From c3cfcd558e1a5f9d6c632baba457250a4c5153c6 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 14 Dec 2018 14:44:25 +0100 Subject: [PATCH] feat(aws-ec2): can now use PrefixList in ingress rules (#1360) Expose the newly-added capability of using PrefixLists as peers for Security Group ingress rules. --- packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts | 4 ++-- packages/@aws-cdk/aws-ec2/test/test.security-group.ts | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts index 96ddbd5dbefae..71033b4d25955 100644 --- a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts +++ b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts @@ -105,7 +105,7 @@ export class AnyIPv6 extends CidrIPv6 { * https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html */ export class PrefixList implements ISecurityGroupRule, IConnectable { - public readonly canInlineRule = true; + public readonly canInlineRule = false; public readonly connections: Connections = new Connections({ securityGroupRule: this }); public readonly uniqueId: string; @@ -114,7 +114,7 @@ export class PrefixList implements ISecurityGroupRule, IConnectable { } public toIngressRuleJSON(): any { - throw new Error('Prefix lists can only be used for egress rules'); + return { sourcePrefixListId: this.prefixListId }; } public toEgressRuleJSON(): any { diff --git a/packages/@aws-cdk/aws-ec2/test/test.security-group.ts b/packages/@aws-cdk/aws-ec2/test/test.security-group.ts index 0219f16350f7f..2f4dd54eef80c 100644 --- a/packages/@aws-cdk/aws-ec2/test/test.security-group.ts +++ b/packages/@aws-cdk/aws-ec2/test/test.security-group.ts @@ -165,6 +165,7 @@ export = { for (const peer of peers) { for (const port of ports) { sg.connections.allowTo(peer, port); + sg.connections.allowFrom(peer, port); } }