fix(aws-cdk-lib): specifying EC2 private IP with associate public IP …

…enabled generates invalid CFn (#26208) When both associatePublicIpAddress and privateIpAddress properties are supplied to the EC2 Instance construct, an invalid CloudFormation template is generated due to the presence of both PrivateIpAddess and NetworkInterfaces properties on the AWS::EC2::Instance resource. The generated template leaves the PrivateIpAddress property populated but also includes a NetworkInterfaces property, resulting in a deployment error: "Network interfaces and an instance-level private IP address may not be specified on the same request." (see [the AWS::EC2::Instance docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2-instance-privateipaddress)) This erroneous behavior is due to the fact that a network interface is automatically created by the construct when the associatePublicIpAddress is ```true``` while leaving the PrivateIpAddress property on the resource. This PR includes a fix that modifies the behavior of the logic that creates the NetworkInterface to move the private IP to that auto-generated NI, eliminating the top-level resource property. Closes #26187. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Jul 6, 2023 · 1520d77 · 1520d77
1 parent 075c2c0
commit 1520d77
Show file tree

Hide file tree

Showing 11 changed files with 1,379 additions and 6 deletions.
diff --git a/...framework-integ/test/aws-ec2/test/integ.instance-public-and-privateip.js.snapshot/cdk.out b/...framework-integ/test/aws-ec2/test/integ.instance-public-and-privateip.js.snapshot/cdk.out
@@ -0,0 +1 @@
+{"version":"32.0.0"}
diff --git a/...-public-and-privateip.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.assets.json b/...-public-and-privateip.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "32.0.0",
+  "files": {
+    "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
+      "source": {
+        "path": "instancetestDefaultTestDeployAssert5516EAF1.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}
diff --git a/...ublic-and-privateip.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.template.json b/...ublic-and-privateip.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.template.json
@@ -0,0 +1,36 @@
+{
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}
diff --git a/...s-ec2/test/integ.instance-public-and-privateip.js.snapshot/integ-ec2-instance.assets.json b/...s-ec2/test/integ.instance-public-and-privateip.js.snapshot/integ-ec2-instance.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "32.0.0",
+  "files": {
+    "b7b36b2bd774d01d7de716607fa5f4847417a7478d4e5d968305579a1d2dbabc": {
+      "source": {
+        "path": "integ-ec2-instance.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "b7b36b2bd774d01d7de716607fa5f4847417a7478d4e5d968305579a1d2dbabc.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}