Skip to content

Commit

Permalink
feat(ec2): Add tag support to security groups (#766)
Browse files Browse the repository at this point in the history
  • Loading branch information
moofish32 committed Sep 26, 2018
1 parent 8606f8d commit fe9be9f
Show file tree
Hide file tree
Showing 13 changed files with 182 additions and 120 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -492,7 +492,7 @@ function renderRollingUpdateConfig(config: RollingUpdateConfiguration = {}): cdk

class TagManager extends cdk.TagManager {
protected tagFormatResolve(tagGroups: cdk.TagGroups): any {
const tags = {...tagGroups.nonSitckyTags, ...tagGroups.ancestorTags, ...tagGroups.stickyTags};
const tags = {...tagGroups.nonStickyTags, ...tagGroups.ancestorTags, ...tagGroups.stickyTags};
return Object.keys(tags).map( (key) => {
const propagateAtLaunch = !!tagGroups.propagateTags[key] || !!tagGroups.ancestorTags[key];
return {key, value: tags[key], propagateAtLaunch};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,12 @@
}
],
"SecurityGroupIngress": [],
"Tags": [
{
"Key": "Name",
"Value": "aws-cdk-ec2-integ/Fleet"
}
],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
Expand Down Expand Up @@ -583,6 +589,7 @@
"ToPort": 80
}
],
"Tags": [],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -319,6 +319,12 @@
}
],
"SecurityGroupIngress": [],
"Tags": [
{
"Key": "Name",
"Value": "aws-cdk-ec2-integ/Fleet"
}
],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
Expand Down Expand Up @@ -405,6 +411,13 @@
"LaunchConfigurationName": {
"Ref": "FleetLaunchConfig59F79D36"
},
"Tags": [
{
"Key": "Name",
"PropagateAtLaunch": true,
"Value": "aws-cdk-ec2-integ/Fleet"
}
],
"TargetGroupARNs": [
{
"Ref": "LBListenerTargetGroupF04FCF6D"
Expand Down Expand Up @@ -463,6 +476,7 @@
"ToPort": 80
}
],
"Tags": [],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
Expand Down
123 changes: 41 additions & 82 deletions packages/@aws-cdk/aws-autoscaling/test/test.auto-scaling-group.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,28 +19,35 @@ export = {

expect(stack).toMatch({
"Resources": {
"MyFleetInstanceSecurityGroup774E8234": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "MyFleet/InstanceSecurityGroup",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Outbound traffic allowed by default",
"FromPort": -1,
"IpProtocol": "-1",
"ToPort": -1
"MyFleetInstanceSecurityGroup774E8234": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "MyFleet/InstanceSecurityGroup",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Outbound traffic allowed by default",
"FromPort": -1,
"IpProtocol": "-1",
"ToPort": -1
}
],
"SecurityGroupIngress": [],
"Tags": [
{
"Key": "Name",
"Value": "MyFleet"
}
],

"VpcId": "my-vpc"
}
],
"SecurityGroupIngress": [],
"VpcId": "my-vpc"
}
},
"MyFleetInstanceRole25A84AB8": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
},
"MyFleetInstanceRole25A84AB8": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
Expand Down Expand Up @@ -99,19 +106,19 @@ export = {
"LaunchConfigurationName": {
"Ref": "MyFleetLaunchConfig5D7F9801"
},
"LoadBalancerNames": [],
"Tags": [
{
"Key": "Name",
"PropagateAtLaunch": true,
"Value": "MyFleet"
}
],
"MaxSize": "1",
"MinSize": "1",
"VPCZoneIdentifier": [
"pri1"
]
"Tags": [
{
"Key": "Name",
"PropagateAtLaunch": true,
"Value": "MyFleet"
}
],

"MaxSize": "1",
"MinSize": "1",
"VPCZoneIdentifier": [
"pri1"
]
}
}
}
Expand Down Expand Up @@ -180,54 +187,6 @@ export = {
test.done();
},

