Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(ec2): Security Groups support all protocols #13593

Merged
merged 7 commits into from
Mar 16, 2021
Merged
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
151 changes: 146 additions & 5 deletions packages/@aws-cdk/aws-ec2/lib/port.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,158 @@ import { Token } from '@aws-cdk/core';

/**
* Protocol for use in Connection Rules
*
* https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
*/
export enum Protocol {
ALL = '-1',
HOPOPT = '0',
ICMP = 'icmp',
IGMP = '2',
GGP = '3',
IPV4 = '4',
ST = '5',
TCP = 'tcp',
CBT = '7',
EGP = '8',
IGP = '9',
BBN_RCC_MON = '10',
NVP_II = '11',
PUP = '12',
EMCON = '14',
XNET = '15',
CHAOS = '16',
UDP = 'udp',
ICMP = 'icmp',
ICMPV6 = '58',
ESP = 'esp',
AH = 'ah',
MUX = '18',
DCN_MEAS = '19',
HMP = '20',
PRM = '21',
XNS_IDP = '22',
TRUNK_1 = '23',
TRUNK_2 = '24',
LEAF_1 = '25',
LEAF_2 = '26',
RDP = '27',
IRTP = '28',
ISO_TP4 = '29',
NETBLT = '30',
MFE_NSP = '31',
MERIT_INP = '32',
DCCP = '33',
THREEPC = '34',
IDPR = '35',
XTP = '36',
DDP = '37',
IDPR_CMTP = '38',
TPPLUSPLUS = '39',
IL = '40',
IPV6 = '41',
SDRP = '42',
IPV6_ROUTE = '43',
IPV6_FRAG = '44',
IDRP = '45',
RSVP = '46',
GRE = '47',
DSR = '48',
BNA = '49',
ESP = '50',
AH = '51',
I_NLSP = '52',
SWIPE = '53',
NARP = '54',
MOBILE = '55',
TLSP = '56',
SKIP = '57',
ICMPV6 = 'icmpv6',
IPV6_NONXT = '59',
IPV6_OPTS = '60',
CFTP = '62',
ANY_LOCAL = '63',
SAT_EXPAK = '64',
KRYPTOLAN = '65',
RVD = '66',
IPPC = '67',
ANY_DFS = '68',
SAT_MON = '69',
VISA = '70',
IPCV = '71',
CPNX = '72',
CPHB = '73',
WSN = '74',
PVP = '75',
BR_SAT_MON = '76',
SUN_ND = '77',
WB_MON = '78',
WB_EXPAK = '79',
ISO_IP = '80',
VMTP = '81',
SECURE_VMTP = '82',
VINES = '83',
TTP = '84',
IPTM = '84',
NSFNET_IGP = '85',
DGP = '86',
TCF = '87',
EIGRP = '88',
OSPFIGP = '89',
SPRITE_RPC = '90',
LARP = '91',
MTP = '92',
AX_25 = '93',
IPIP = '94',
MICP = '95',
SCC_SP = '96',
ETHERIP = '97',
ENCAP = '98',
ANY_ENC = '99',
GMTP = '100',
IFMP = '101',
PNNI = '102',
PIM = '103',
ARIS = '104',
SCPS = '105',
QNX = '106',
A_N = '107',
IPCOMP = '108',
SNP = '109',
COMPAQ_PEER = '110',
IPX_IN_IP = '111',
VRRP = '112',
PGM = '113',
ANY_0_HOP = '114',
L2_T_P = '115',
DDX = '116',
IATP = '117',
STP = '118',
SRP = '119',
UTI = '120',
SMP = '121',
SM = '122',
PTP = '123',
ISIS_IPV4 = '124',
FIRE = '125',
CRTP = '126',
CRUDP = '127',
SSCOPMCE = '128',
IPLT = '129',
SPS = '130',
PIPE = '131',
SCTP = '132',
FC = '133',
RSVP_E2E_IGNORE = '134',
MOBILITY_HEADER = '135',
UDPLITE = '136',
MPLS_IN_IP = '137',
MANET = '138',
HIP = '139',
SHIM6 = '140',
WESP = '141',
ROHC = '142',
ETHERNET = '143',
EXPERIMENT_1 = '253',
EXPERIMENT_2 = '254',
RESERVED = '255',
}

