feat(ec2): add ICMPv6 protocol (#20626)

This allows creation of a security group rule that permits ICMPv6. ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Jul 19, 2022 · 99831b0 · 99831b0
1 parent aa879be
commit 99831b0
Show file tree

Hide file tree

Showing 11 changed files with 2,684 additions and 2 deletions.
diff --git a/packages/@aws-cdk/aws-ec2/README.md b/packages/@aws-cdk/aws-ec2/README.md
@@ -529,11 +529,14 @@ the connection specifier:
 ec2.Port.tcp(80)
 ec2.Port.tcpRange(60000, 65535)
 ec2.Port.allTcp()
+ec2.Port.allIcmp()
+ec2.Port.allIcmpV6()
 ec2.Port.allTraffic()
 ```
 
-> NOTE: This set is not complete yet; for example, there is no library support for ICMP at the moment.
-> However, you can write your own classes to implement those.
+> NOTE: Not all protocols have corresponding helper methods. In the absence of a helper method,
+> you can instantiate `Port` yourself with your own settings. You are also welcome to contribute
+> new helper methods.
 
 ### Default Ports
 

diff --git a/packages/@aws-cdk/aws-ec2/lib/port.ts b/packages/@aws-cdk/aws-ec2/lib/port.ts
@@ -307,6 +307,18 @@ export class Port {
     });
   }
 
+  /**
+   * All ICMPv6 traffic
+   */
+  public static allIcmpV6() {
+    return new Port({
+      protocol: Protocol.ICMPV6,
+      fromPort: -1,
+      toPort: -1,
+      stringRepresentation: 'ALL ICMPv6',
+    });
+  }
+
   /**
    * All traffic
    */

diff --git a/packages/@aws-cdk/aws-ec2/test/integ.ports.ts b/packages/@aws-cdk/aws-ec2/test/integ.ports.ts
@@ -0,0 +1,32 @@
+import * as cdk from '@aws-cdk/core';
+import { IntegTest } from '@aws-cdk/integ-tests';
+import * as ec2 from '../lib/index';
+
+const app = new cdk.App();
+
+class TestStack extends cdk.Stack {
+  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
+    super(scope, id, props);
+
+    const vpc = new ec2.Vpc(this, 'VPC');
+
+    const sg = new ec2.SecurityGroup(this, 'SecGroup', {
+      vpc,
+    });
+    sg.addIngressRule(
+      ec2.Peer.anyIpv6(),
+      ec2.Port.allIcmpV6(),
+      'allow ICMP6',
+    );
+  }
+}
+
+new TestStack(app, 'TestStack');
+
+new IntegTest(app, 'Ports', {
+  testCases: [
+    new TestStack(app, 'PortsTestStack', {}),
+  ],
+});
+
+app.synth();
diff --git a/...-cdk/aws-ec2/test/ports.integ.snapshot/PortsDefaultTestDeployAssert044B81BF.template.json b/...-cdk/aws-ec2/test/ports.integ.snapshot/PortsDefaultTestDeployAssert044B81BF.template.json
@@ -0,0 +1 @@
+{}