'can configure rolling update'(test: Test) {
// GIVEN
const stack = new cdk.Stack(undefined, 'MyStack', { env: { region: 'us-east-1', account: '1234' }});
const vpc = mockVpc(stack);

// WHEN
new autoscaling.AutoScalingGroup(stack, 'MyFleet', {
{
"Ref": "MyFleetInstanceRole25A84AB8"
}
],
Version: "2012-10-17"
},
}));
test.done();
},

'can configure replacing update'(test: Test) {
// GIVEN
const stack = new cdk.Stack(undefined, 'MyStack', { env: { region: 'us-east-1', account: '1234' }});
const vpc = mockVpc(stack);

// WHEN
new autoscaling.AutoScalingGroup(stack, 'MyFleet', {
instanceType: new ec2.InstanceTypePair(ec2.InstanceClass.M4, ec2.InstanceSize.Micro),
machineImage: new ec2.AmazonLinuxImage(),
vpc,
updateType: autoscaling.UpdateType.ReplacingUpdate,
replacingUpdateMinSuccessfulInstancesPercent: 50
});

// THEN
expect(stack).to(haveResource("AWS::AutoScaling::AutoScalingGroup", {
UpdatePolicy: {
AutoScalingReplacingUpdate: {
WillReplace: true
}
},
CreationPolicy: {
AutoScalingCreationPolicy: {
MinSuccessfulInstancesPercent: 50
}
}
}, ResourcePart.CompleteDefinition));

test.done();
},

'can configure rolling update'(test: Test) {
// GIVEN
const stack = new cdk.Stack(undefined, 'MyStack', { env: { region: 'us-east-1', account: '1234' }});
Expand Down
16 changes: 14 additions & 2 deletions packages/@aws-cdk/aws-ec2/lib/security-group.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { Construct, Output, Token } from '@aws-cdk/cdk';
import { Construct, ITaggable, Output, TagManager, Tags, Token } from '@aws-cdk/cdk';
import { Connections, IConnectable } from './connections';
import { cloudformation } from './ec2.generated';
import { IPortRange, ISecurityGroupRule } from './security-group-rule';
Expand Down Expand Up @@ -106,6 +106,11 @@ export interface SecurityGroupProps {
*/
description?: string;

/**
* The AWS resource tags to associate with the security group.
*/
tags?: Tags;

/**
* The VPC in which to create the security group.
*/
Expand All @@ -119,7 +124,7 @@ export interface SecurityGroupProps {
* inline ingress and egress rule (which saves on the total number of resources inside
* the template).
*/
export class SecurityGroup extends SecurityGroupRef {
export class SecurityGroup extends SecurityGroupRef implements ITaggable {
/**
* An attribute that represents the security group name.
*/
Expand All @@ -135,20 +140,27 @@ export class SecurityGroup extends SecurityGroupRef {
*/
public readonly securityGroupId: string;

/**
* Manage tags for this construct and children
*/
public readonly tags: TagManager;

private readonly securityGroup: cloudformation.SecurityGroupResource;
private readonly directIngressRules: cloudformation.SecurityGroupResource.IngressProperty[] = [];
private readonly directEgressRules: cloudformation.SecurityGroupResource.EgressProperty[] = [];

constructor(parent: Construct, name: string, props: SecurityGroupProps) {
super(parent, name);

this.tags = new TagManager(this, { initialTags: props.tags});
const groupDescription = props.description || this.path;
this.securityGroup = new cloudformation.SecurityGroupResource(this, 'Resource', {
groupName: props.groupName,
groupDescription,
securityGroupIngress: new Token(() => this.directIngressRules),
securityGroupEgress: new Token(() => this.directEgressRules),
vpcId: props.vpc.vpcId,
tags: this.tags,
});

this.securityGroupId = this.securityGroup.securityGroupId;
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-ec2/lib/vpc.ts
Original file line number Diff line number Diff line change
Expand Up @@ -468,7 +468,7 @@ export class VpcSubnet extends VpcSubnetRef implements cdk.ITaggable {

