Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(elasticloadbalancingv2): application load balancer attributes #29586

Merged
merged 12 commits into from
Apr 8, 2024
Merged

feat(elasticloadbalancingv2): application load balancer attributes #29586

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
df8fc8b
feat: add ALB attributes
badmintoncryer Mar 21, 2024
86cfa8f
test: add unit test
badmintoncryer Mar 21, 2024
9f869dd
test: update integ test
badmintoncryer Mar 21, 2024
630752e
chore: update description
badmintoncryer Mar 25, 2024
eed2a9c
docs: update readme
badmintoncryer Mar 25, 2024
02303be
Merge branch 'main' into albAttributes
badmintoncryer Mar 27, 2024
2ed74bc
chore: update comments
badmintoncryer Mar 31, 2024
4b75c5d
Merge branch 'main' into albAttributes
badmintoncryer Mar 31, 2024
b0c440c
chore: update comments
badmintoncryer Apr 1, 2024
d8462c7
chore: update comments
badmintoncryer Apr 1, 2024
518e58c
chore: update comments
badmintoncryer Apr 1, 2024
ca94a94
Merge branch 'main' into albAttributes
mergify[bot] Apr 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions ...sticloadbalancingv2/test/integ.alb.attributes.js.snapshot/aws-cdk-elbv2-integ.assets.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

20 changes: 20 additions & 0 deletions ...icloadbalancingv2/test/integ.alb.attributes.js.snapshot/aws-cdk-elbv2-integ.template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -415,6 +415,26 @@
"Key": "routing.http.desync_mitigation_mode",
"Value": "defensive"
},
{
"Key": "routing.http.preserve_host_header.enabled",
"Value": "true"
},
{
"Key": "routing.http.x_amzn_tls_version_and_cipher_suite.enabled",
"Value": "true"
},
{
"Key": "routing.http.xff_client_port.enabled",
"Value": "true"
},
{
"Key": "routing.http.xff_header_processing.mode",
"Value": "preserve"
},
{
"Key": "waf.fail_open.enabled",
"Value": "true"
},
{
"Key": "client_keep_alive.seconds",
"Value": "1000"
Expand Down
2 changes: 1 addition & 1 deletion ...integ/test/aws-elasticloadbalancingv2/test/integ.alb.attributes.js.snapshot/manifest.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

20 changes: 20 additions & 0 deletions ...ork-integ/test/aws-elasticloadbalancingv2/test/integ.alb.attributes.js.snapshot/tree.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions ...-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.attributes.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,11 @@ new elbv2.ApplicationLoadBalancer(stack, 'LB', {
dropInvalidHeaderFields: true,
desyncMitigationMode: elbv2.DesyncMitigationMode.DEFENSIVE,
clientKeepAlive: cdk.Duration.seconds(1000),
preserveHostHeader: true,
xAmznTlsVersionAndCipherSuiteHeaders: true,
preserveXffClientPort: true,
xffHeaderProcessingMode: elbv2.XffHeaderProcessingMode.PRESERVE,
wafFailOpen: true,
});

new elbv2.ApplicationLoadBalancer(stack, 'DesyncMitigationModeMonitor', {
Expand Down
65 changes: 65 additions & 0 deletions packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,66 @@ export interface ApplicationLoadBalancerProps extends BaseLoadBalancerProps {
* @default - Duration.seconds(3600)
*/
readonly clientKeepAlive?: Duration;

/**
* Indicates whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: can you shorten these descriptions and put them on newlines?

*
* @default false
*/
readonly preserveHostHeader?: boolean;

/**
* Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite),
* which contain information about the negotiated TLS version and cipher suite,
* are added to the client request before sending it to the target.
*
* The x-amzn-tls-version header has information about the TLS protocol version negotiated with the client,
* and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the client.
*
* Both headers are in OpenSSL format.
*
* @default false
*/
readonly xAmznTlsVersionAndCipherSuiteHeaders?: boolean;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you add @see values with links to AWS docs?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@badmintoncryer Since the urls are the same, I think it'd make more sense to add the @see one time under Properties for defining an Application Load Balancer ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@msambol I was unable to retrieve links for each attribute and ended up entering the same URL...
I made the revisions just as you suggested!


