Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(EC2): Add support for dualstack OR ipv6 VPC endpoints #33493

Open
1 of 2 tasks
arnulfojr opened this issue Feb 18, 2025 · 1 comment
Open
1 of 2 tasks

(EC2): Add support for dualstack OR ipv6 VPC endpoints #33493

arnulfojr opened this issue Feb 18, 2025 · 1 comment
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@arnulfojr
Copy link
Contributor

arnulfojr commented Feb 18, 2025
edited
Loading

Describe the feature

AWS Services, i.e., Xray, Wafv2, Workmail, have started to release support for IPv6 or Dualstack for their VPC endpoints.

Use Case

We are migrating our infrastructure to work on IPv6-only or dualstack mode and we would like talk to AWS services through IPv6.

The current workaround is to either 1) write a custom resource to create the VPCEndpoint (or mutate an existing one) and specify the DnsOptions and IpAddressType or 2) use the L1 construct to wire up the VPCEndpoint to use ipv6 or dualstack.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVpcEndpoint.html

Proposed Solution

The API itself it's trivial,

// Add an interface endpoint
vpc.addInterfaceEndpoint('XRayEndpoint', {
  service: ec2.InterfaceVpcEndpointAwsService.XRAY,
  privateDnsEnabled: true,
  /* new props */
  // would default to ec2.InterfaceVpcEndpointIpAddressType.IPv4
  ipAddressType: ec2.InterfaceVpcEndpointIpAddressType.DUALSTACK,
  // dns options is restricted by ipAddressType and can have defaults, but it specified by the customer as not-specified
  dnsRecordType: ec2.InterfaceVpcEndpointIpAddressType.DUALSTACK,
  // we do not have a use case but it's part of the dnsOptions
  privateDnsOnlyForInboundResolverEndpoint: false // OR true
});

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.170.1

Environment details (OS name and version, etc.)

Linux
@arnulfojr arnulfojr added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Feb 18, 2025
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Feb 18, 2025
@pahud
Copy link
Contributor

pahud commented Feb 19, 2025

Thank you for the FR and we welcome the PRs.

@pahud pahud added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Feb 19, 2025
@github-actions github-actions bot mentioned this issue Mar 1, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pahud @arnulfojr