Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add feedback from luca
Browse files Browse the repository at this point in the history
msambol committed Mar 19, 2024

Verified

This commit was signed with the committer’s verified signature.
MichaReiser Micha Reiser
1 parent 085f422 commit d51f581
Showing 2 changed files with 9 additions and 11 deletions.
3 changes: 2 additions & 1 deletion packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md
Original file line number Diff line number Diff line change
@@ -260,7 +260,8 @@ listener.addTargets('AppFleet', {
### Enforce security group inbound rules on PrivateLink traffic for a Network Load Balancer

You can indicate whether to evaluate inbound security group rules for traffic
sent to a Network Load Balancer through AWS PrivateLink. The default is `on`.
sent to a Network Load Balancer through AWS PrivateLink.
The evaluation is enabled by default.

```ts
declare const vpc: ec2.Vpc;
Original file line number Diff line number Diff line change
@@ -41,7 +41,7 @@ export interface NetworkLoadBalancerProps extends BaseLoadBalancerProps {
/**
* Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink.
*
* @default on
* @default true
*/
readonly enforceSecurityGroupInboundRulesOnPrivateLinkTraffic?: boolean;
}
@@ -208,8 +208,8 @@ export class NetworkLoadBalancer extends BaseLoadBalancer implements INetworkLoa
public readonly metrics: INetworkLoadBalancerMetrics;
public readonly ipAddressType?: IpAddressType;
public readonly connections: ec2.Connections;
public readonly enforceSecurityGroupInboundRulesOnPrivateLinkTraffic?: string;
private readonly isSecurityGroupsPropertyDefined: boolean;
private readonly _enforceSecurityGroupInboundRulesOnPrivateLinkTraffic?: boolean;

/**
* After the implementation of `IConnectable` (see https://github.com/aws/aws-cdk/pull/28494), the default
@@ -229,7 +229,7 @@ export class NetworkLoadBalancer extends BaseLoadBalancer implements INetworkLoa
securityGroups: Lazy.list({ produce: () => this.securityGroups }),
ipAddressType: props.ipAddressType,
enforceSecurityGroupInboundRulesOnPrivateLinkTraffic: Lazy.string({
produce: () => this.transformEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic(props.enforceSecurityGroupInboundRulesOnPrivateLinkTraffic),
produce: () => this.enforceSecurityGroupInboundRulesOnPrivateLinkTraffic,
}),
});

@@ -238,15 +238,12 @@ export class NetworkLoadBalancer extends BaseLoadBalancer implements INetworkLoa
this.connections = new ec2.Connections({ securityGroups: props.securityGroups });
this.ipAddressType = props.ipAddressType ?? IpAddressType.IPV4;
if (props.crossZoneEnabled) { this.setAttribute('load_balancing.cross_zone.enabled', 'true'); }
this.enforceSecurityGroupInboundRulesOnPrivateLinkTraffic =
this.transformEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic(props.enforceSecurityGroupInboundRulesOnPrivateLinkTraffic);
this._enforceSecurityGroupInboundRulesOnPrivateLinkTraffic = props.enforceSecurityGroupInboundRulesOnPrivateLinkTraffic;
}

private transformEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic(value: boolean | undefined): string | undefined {
if (value !== undefined) {
return value ? 'on' : 'off';
}
return undefined;
public get enforceSecurityGroupInboundRulesOnPrivateLinkTraffic(): string | undefined {
if (this._enforceSecurityGroupInboundRulesOnPrivateLinkTraffic === undefined) return undefined;
return this._enforceSecurityGroupInboundRulesOnPrivateLinkTraffic ? 'on' : 'off';
}

/**

0 comments on commit d51f581

Please sign in to comment.