Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(ec2): private DNS for custom endpoints has incorrect default #5987

Merged
merged 9 commits into from
Feb 4, 2020
Merged

fix(ec2): private DNS for custom endpoints has incorrect default #5987

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
86e7ed5
Merge pull request #1 from aws/master
flemjame-at-amazon Jan 7, 2020
61fdaaa
Merge branch 'master' of https://github.com/aws/aws-cdk
flemjame-at-amazon Jan 27, 2020
a42cd4e
feat(ec2): default setting for VpcEndpoint PrivateDNS depends on serv…
flemjame-at-amazon Jan 27, 2020
143371d
Making interface property privateDnsDefault optional, and default to …
flemjame-at-amazon Jan 28, 2020
b89d1ab
Merge branch 'master' into vpc-endpoint-private-dns-defaults
flemjame-at-amazon Jan 31, 2020
c4c8550
Review feedback
flemjame-at-amazon Feb 3, 2020
4464d8a
Merge branch 'master' into vpc-endpoint-private-dns-defaults
flemjame-at-amazon Feb 3, 2020
eab0e02
Merge branch 'master' into vpc-endpoint-private-dns-defaults
mergify[bot] Feb 4, 2020
524c2c6
Merge branch 'master' into vpc-endpoint-private-dns-defaults
mergify[bot] Feb 4, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
111 changes: 111 additions & 0 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
},
"devDependencies": {
"conventional-changelog-cli": "^2.0.31",
"eslint-plugin-node": "^11.0.0",
flemjame-at-amazon marked this conversation as resolved.
Show resolved Hide resolved
"fs-extra": "^8.1.0",
"jsii-diff": "^0.21.2",
"jsii-pacmak": "^0.21.2",
Expand Down
33 changes: 28 additions & 5 deletions packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,11 @@ export interface IInterfaceVpcEndpointService {
* The port of the service.
*/
readonly port: number;

/**
* Whether Private DNS is supported by default.
*/
readonly privateDnsDefault?: boolean;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this optional?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made this optional for backwards compatibility -- any existing CDK code specifying a service like:

  const interfaceVpcEndpoint = new ec2.InterfaceVpcEndpoint(stack, 'InterfaceEndpoint', {
    vpc,
    service: {
      name: 'com.amazonaws.us-west-2.workspaces',
      port: 80
    }
  });

Will get compilation errors if I don't make the field optional:

Property 'privateDnsDefault' is missing in type '{ name: string; port: number; }' 
but required in type 'IInterfaceVpcEndpointService'.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. That's not how you're supposed to supply that value though, but I get it.

}

/**
Expand All @@ -218,9 +223,15 @@ export class InterfaceVpcEndpointService implements IInterfaceVpcEndpointService
*/
public readonly port: number;

/**
* Whether Private DNS is supported by default.
*/
public readonly privateDnsDefault?: boolean;
flemjame-at-amazon marked this conversation as resolved.
Show resolved Hide resolved

constructor(name: string, port?: number) {
this.name = name;
this.port = port || 443;
this.privateDnsDefault = false;
}
}

Expand Down Expand Up @@ -279,9 +290,15 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
*/
public readonly port: number;

/**
* Whether Private DNS is supported by default.
*/
public readonly privateDnsDefault?: boolean;
flemjame-at-amazon marked this conversation as resolved.
Show resolved Hide resolved

constructor(name: string, prefix?: string, port?: number) {
this.name = `${prefix || 'com.amazonaws'}.${Aws.REGION}.${name}`;
this.port = port || 443;
this.privateDnsDefault = true;
}
}

Expand All @@ -298,7 +315,8 @@ export interface InterfaceVpcEndpointOptions {
* Whether to associate a private hosted zone with the specified VPC. This
* allows you to make requests to the service using its default DNS hostname.
*
* @default true
* @default set by the instance of IInterfaceVpcEndpointService, or true if
* not defined by the instance of IInterfaceVpcEndpointService
*/
readonly privateDnsEnabled?: boolean;

Expand Down Expand Up @@ -427,16 +445,21 @@ export class InterfaceVpcEndpoint extends VpcEndpoint implements IInterfaceVpcEn

const subnets = props.vpc.selectSubnets({ ...props.subnets, onePerAz: true });
const subnetIds = subnets.subnetIds;

const endpoint = new CfnVPCEndpoint(this, 'Resource', {
privateDnsEnabled: props.privateDnsEnabled !== undefined ? props.privateDnsEnabled : true,
const endpointProps = {
privateDnsEnabled: true,
flemjame-at-amazon marked this conversation as resolved.
Show resolved Hide resolved
policyDocument: Lazy.anyValue({ produce: () => this.policyDocument }),
securityGroupIds: securityGroups.map(s => s.securityGroupId),
serviceName: props.service.name,
vpcEndpointType: VpcEndpointType.INTERFACE,
subnetIds,
vpcId: props.vpc.vpcId
});
};
if (props.privateDnsEnabled !== undefined) {
endpointProps.privateDnsEnabled = props.privateDnsEnabled;
} else if (props.service.privateDnsDefault !== undefined) {
endpointProps.privateDnsEnabled = props.service.privateDnsDefault;
}
const endpoint = new CfnVPCEndpoint(this, 'Resource', endpointProps);

this.vpcEndpointId = endpoint.ref;
this.vpcEndpointCreationTimestamp = endpoint.attrCreationTimestamp;
Expand Down
23 changes: 22 additions & 1 deletion packages/@aws-cdk/aws-ec2/test/test.vpc-endpoint.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -345,10 +345,31 @@ export = {

// THEN
expect(stack).to(haveResource('AWS::EC2::VPCEndpoint', {
ServiceName: "com.amazonaws.vpce.us-east-1.vpce-svc-uuddlrlrbastrtsvc"
ServiceName: "com.amazonaws.vpce.us-east-1.vpce-svc-uuddlrlrbastrtsvc",
PrivateDnsEnabled: false
}));

test.done();
},
'marketplace partner service interface endpoint'(test: Test) {
// GIVEN
const stack = new Stack();
const vpc = new Vpc(stack, 'VpcNetwork');

// WHEN
vpc.addInterfaceEndpoint('YourService', {
service: {name: "com.amazonaws.vpce.us-east-1.vpce-svc-mktplacesvcwprdns",
port: 443,
privateDnsDefault: true}
});

// THEN
expect(stack).to(haveResource('AWS::EC2::VPCEndpoint', {
ServiceName: "com.amazonaws.vpce.us-east-1.vpce-svc-mktplacesvcwprdns",
PrivateDnsEnabled: true
}));

test.done();
}
}
};