/**
* Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer.
*
* @default false
*/
readonly preserveXffClientPort?: boolean;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

likewise for this and below, can you add @see ?


/**
* Enables you to modify, preserve, or remove the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target.
*
* @default XffHeaderProcessingMode.APPEND
*/
readonly xffHeaderProcessingMode?: XffHeaderProcessingMode;

/**
* Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF.
*
* @default false
*/
readonly wafFailOpen?: boolean;
}

/**
* Processing mode of the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target.
*/
export enum XffHeaderProcessingMode {
/**
* Application Load Balancer adds the client IP address (of the last hop) to the X-Forwarded-For header in the HTTP request before it sends it to targets.
*/
APPEND = 'append',
/**
* Application Load Balancer preserves the X-Forwarded-For header in the HTTP request, and sends it to targets without any change.
*/
PRESERVE = 'preserve',
/**
* Application Load Balancer removes the X-Forwarded-For header in the HTTP request before it sends it to targets.
*/
REMOVE = 'remove',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: can you shorten these docs and move to multiple lines?

}

/**
Expand Down Expand Up @@ -126,6 +186,11 @@ export class ApplicationLoadBalancer extends BaseLoadBalancer implements IApplic
if (props.idleTimeout !== undefined) { this.setAttribute('idle_timeout.timeout_seconds', props.idleTimeout.toSeconds().toString()); }
if (props.dropInvalidHeaderFields) {this.setAttribute('routing.http.drop_invalid_header_fields.enabled', 'true'); }
if (props.desyncMitigationMode !== undefined) {this.setAttribute('routing.http.desync_mitigation_mode', props.desyncMitigationMode); }
if (props.preserveHostHeader) { this.setAttribute('routing.http.preserve_host_header.enabled', 'true'); }
if (props.xAmznTlsVersionAndCipherSuiteHeaders) { this.setAttribute('routing.http.x_amzn_tls_version_and_cipher_suite.enabled', 'true'); }
if (props.preserveXffClientPort) { this.setAttribute('routing.http.xff_client_port.enabled', 'true'); }
if (props.xffHeaderProcessingMode !== undefined) { this.setAttribute('routing.http.xff_header_processing.mode', props.xffHeaderProcessingMode); }
if (props.wafFailOpen) { this.setAttribute('waf.fail_open.enabled', 'true'); }
if (props.clientKeepAlive !== undefined) {
const clientKeepAliveInMillis = props.clientKeepAlive.toMilliseconds();
if (clientKeepAliveInMillis < 1000) {
Expand Down
25 changes: 25 additions & 0 deletions packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,11 @@ describe('tests', () => {
dropInvalidHeaderFields: true,
clientKeepAlive: cdk.Duration.seconds(200),
denyAllIgwTraffic: true,
preserveHostHeader: true,
xAmznTlsVersionAndCipherSuiteHeaders: true,
preserveXffClientPort: true,
xffHeaderProcessingMode: elbv2.XffHeaderProcessingMode.PRESERVE,
wafFailOpen: true,
});

// THEN
Expand All @@ -109,6 +114,26 @@ describe('tests', () => {
Key: 'routing.http.drop_invalid_header_fields.enabled',
Value: 'true',
},
{
Key: 'routing.http.preserve_host_header.enabled',
Value: 'true',
},
{
Key: 'routing.http.x_amzn_tls_version_and_cipher_suite.enabled',
Value: 'true',
},
{
Key: 'routing.http.xff_client_port.enabled',
Value: 'true',
},
{
Key: 'routing.http.xff_header_processing.mode',
Value: 'preserve',
},
{
Key: 'waf.fail_open.enabled',
Value: 'true',
},
{
Key: 'client_keep_alive.seconds',
Value: '200',
Expand Down
Loading