fix(core): Added securty group property to HealthMonitor (#408)

aws · May 4, 2021 · c2ed9e7 · c2ed9e7
1 parent a0d7b0a
commit c2ed9e7
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 0 deletions.
diff --git a/packages/aws-rfdk/lib/core/lib/health-monitor.ts b/packages/aws-rfdk/lib/core/lib/health-monitor.ts
@@ -14,6 +14,7 @@ import {
 import {SnsAction} from '@aws-cdk/aws-cloudwatch-actions';
 import {
   IConnectable,
+  ISecurityGroup,
   IVpc,
   Port,
   SubnetSelection,
@@ -211,6 +212,13 @@ export interface HealthMonitorProps {
    * @default: The VPC default strategy
    */
   readonly vpcSubnets?: SubnetSelection;
+
+  /**
+   * Security group for the health monitor. This is security group is associated with the health monitor's load balancer.
+   *
+   * @default: A security group is created
+   */
+  readonly securityGroup?: ISecurityGroup;
 }
 
 /**

diff --git a/packages/aws-rfdk/lib/core/lib/load-balancer-manager.ts b/packages/aws-rfdk/lib/core/lib/load-balancer-manager.ts
@@ -200,6 +200,7 @@ export class LoadBalancerFactory {
       internetFacing: false,
       vpcSubnets: healthMonitorProps.vpcSubnets,
       deletionProtection: healthMonitorProps.deletionProtection ?? true,
+      securityGroup: healthMonitorProps.securityGroup,
     });
     // Enabling dropping of invalid HTTP header fields on the load balancer to prevent http smuggling attacks.
     loadBalancer.setAttribute('routing.http.drop_invalid_header_fields.enabled', 'true');

diff --git a/packages/aws-rfdk/lib/core/test/health-monitor.test.ts b/packages/aws-rfdk/lib/core/test/health-monitor.test.ts
@@ -32,6 +32,7 @@ import {
   InstanceSize,
   InstanceType,
   IVpc,
+  SecurityGroup,
   SubnetType,
   Vpc,
 } from '@aws-cdk/aws-ec2';
@@ -567,6 +568,31 @@ describe('HealthMonitor', () => {
     }));
   });
 
+  test('specifying a security group', () => {
+    // GIVEN
+    const securityGroup = new SecurityGroup(infraStack, 'LBSecurityGroup', { vpc });
+    const fleet = new TestMonitorableFleet(wfStack, 'workerFleet', {
+      vpc,
+    });
+
+    // WHEN
+    healthMonitor = new HealthMonitor(hmStack, 'healthMonitor2', {
+      vpc,
+      securityGroup,
+    });
+    healthMonitor.registerFleet(fleet, {});
+
+    // THEN
+    // Make sure it has the security group
+    expectCDK(hmStack).to(haveResourceLike('AWS::ElasticLoadBalancingV2::LoadBalancer', {
+      SecurityGroups: arrayWith(
+        hmStack.resolve(securityGroup.securityGroupId),
+      ),
+    }));
+    // HealthMonitor should not create its own security group
+    expectCDK(hmStack).notTo(haveResource('AWS::EC2::SecurityGroup'));
+  });
+
   describe('tagging', () => {
     testConstructTags({
       constructName: 'HealthMonitor',