Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating/Importing a VPC Endpoint only allows for specifying a single SecurityGroup to associate with the VPCe #2699

Closed
KingOfPoptart opened this issue May 31, 2019 · 1 comment · Fixed by #4908
Closed

Creating/Importing a VPC Endpoint only allows for specifying a single SecurityGroup to associate with the VPCe #2699

KingOfPoptart opened this issue May 31, 2019 · 1 comment · Fixed by #4908
Assignees
@rix0rrr
Labels
feature-request A feature should be added or improved.

Comments

@KingOfPoptart
Copy link
Contributor

KingOfPoptart commented May 31, 2019
edited
Loading

Creating a VPC Endpoint does not have any options for specifying SecurityGroups to associate with the InterfaceVpcEndpoint

export interface InterfaceVpcEndpointProps extends InterfaceVpcEndpointOptions {
    /**
     * The VPC network in which the interface endpoint will be used.
     */
    readonly vpc: IVpc;
}

export interface InterfaceVpcEndpointOptions {
    /**
     * The service to use for this interface VPC endpoint.
     */
    readonly service: IInterfaceVpcEndpointService;
    /**
     * Whether to associate a private hosted zone with the specified VPC. This
     * allows you to make requests to the service using its default DNS hostname.
     *
     * @default true
     */
    readonly privateDnsEnabled?: boolean;
    /**
     * The subnets in which to create an endpoint network interface. At most one
     * per availability zone.
     *
     * @default private subnets
     */
    readonly subnets?: SubnetSelection;
}

The properties object to import a VPCEndpoint set up only takes in a single security group

/**
 * Construction properties for an ImportedInterfaceVpcEndpoint.
 */
export interface InterfaceVpcEndpointAttributes {
    /**
     * The interface VPC endpoint identifier.
     */
    readonly vpcEndpointId: string;
    /**
     * The identifier of the security group associated with the interface VPC endpoint.
     */
    readonly securityGroupId: string;
    /**
     * The port of the service of the interface VPC endpoint.
     */
    readonly port: number;
}

CFN supports specifying multiple SecurityGroups -
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html
@KingOfPoptart KingOfPoptart changed the title Creating a VPC Endpoint only allows for specifying a single SecurityGroup to associate with the VPCe Creating/Importing a VPC Endpoint only allows for specifying a single SecurityGroup to associate with the VPCe Jun 3, 2019
@renrut
Copy link

renrut commented Oct 3, 2019

I'm not extremely familiar with CDK paradigms, but it seems like it'd be more CDK style to hold reference to the actual securityGroup(s) object as well rather than the securityGroupId(s).

@rix0rrr rix0rrr added the feature-request A feature should be added or improved. label Oct 10, 2019
jogold added a commit to jogold/aws-cdk that referenced this issue Nov 7, 2019
@jogold
feat(ec2): allow using existing security groups with interface VPC en…
4b57991 
…dpoints

Support a `securityGroups` for interface VPC endpoints in a non breaking way.

Clarify documentation on interface VPC endpoints connections.

Add missing Storage Gateway.

Closes aws#4589
Closes aws#2699
Closes aws#3446
jogold added a commit to jogold/aws-cdk that referenced this issue Nov 7, 2019
@jogold
feat(ec2): allow using existing security groups with interface VPC en…
80fbe35 
…dpoints

Support a `securityGroups` prop for interface VPC endpoints in a non breaking way.

Clarify documentation on interface VPC endpoints connections.

Add missing Storage Gateway.

Closes aws#4589
Closes aws#2699
Closes aws#3446
@jogold jogold mentioned this issue Nov 7, 2019
Merged
@mergify mergify bot closed this as completed in #4908 Nov 8, 2019
mergify bot pushed a commit that referenced this issue Nov 8, 2019
@jogold @mergify
feat(ec2): allow using existing security groups with interface VPC en…
bda28e8 
…dpoints (#4908)

Support a `securityGroups` prop for interface VPC endpoints in a non breaking way.

Clarify documentation on interface VPC endpoints connections.

Add missing Storage Gateway.

Closes #4589
Closes #2699
Closes #3446
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rix0rrr rix0rrr

Labels
feature-request A feature should be added or improved.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ec2): allow using existing security groups with interface VPC enpoints jogold/aws-cdk
3 participants
@rix0rrr @KingOfPoptart @renrut