constructor(parent: cdk.Construct, name: string, props: VpcSubnetProps) {
super(parent, name);
this.tags = new cdk.TagManager(this, props.tags);
this.tags = new cdk.TagManager(this, {initialTags: props.tags});
this.tags.setTag(NAME_TAG, this.path, {overwrite: false});

this.availabilityZone = props.availabilityZone;
Expand Down
68 changes: 39 additions & 29 deletions packages/@aws-cdk/aws-ec2/test/test.vpc.ts
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,10 @@ export = {
cidrMask: 24,
name: 'ingress',
subnetType: SubnetType.Public,
tags: {
type: 'Public',
init: 'No',
},
},
{
cidrMask: 24,
Expand Down Expand Up @@ -155,44 +159,50 @@ export = {
CidrBlock: `10.0.6.${i * 16}/28`
}));
}
expect(stack).to(haveResource("AWS::EC2::Subnet", hasTags(
[
{ Key: 'type', Value: 'Public'},
{ Key: 'init', Value: 'No'},
],
)));
test.done();
},
"with custom subents and natGateways = 2 there should be only two NATGW"(test: Test) {
const stack = getTestStack();
new VpcNetwork(stack, 'TheVPC', {
cidr: '10.0.0.0/21',
natGateways: 2,
subnetConfiguration: [
{
cidrMask: 24,
name: 'ingress',
subnetType: SubnetType.Public,
},
{
cidrMask: 24,
name: 'application',
subnetType: SubnetType.Private,
},
{
cidrMask: 28,
name: 'rds',
subnetType: SubnetType.Isolated,
}
],
maxAZs: 3
cidr: '10.0.0.0/21',
natGateways: 2,
subnetConfiguration: [
{
cidrMask: 24,
name: 'ingress',
subnetType: SubnetType.Public,
},
{
cidrMask: 24,
name: 'application',
subnetType: SubnetType.Private,
},
{
cidrMask: 28,
name: 'rds',
subnetType: SubnetType.Isolated,
}
],
maxAZs: 3
});
expect(stack).to(countResources("AWS::EC2::InternetGateway", 1));
expect(stack).to(countResources("AWS::EC2::NatGateway", 2));
expect(stack).to(countResources("AWS::EC2::Subnet", 9));
for (let i = 0; i < 6; i++) {
expect(stack).to(haveResource("AWS::EC2::Subnet", {
CidrBlock: `10.0.${i}.0/24`
}));
expect(stack).to(haveResource("AWS::EC2::Subnet", {
CidrBlock: `10.0.${i}.0/24`
}));
}
for (let i = 0; i < 3; i++) {
expect(stack).to(haveResource("AWS::EC2::Subnet", {
CidrBlock: `10.0.6.${i * 16}/28`
}));
expect(stack).to(haveResource("AWS::EC2::Subnet", {
CidrBlock: `10.0.6.${i * 16}/28`
}));
}
test.done();
},
Expand Down Expand Up @@ -229,9 +239,9 @@ export = {
expect(stack).to(countResources("AWS::EC2::Subnet", 4));
expect(stack).to(countResources("AWS::EC2::Route", 4));
for (let i = 0; i < 4; i++) {
expect(stack).to(haveResource("AWS::EC2::Subnet", {
CidrBlock: `10.0.${i * 64}.0/18`
}));
expect(stack).to(haveResource("AWS::EC2::Subnet", {
CidrBlock: `10.0.${i * 64}.0/18`
}));
}
expect(stack).to(haveResource("AWS::EC2::Route", {
DestinationCidrBlock: '0.0.0.0/0',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,7 @@
"ToPort": 80
}
],
"Tags": [],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -343,6 +343,7 @@
"ToPort": 80
}
],
"Tags": [],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -382,6 +382,7 @@
}
],
"SecurityGroupIngress": [],
"Tags": [],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
Expand Down
Loading

0 comments on commit fe9be9f

Please sign in to comment.