feat(elbv2): preserveClientIp for NetworkTargetGroup

packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-listener.ts

@@ -239,6 +239,7 @@ export class NetworkListener extends BaseListener implements INetworkListener {
       port: props.port,
       protocol: props.protocol ?? this.protocol,
       proxyProtocolV2: props.proxyProtocolV2,
+      preserveClientIp: props.preserveClientIp,
       targetGroupName: props.targetGroupName,
       targets: props.targets,
       vpc: this.loadBalancer.vpc,
@@ -333,6 +334,14 @@ export interface AddNetworkTargetsProps {
    */
   readonly proxyProtocolV2?: boolean;
 
+  /**
+   * Indicates whether client IP preservation is enabled.
+   *
+   * @default false if the target group type is IP address and the
+   * target group protocol is TCP or TLS. Otherwise, true.
+   */
+  readonly preserveClientIp?: boolean;
+
   /**
    * Health check configuration
    *

packages/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-target-group.ts

@@ -33,6 +33,14 @@ export interface NetworkTargetGroupProps extends BaseTargetGroupProps {
    */
   readonly proxyProtocolV2?: boolean;
 
+  /**
+   * Indicates whether client IP preservation is enabled.
+   *
+   * @default false if the target group type is IP address and the
+   * target group protocol is TCP or TLS. Otherwise, true.
+   */
+  readonly preserveClientIp?: boolean;
+
   /**
    * The targets to add to this target group.
    *
@@ -82,6 +90,10 @@ export class NetworkTargetGroup extends TargetGroupBase implements INetworkTarge
       this.setAttribute('proxy_protocol_v2.enabled', props.proxyProtocolV2 ? 'true' : 'false');
     }
 
+    if (props.preserveClientIp != null) {
+      this.setAttribute('preserve_client_ip.enabled', props.preserveClientIp ? 'true' : 'false');
+    }
+
     this.addTarget(...(props.targets || []));
   }
 

packages/@aws-cdk/aws-elasticloadbalancingv2/test/nlb/target-group.test.ts

@@ -28,6 +28,29 @@ describe('tests', () => {
     });
   });
 
+  test('Enable preserve_client_ip attribute for target group', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = new ec2.Vpc(stack, 'Vpc');
+
+    // WHEN
+    new elbv2.NetworkTargetGroup(stack, 'Group', {
+      vpc,
+      port: 80,
+      preserveClientIp: true,
+    });
+
+    // THEN
+    expect(stack).toHaveResource('AWS::ElasticLoadBalancingV2::TargetGroup', {
+      TargetGroupAttributes: [
+        {
+          Key: 'preserve_client_ip.enabled',
+          Value: 'true',
+        },
+      ],
+    });
+  });
+
   test('Disable proxy protocol v2 for attribute target group', () => {
     // GIVEN
     const stack = new cdk.Stack();
@@ -51,6 +74,29 @@ describe('tests', () => {
     });
   });
 
+  test('Disable preserve_client_ip attribute for target group', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = new ec2.Vpc(stack, 'Vpc');
+
+    // WHEN
+    new elbv2.NetworkTargetGroup(stack, 'Group', {
+      vpc,
+      port: 80,
+      preserveClientIp: false,
+    });
+
+    // THEN
+    expect(stack).toHaveResource('AWS::ElasticLoadBalancingV2::TargetGroup', {
+      TargetGroupAttributes: [
+        {
+          Key: 'preserve_client_ip.enabled',
+          Value: 'false',
+        },
+      ],
+    });
+  });
+
   test('Configure protocols for target group', () => {
     const stack = new cdk.Stack();
     const vpc = new ec2.Vpc(stack, 'Vpc');