feat(ec2-alpha): add Transit Gateway L2 #32956
Conversation
There was a problem hiding this comment.
The pull request linter fails with the following errors:
❌ Features must contain a change to a README file.
If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #32956 +/- ##
=======================================
Coverage 80.79% 80.79%
=======================================
Files 232 232
Lines 14110 14110
Branches 2453 2453
=======================================
Hits 11400 11400
Misses 2430 2430
Partials 280 280
Flags with carried forward coverage won't be shown. Click here to find out more.
|
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
|
|
||
| > Note: When you create a default Transit Gateway in AWS Console, EC2 creates the default `TransitGatewayRouteTable` for you. When using this construct, CDK will create the default `TransitGatewayRouteTable` for you instead with the automatic Association/Propagation features being mimicked by the CDK. | ||
| > | ||
| > **Default association route table** and **Default propagation route table** will show as disabled in your AWS console but can still be toggled within CDK using the `defaultRouteTableAssociation` and `defaultRouteTablePropagation` properties respectively. |
There was a problem hiding this comment.
Want to clarify this sentence a bit. So CDK will by default create TGRT but on console it shows disabled meaning console saying no default TGRT is created?
There was a problem hiding this comment.
When both defaultRouteTableAssociation and defaultRouteTablePropagation are disabled in the CFN template, EC2 will not create the default route table. Instead, the CDK will always create a default route table in place of EC2.
The Default association route table and Default propagation route table settings are shown on every TGRT and it will show as disabled in AWS console for the CDK created default route table (because it can only be enabled on the EC2 created default route table), but we still provide properties within CDK, defaultRouteTableAssociation and defaultRouteTablePropagation, to allow customers to enable the setting (we mimic it being enabled with CDK implementation) even though it shows disabled in console.
| > | ||
| > **Default association route table** and **Default propagation route table** will show as disabled in your AWS console but can still be toggled within CDK using the `defaultRouteTableAssociation` and `defaultRouteTablePropagation` properties respectively. | ||
|
|
||
| You can disable the automatic Association/Propagation on the default `TransitGatewayRouteTable` via the `TransitGateway` properties. This will still create a default route table for you: |
There was a problem hiding this comment.
Wonder what's the behaviour when we supply a custom default route table but enable default route table association and default route table propagation?
There was a problem hiding this comment.
You actually cannot supply a custom route table, because to create a route table you need to pass in a Transit Gateway, so you wouldn't just have a random extra route table lying around.
| If you want to automatically associate and propagate routes with transit gateway route tables, you can pass the `associationRouteTable` and `propagationRouteTables` parameters. This will automatically create the necessary associations and propagations based on the provided route tables. | ||
|
|
||
| ```ts | ||
| const attachmentWithRoutes = transitGateway.attachVpc('VpcAttachment', vpc, [subnet], undefined, associationRouteTable, [propagationRouteTable1, propagationRouteTable2]); |
There was a problem hiding this comment.
This feel like a lot of parmeters to me. Can we put them into a Options interface instead?
There was a problem hiding this comment.
Agreed, I don't like having to skip over the optional parameters either. I'll see if there's a clean way to set up the interfaces with a base interface so it's not a duplicate of the ITransitGatewayVpcAttachment interface.
| readonly transitGatewayVpcAttachmentId: string; | ||
| } | ||
|
|
||
| export abstract class TransitGatewayAttachmentBase extends Resource implements ITransitGatewayAttachment { |
There was a problem hiding this comment.
Why is this abstract class needed? Do you foresee that we will add more subclasses in the future?
There was a problem hiding this comment.
Yes, there will be different types of TransitGatewayAttachments such as an attachment to connect one TGW to another, VPN Attachments, Connect Attachments.
| /** | ||
| * The VPC attachment options. | ||
| */ | ||
| readonly transitGatewayVpcAttachmentOptions?: ITransitGatewayVpcAttachmentOptions; |
There was a problem hiding this comment.
| readonly transitGatewayVpcAttachmentOptions?: ITransitGatewayVpcAttachmentOptions; | |
| readonly vpcAttachmentOptions?: ITransitGatewayVpcAttachmentOptions; |
This is in transitGateway file already, I think we can omit the prefix.
