From 6e618898a3d742d7d47da78dd6cbf2ec21b24f92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Efr=C3=A9n?= Date: Thu, 26 Mar 2020 20:20:13 +1000 Subject: [PATCH] feat(ec2): EFS interface VPC endpoint (#6961) * feat(ec2): add efs interface vpc endpoint fixes #6960 * Update package.json doc links * Added test Co-authored-by: Rico Huijbers Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> --- packages/@aws-cdk/aws-ec2/README.md | 1 + packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts | 2 ++ packages/@aws-cdk/aws-ec2/package.json | 2 ++ .../@aws-cdk/aws-ec2/test/test.vpc-endpoint.ts | 18 ++++++++++++++++++ 4 files changed, 23 insertions(+) diff --git a/packages/@aws-cdk/aws-ec2/README.md b/packages/@aws-cdk/aws-ec2/README.md index 50e76e8c99af2..99e883ed3f6bf 100644 --- a/packages/@aws-cdk/aws-ec2/README.md +++ b/packages/@aws-cdk/aws-ec2/README.md @@ -438,6 +438,7 @@ Alternatively, existing security groups can be used by specifying the `securityG ## VPC endpoint services A VPC endpoint service enables you to expose a Network Load Balancer(s) as a provider service to consumers, who connect to your service over a VPC endpoint. You can restrict access to your service via whitelisted principals (anything that extends ArnPrincipal), and require that new connections be manually accepted. + ```ts new VpcEndpointService(this, "EndpointService", { vpcEndpointServiceLoadBalancers: [networkLoadBalancer1, networkLoadBalancer2], diff --git a/packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts b/packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts index 84fe0939fe4fd..959c8d56ba7d9 100644 --- a/packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts +++ b/packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts @@ -254,6 +254,8 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly ECS = new InterfaceVpcEndpointAwsService('ecs'); public static readonly ECS_AGENT = new InterfaceVpcEndpointAwsService('ecs-agent'); public static readonly ECS_TELEMETRY = new InterfaceVpcEndpointAwsService('ecs-telemetry'); + public static readonly ELASTIC_FILESYSTEM = new InterfaceVpcEndpointAwsService('elasticfilesystem'); + public static readonly ELASTIC_FILESYSTEM_FIPS = new InterfaceVpcEndpointAwsService('elasticfilesystem-fips'); public static readonly ELASTIC_INFERENCE_RUNTIME = new InterfaceVpcEndpointAwsService('elastic-inference.runtime'); public static readonly ELASTIC_LOAD_BALANCING = new InterfaceVpcEndpointAwsService('elasticloadbalancing'); public static readonly CLOUDWATCH_EVENTS = new InterfaceVpcEndpointAwsService('events'); diff --git a/packages/@aws-cdk/aws-ec2/package.json b/packages/@aws-cdk/aws-ec2/package.json index e9f6a78824414..01754325c640d 100644 --- a/packages/@aws-cdk/aws-ec2/package.json +++ b/packages/@aws-cdk/aws-ec2/package.json @@ -204,6 +204,8 @@ "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ECS", "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ECS_AGENT", "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ECS_TELEMETRY", + "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM", + "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM_FIPS", "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ELASTIC_INFERENCE_RUNTIME", "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.ELASTIC_LOAD_BALANCING", "docs-public-apis:@aws-cdk/aws-ec2.InterfaceVpcEndpointAwsService.KINESIS_STREAMS", diff --git a/packages/@aws-cdk/aws-ec2/test/test.vpc-endpoint.ts b/packages/@aws-cdk/aws-ec2/test/test.vpc-endpoint.ts index 164d5b175e318..beafc5789393b 100644 --- a/packages/@aws-cdk/aws-ec2/test/test.vpc-endpoint.ts +++ b/packages/@aws-cdk/aws-ec2/test/test.vpc-endpoint.ts @@ -309,6 +309,24 @@ export = { test.done(); }, + 'with existing security groups for efs'(test: Test) { + // GIVEN + const stack = new Stack(); + const vpc = new Vpc(stack, 'VpcNetwork'); + + // WHEN + vpc.addInterfaceEndpoint('Efs', { + service: InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM, + securityGroups: [SecurityGroup.fromSecurityGroupId(stack, 'SG', 'existing-id')] + }); + + // THEN + expect(stack).to(haveResource('AWS::EC2::VPCEndpoint', { + SecurityGroupIds: ['existing-id'], + })); + + test.done(); + }, 'security group has ingress by default'(test: Test) { // GIVEN const stack = new Stack();