-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[synthetics] Make it possible to set vpcConfig in synthetics.Canary for vpc private API testing #9954
Comments
Another solution is to use overrides but is almost as much work as CfnCanary. canary_cfn = canary.node.default_child
canary_cfn.add_property_override("VPCConfig.VpcId", vpc.vpc_id)
# Get a list of private subnet id strings
private_subnet_ids = []
for subnet in vpc.private_subnets:
private_subnet_ids.append(subnet.subnet_id)
canary_cfn.add_property_override("VPCConfig.SubnetIds", private_subnet_ids)
canary_cfn.add_property_override("VPCConfig.SecurityGroupIds", [canary_sg.security_group_id]) Note that you will also need to configure a role for the Synthetic which has permissions to create Lambdas in a VPC to utilize this. |
Just to help others, as i had initially made a typo on this and caused me some delays. To add the permissions as described above i used: |
You can also create an instance of
|
With escape hatches in Typescript: const cfnCanary = canary.node.defaultChild as synthetics.CfnCanary
cfnCanary.vpcConfig = {
vpcId: vpc.vpcId,
securityGroupIds: [securityGroupId],
subnetIds: [subnetId]
} |
This PR adds vpc support to synthetics and is a continuation of #11865. See [Running a canary on a vpc](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_VPC.html). Fixes #9954 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
When creating a Canary using synthetics.Canary there is no way to set the vpc config which is needed for invocations of VPC-private APIs.
If you create the canary using CfnCanary you can configure the VpcConfig in the https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-synthetics.CfnCanaryProps.html
So there is a workaround, but by using CfnCanary you have to create the role, permission, s3 bucket (artifacts) etc. by hand also - so you end up with a lot of cdk code for even simple canaries.
Use Case
We have a number of VPC private APIs we would like to make canaries for.
Configuring api testing of vpc private api calls without this option when using the synthetics.Canary - and using CfnCanary is quite verbose / easy to get wrong in comparison to having the synthetics.Canary auto-create them.
Proposed Solution
Add vpcConfig option to the synthetics.CanaryProps
Other
If it is not an option to add vpc config to the synthetics.Canary, then please provide an example of how to use the vpc config in the CfnCanary.
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: