-
Notifications
You must be signed in to change notification settings - Fork 4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(apprunner): support vpc ingress connection (#30623)
### Issue # (if applicable) Closes #22850. ### Reason for this change To support VPC Ingress Connection for making App Runner Service private and only accessible from within a VPC. ### Description of changes * Add `isPubliclyAccessible` property to the `Service` class * Add `VpcIngressConnection` class ### Description of how you validated changes Add unit tests and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- Loading branch information
Showing
17 changed files
with
2,857 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
168 changes: 168 additions & 0 deletions
168
packages/@aws-cdk/aws-apprunner-alpha/lib/vpc-ingress-connection.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,168 @@ | ||
import * as ec2 from 'aws-cdk-lib/aws-ec2'; | ||
import * as cdk from 'aws-cdk-lib/core'; | ||
import { Construct } from 'constructs'; | ||
import { IService } from './service'; | ||
import { CfnVpcIngressConnection } from 'aws-cdk-lib/aws-apprunner'; | ||
|
||
/** | ||
* Properties of the AppRunner VPC Ingress Connection | ||
*/ | ||
export interface VpcIngressConnectionProps { | ||
/** | ||
* The name for the VPC Ingress Connection. | ||
* | ||
* @default - a name generated by CloudFormation | ||
*/ | ||
readonly vpcIngressConnectionName?: string; | ||
|
||
/** | ||
* The service to connect. | ||
*/ | ||
readonly service: IService; | ||
|
||
/** | ||
* The VPC for the VPC Ingress Connection. | ||
*/ | ||
readonly vpc: ec2.IVpc; | ||
|
||
/** | ||
* The VPC Interface Endpoint for the VPC Ingress Connection. | ||
*/ | ||
readonly interfaceVpcEndpoint: ec2.IInterfaceVpcEndpoint; | ||
} | ||
|
||
/** | ||
* Attributes for the App Runner VPC Ingress Connection | ||
*/ | ||
export interface VpcIngressConnectionAttributes { | ||
/** | ||
* The Amazon Resource Name (ARN) of the VPC Ingress Connection. | ||
*/ | ||
readonly vpcIngressConnectionArn: string; | ||
|
||
/** | ||
* The name of the VPC Ingress Connection. | ||
*/ | ||
readonly vpcIngressConnectionName: string; | ||
|
||
/** | ||
* The domain name associated with the VPC Ingress Connection resource. | ||
*/ | ||
readonly domainName: string; | ||
|
||
/** | ||
* The current status of the VPC Ingress Connection. | ||
*/ | ||
readonly status: string; | ||
} | ||
|
||
/** | ||
* Represents the App Runner VPC Ingress Connection. | ||
*/ | ||
export interface IVpcIngressConnection extends cdk.IResource { | ||
/** | ||
* The Amazon Resource Name (ARN) of the VPC Ingress Connection. | ||
* @attribute | ||
*/ | ||
readonly vpcIngressConnectionArn: string; | ||
|
||
/** | ||
* The name of the VPC Ingress Connection. | ||
* @attribute | ||
*/ | ||
readonly vpcIngressConnectionName: string; | ||
} | ||
|
||
/** | ||
* The App Runner VPC Ingress Connection | ||
* | ||
* @resource AWS::AppRunner::VpcIngressConnection | ||
*/ | ||
export class VpcIngressConnection extends cdk.Resource implements IVpcIngressConnection { | ||
/** | ||
* Import from VPC Ingress Connection from attributes. | ||
*/ | ||
public static fromVpcIngressConnectionAttributes(scope: Construct, id: string, attrs: VpcIngressConnectionAttributes): IVpcIngressConnection { | ||
const vpcIngressConnectionArn = attrs.vpcIngressConnectionArn; | ||
const domainName = attrs.domainName; | ||
const status = attrs.status; | ||
const vpcIngressConnectionName = attrs.vpcIngressConnectionName; | ||
|
||
class Import extends cdk.Resource implements IVpcIngressConnection { | ||
public readonly vpcIngressConnectionArn = vpcIngressConnectionArn; | ||
public readonly domainName = domainName; | ||
public readonly status = status; | ||
public readonly vpcIngressConnectionName = vpcIngressConnectionName; | ||
} | ||
|
||
return new Import(scope, id); | ||
} | ||
|
||
/** | ||
* Imports an App Runner VPC Ingress Connection from its ARN | ||
*/ | ||
public static fromArn(scope: Construct, id: string, vpcIngressConnectionArn: string): IVpcIngressConnection { | ||
const resourceParts = cdk.Fn.split('/', vpcIngressConnectionArn); | ||
|
||
const vpcIngressConnectionName = cdk.Fn.select(0, resourceParts); | ||
|
||
class Import extends cdk.Resource implements IVpcIngressConnection { | ||
public readonly vpcIngressConnectionName = vpcIngressConnectionName; | ||
public readonly vpcIngressConnectionArn = vpcIngressConnectionArn; | ||
} | ||
|
||
return new Import(scope, id); | ||
} | ||
|
||
/** | ||
* The ARN of the VPC Ingress Connection. | ||
* @attribute | ||
*/ | ||
readonly vpcIngressConnectionArn: string; | ||
|
||
/** | ||
* The domain name associated with the VPC Ingress Connection resource. | ||
* @attribute | ||
*/ | ||
readonly domainName: string; | ||
|
||
/** | ||
* The current status of the VPC Ingress Connection. | ||
* @attribute | ||
*/ | ||
readonly status: string; | ||
|
||
/** | ||
* The name of the VPC Ingress Connection. | ||
* @attribute | ||
*/ | ||
readonly vpcIngressConnectionName: string; | ||
|
||
public constructor(scope: Construct, id: string, props: VpcIngressConnectionProps) { | ||
super(scope, id, { | ||
physicalName: props.vpcIngressConnectionName, | ||
}); | ||
|
||
if ( | ||
props.vpcIngressConnectionName !== undefined && | ||
!cdk.Token.isUnresolved(props.vpcIngressConnectionName) && | ||
!/^[A-Za-z0-9][A-Za-z0-9\-_]{3,39}$/.test(props.vpcIngressConnectionName) | ||
) { | ||
throw new Error(`vpcIngressConnectionName must match the \`^[A-Za-z0-9][A-Za-z0-9\-_]{3,39}\` pattern, got ${props.vpcIngressConnectionName}`); | ||
} | ||
|
||
const resource = new CfnVpcIngressConnection(this, 'Resource', { | ||
ingressVpcConfiguration: { | ||
vpcEndpointId: props.interfaceVpcEndpoint.vpcEndpointId, | ||
vpcId: props.vpc.vpcId, | ||
}, | ||
serviceArn: props.service.serviceArn, | ||
vpcIngressConnectionName: this.physicalName, | ||
}); | ||
|
||
this.vpcIngressConnectionArn = resource.attrVpcIngressConnectionArn; | ||
this.vpcIngressConnectionName = resource.ref; | ||
this.domainName = resource.attrDomainName; | ||
this.status = resource.attrStatus; | ||
} | ||
} |
19 changes: 19 additions & 0 deletions
19
...tion.js.snapshot/AppRunnerVpcIngressConnectionDefaultTestDeployAssertC725050C.assets.json
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
36 changes: 36 additions & 0 deletions
36
...on.js.snapshot/AppRunnerVpcIngressConnectionDefaultTestDeployAssertC725050C.template.json
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.