feat(ec2): ESP and AH IPsec protocols for Security Groups (#13471)

First contribution. I've gone through the checklist and think i've managed to hit all the requirements. I'd like to contribute more and I'm taking it slow so let me know how I can improve my PRs Closes #13403 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Mar 9, 2021 · f5a6647 · f5a6647
1 parent abfc0ea
commit f5a6647
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 1 deletion.
diff --git a/packages/@aws-cdk/aws-ec2/lib/port.ts b/packages/@aws-cdk/aws-ec2/lib/port.ts
@@ -9,6 +9,8 @@ export enum Protocol {
   UDP = 'udp',
   ICMP = 'icmp',
   ICMPV6 = '58',
+  ESP = 'esp',
+  AH = 'ah',
 }
 
 /**
@@ -171,6 +173,30 @@ export class Port {
     });
   }
 
+  /**
+   * A single ESP port
+   */
+  public static esp(): Port {
+    return new Port({
+      protocol: Protocol.ESP,
+      fromPort: 50,
+      toPort: 50,
+      stringRepresentation: 'ESP 50',
+    });
+  }
+
+  /**
+   * A single AH port
+   */
+  public static ah(): Port {
+    return new Port({
+      protocol: Protocol.AH,
+      fromPort: 51,
+      toPort: 51,
+      stringRepresentation: 'AH 51',
+    });
+  }
+
   /**
    * Whether the rule containing this port range can be inlined into a securitygroup or not.
    */

diff --git a/packages/@aws-cdk/aws-ec2/package.json b/packages/@aws-cdk/aws-ec2/package.json
@@ -315,6 +315,8 @@
       "docs-public-apis:@aws-cdk/aws-ec2.Protocol.UDP",
       "docs-public-apis:@aws-cdk/aws-ec2.Protocol.ICMP",
       "docs-public-apis:@aws-cdk/aws-ec2.Protocol.ICMPV6",
+      "docs-public-apis:@aws-cdk/aws-ec2.Protocol.ESP",
+      "docs-public-apis:@aws-cdk/aws-ec2.Protocol.AH",
       "docs-public-apis:@aws-cdk/aws-ec2.WindowsVersion.WINDOWS_SERVER_2008_SP2_ENGLISH_64BIT_SQL_2008_SP4_EXPRESS",
       "docs-public-apis:@aws-cdk/aws-ec2.WindowsVersion.WINDOWS_SERVER_2012_R2_RTM_CHINESE_SIMPLIFIED_64BIT_BASE",
       "docs-public-apis:@aws-cdk/aws-ec2.WindowsVersion.WINDOWS_SERVER_2012_R2_RTM_CHINESE_TRADITIONAL_64BIT_BASE",

diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpc.expected.json
@@ -567,6 +567,20 @@
             "FromPort": 800,
             "IpProtocol": "udp",
             "ToPort": 801
+          },
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "from 0.0.0.0/0:ESP 50",
+            "FromPort": 50,
+            "IpProtocol": "esp",
+            "ToPort": 50
+          },
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "from 0.0.0.0/0:AH 51",
+            "FromPort": 51,
+            "IpProtocol": "ah",
+            "ToPort": 51
           }
         ],
         "VpcId": {
@@ -575,4 +589,4 @@
       }
     }
   }
-}
+}
diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc.ts b/packages/@aws-cdk/aws-ec2/test/integ.vpc.ts
@@ -16,6 +16,8 @@ const rules = [
   ec2.Port.allUdp(),
   ec2.Port.udp(123),
   ec2.Port.udpRange(800, 801),
+  ec2.Port.esp(),
+  ec2.Port.ah(),
 ];
 
 for (const rule of rules) {