232,20 @@ export interface NetworkListenerProps {
* @default 80
*/
readonly port?: number;

/**
* Protocol for listener, expects TCP or TLS
*
* @default - TLS if certificates are provided. TCP otherwise.
*/
readonly protocol?: elbv2Protocol;

/**
* Certificate list of ACM cert ARNs
*
* @default - No certificates.
*/
readonly certificates?: IListenerCertificate[];
}

/**
Expand Down Expand Up @@ -300,7 +314,11 @@ export abstract class NetworkMultipleTargetGroupsServiceBase extends Construct {
const lb = this.createLoadBalancer(lbProps.name, lbProps.publicLoadBalancer);
this.loadBalancers.push(lb);
for (const listenerProps of lbProps.listeners) {
const listener = this.createListener(listenerProps.name, lb, listenerProps.port || 80);
const listener = lb.addListener(listenerProps.name, {
port: listenerProps.port || 80,
certificates: listenerProps.certificates,
protocol: listenerProps.protocol
});
this.listeners.push(listener);
}
this.createDomainName(lb, lbProps.domainName, lbProps.domainZone);
Expand All @@ -310,8 +328,8 @@ export abstract class NetworkMultipleTargetGroupsServiceBase extends Construct {
this.loadBalancer = this.loadBalancers[0];
this.listener = this.listeners[0];
} else {
this.loadBalancer = this.createLoadBalancer('LB');
this.listener = this.createListener('PublicListener', this.loadBalancer, 80);
this.loadBalancer = this.createLoadBalancer('LB', true);
this.listener = this.loadBalancer.addListener("PublicListener", {port: 80});
this.createDomainName(this.loadBalancer);

new CfnOutput(this, 'LoadBalancerDNS', { value: this.loadBalancer.loadBalancerDnsName });
Expand Down Expand Up @@ -365,7 +383,7 @@ export abstract class NetworkMultipleTargetGroupsServiceBase extends Construct {

protected addPortMappingForTargets(container: ContainerDefinition, targets: NetworkTargetProps[]) {
for (const target of targets) {
if (!container.findPortMapping(target.containerPort, Protocol.TCP)) {
if (!container.findPortMapping(target.containerPort, ecsProtocol.TCP)) {
container.addPortMappings({
containerPort: target.containerPort
});
Expand Down Expand Up @@ -415,12 +433,6 @@ export abstract class NetworkMultipleTargetGroupsServiceBase extends Construct {
return new NetworkLoadBalancer(this, name, lbProps);
}

private createListener(name: string, lb: NetworkLoadBalancer, port: number): NetworkListener {
return lb.addListener(name, {
port
});
}

private createDomainName(loadBalancer: NetworkLoadBalancer, name?: string, zone?: IHostedZone) {
if (typeof name !== 'undefined') {
if (typeof zone === 'undefined') {
Expand Down
63 changes: 61 additions & 2 deletions packages/@aws-cdk/aws-ecs-patterns/test/ec2/test.l3s-v2.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import { expect, haveResource, haveResourceLike, SynthUtils } from '@aws-cdk/ass
import { Certificate } from '@aws-cdk/aws-certificatemanager';
import { InstanceType, Vpc } from '@aws-cdk/aws-ec2';
import { AwsLogDriver, Cluster, ContainerImage, Ec2TaskDefinition, PropagatedTagSource, Protocol } from '@aws-cdk/aws-ecs';
import { ApplicationProtocol } from '@aws-cdk/aws-elasticloadbalancingv2';
import { ApplicationProtocol, ListenerCertificate, Protocol as elbv2Protocol } from '@aws-cdk/aws-elasticloadbalancingv2';
import { CompositePrincipal, Role, ServicePrincipal } from '@aws-cdk/aws-iam';
import { PublicHostedZone } from '@aws-cdk/aws-route53';
import { NamespaceType } from '@aws-cdk/aws-servicediscovery';
Expand Down Expand Up @@ -989,7 +989,7 @@ export = {
listeners: [
{
name: "listener2",
port: 81
port: 81,
}
]
}
Expand Down Expand Up @@ -1103,6 +1103,65 @@ export = {
test.done();
},

'set a TLS listener'(test: Test) {
// GIVEN
const stack = new Stack();
const vpc = new Vpc(stack, 'VPC');
const cluster = new Cluster(stack, 'Cluster', { vpc });
cluster.addCapacity('DefaultAutoScalingGroup', { instanceType: new InstanceType('t2.micro') });

// WHEN
new NetworkMultipleTargetGroupsEc2Service(stack, 'Service', {
cluster,
memoryLimitMiB: 256,
taskImageOptions: {
image: ContainerImage.fromRegistry('test'),
},
loadBalancers: [
{
name: "lb",
listeners: [
{
name: "listener",
certificates: [ListenerCertificate.fromArn("arn:aws:acm:region:account:certificate/123456789012-1234-1234-1234-12345678")],
protocol: elbv2Protocol.TLS
}
]
}
],
targetGroups: [
{
containerPort: 80,
listener: "listener"
},
]
});

// THEN
expect(stack).to(haveResource("AWS::ElasticLoadBalancingV2::Listener", {
DefaultActions: [
{
TargetGroupArn: {
Ref: "ServicelblistenerECSTargetGroupweb80Group1E0F6DCA"
},
Type: "forward"
}
],
LoadBalancerArn: {
Ref: "ServicelbF1E7AAC9"
},
Port: 80,
Protocol: "TLS",
Certificates: [
{
CertificateArn: "arn:aws:acm:region:account:certificate/123456789012-1234-1234-1234-12345678"
}
]
}));

test.done();
},

'set vpc instead of cluster'(test: Test) {
// GIVEN
const stack = new Stack();
Expand Down

0 comments on commit ab32b36

Please sign in to comment.