/**
* Properties to create a port range
*/
Expand Down
148 changes: 144 additions & 4 deletions packages/@aws-cdk/aws-ec2/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -314,13 +314,153 @@
"docs-public-apis:@aws-cdk/aws-ec2.AmazonLinuxStorage",
"docs-public-apis:@aws-cdk/aws-ec2.OperatingSystemType.LINUX",
"docs-public-apis:@aws-cdk/aws-ec2.OperatingSystemType.WINDOWS",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.AH",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ALL",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.TCP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.UDP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ANY_0_HOP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ANY_DFS",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ANY_ENC",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ANY_LOCAL",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ARIS",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.AX_25",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.A_N",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.BBN_RCC_MON",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.BNA",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.BR_SAT_MON",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.CBT",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.CFTP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.CHAOS",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.COMPAQ_PEER",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.CPHB",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.CPNX",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.CRTP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.CRUDP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.DCCP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.DCN_MEAS",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.DDP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.DDX",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.DGP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.DSR",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.EGP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.EIGRP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.EMCON",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ENCAP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ESP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ETHERIP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ETHERNET",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.EXPERIMENT_1",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.EXPERIMENT_2",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.FC",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.FIRE",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.GGP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.GMTP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.GRE",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.HIP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.HMP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.HOPOPT",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IATP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ICMP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ICMPV6",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ESP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.AH",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IDPR",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IDPR_CMTP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IDRP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IFMP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IGMP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IGP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IL",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IPCOMP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IPCV",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IPIP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IPLT",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IPPC",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IPTM",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IPV4",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IPV6",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IPV6_FRAG",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IPV6_NONXT",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IPV6_OPTS",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IPV6_ROUTE",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IPX_IN_IP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.IRTP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ISIS_IPV4",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ISO_IP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ISO_TP4",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.I_NLSP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.KRYPTOLAN",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.L2_T_P",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.LARP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.LEAF_1",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.LEAF_2",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.MANET",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.MERIT_INP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.MFE_NSP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.MICP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.MOBILE",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.MOBILITY_HEADER",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.MPLS_IN_IP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.MTP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.MUX",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.NARP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.NETBLT",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.NSFNET_IGP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.NVP_II",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.OSPFIGP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.PGM",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.PIM",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.PIPE",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.PNNI",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.PRM",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.PTP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.PUP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.PVP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.QNX",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.RDP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.RESERVED",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ROHC",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.RSVP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.RSVP_E2E_IGNORE",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.RVD",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SAT_EXPAK",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SAT_MON",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SCC_SP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SCPS",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SCTP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SDRP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SECURE_VMTP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SHIM6",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SKIP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SM",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SMP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SNP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SPRITE_RPC",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SPS",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SRP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SSCOPMCE",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.ST",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.STP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SUN_ND",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.SWIPE",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.TCF",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.TCP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.THREEPC",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.TLSP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.TPPLUSPLUS",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.TRUNK_1",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.TRUNK_2",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.TTP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.UDP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.UDPLITE",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.UTI",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.VINES",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.VISA",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.VMTP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.VRRP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.WB_EXPAK",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.WB_MON",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.WESP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.WSN",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.XNET",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.XNS_IDP",
"docs-public-apis:@aws-cdk/aws-ec2.Protocol.XTP",
"docs-public-apis:@aws-cdk/aws-ec2.WindowsVersion.WINDOWS_SERVER_2008_SP2_ENGLISH_64BIT_SQL_2008_SP4_EXPRESS",
"docs-public-apis:@aws-cdk/aws-ec2.WindowsVersion.WINDOWS_SERVER_2012_R2_RTM_CHINESE_SIMPLIFIED_64BIT_BASE",
"docs-public-apis:@aws-cdk/aws-ec2.WindowsVersion.WINDOWS_SERVER_2012_R2_RTM_CHINESE_TRADITIONAL_64BIT_BASE",
Expand Down
14 changes: 0 additions & 14 deletions packages/@aws-cdk/aws-ec2/test/integ.vpc.expected.json
Original file line number Diff line number Diff line change
Expand Up @@ -567,20 +567,6 @@
"FromPort": 800,
"IpProtocol": "udp",
"ToPort": 801
},
{
"CidrIp": "0.0.0.0/0",
"Description": "from 0.0.0.0/0:ESP 50",
"FromPort": 50,
"IpProtocol": "esp",
"ToPort": 50
},
{
"CidrIp": "0.0.0.0/0",
"Description": "from 0.0.0.0/0:AH 51",
"FromPort": 51,
"IpProtocol": "ah",
"ToPort": 51
}
],
"VpcId": {
Expand Down
2 changes: 0 additions & 2 deletions packages/@aws-cdk/aws-ec2/test/integ.vpc.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,6 @@ const rules = [
ec2.Port.allUdp(),
ec2.Port.udp(123),
ec2.Port.udpRange(800, 801),
ec2.Port.esp(),
ec2.Port.ah(),
];

for (const rule of rules) {
Expand Down