There was a problem hiding this comment.
You're right, this should be fine to omit the prefix.
| id: string, vpc: IVpc, | ||
| subnets: ISubnet[], | ||
| transitGatewayAttachmentOptions?: ITransitGatewayVpcAttachmentOptions, | ||
| associationRouteTable?: ITransitGatewayRouteTable, | ||
| propagationRouteTables?: ITransitGatewayRouteTable[], |
There was a problem hiding this comment.
IMO, everything after id can be put in an XXXOptions interface. wdyt?
There was a problem hiding this comment.
Agreed. Will look into a clean solution for this.
| autoAcceptSharedAttachments: (props?.autoAcceptSharedAttachments ?? false) | ||
| ? TransitGatewayFeatureStatus.ENABLE : TransitGatewayFeatureStatus.DISABLE, | ||
| // Default Association/Propagation will always be false when creating the L1 to prevent EC2 from creating the default route table. | ||
| // Instead, CDK will create a custom default route table and use the properties to mimic the automatic assocation/propagation behaviour. | ||
| defaultRouteTableAssociation: (props?.defaultRouteTableAssociation ?? false) | ||
| ? TransitGatewayFeatureStatus.ENABLE : TransitGatewayFeatureStatus.DISABLE, | ||
| defaultRouteTablePropagation: (props?.defaultRouteTablePropagation ?? false) | ||
| ? TransitGatewayFeatureStatus.ENABLE : TransitGatewayFeatureStatus.DISABLE, | ||
| description: props?.description, | ||
| dnsSupport: (props?.dnsSupport ?? true) ? TransitGatewayFeatureStatus.ENABLE : TransitGatewayFeatureStatus.DISABLE, | ||
| multicastSupport: (props?.multicastSupport ?? false) ? TransitGatewayFeatureStatus.ENABLE : TransitGatewayFeatureStatus.DISABLE, | ||
| vpnEcmpSupport: (props?.vpnEcmpSupport ?? true) ? TransitGatewayFeatureStatus.ENABLE : TransitGatewayFeatureStatus.DISABLE, |
There was a problem hiding this comment.
same as above comment, take out the common functionality.
| public abstract destinationCidrBlock: string; | ||
| } | ||
|
|
||
| export class TransitGatewayActiveRoute extends TransitGatewayRouteBase { |
There was a problem hiding this comment.
| export class TransitGatewayActiveRoute extends TransitGatewayRouteBase { | |
| export class TransitGatewayRoute extends TransitGatewayRouteBase { |
IMO Route is more commonly used, wdyt?
There was a problem hiding this comment.
I named it ActiveRoute to distinguish that it is different from the BlackholeRoute but I think just naming it TransitGatewayRoute also works since the method name is called addRoute() and addBlackholeRoute().
| addRoute(id: string, transitGatewayAttachment: ITransitGatewayAttachment, destinationCidr: string): TransitGatewayActiveRoute { | ||
| return new TransitGatewayActiveRoute(this, id, { | ||
| transitGatewayRouteTable: this, | ||
| transitGatewayAttachment, | ||
| destinationCidrBlock: destinationCidr, | ||
| }); | ||
| }; | ||
|
|
||
| addBlackholeRoute(id: string, destinationCidr: string): TransitGatewayBlackholeRoute { | ||
| return new TransitGatewayBlackholeRoute(this, id, { | ||
| transitGatewayRouteTable: this, | ||
| destinationCidrBlock: destinationCidr, | ||
| }); | ||
| } | ||
|
|
||
| addAssociation(id: string, transitGatewayAttachment: ITransitGatewayAttachment): TransitGatewayRouteTableAssociation { | ||
| return new TransitGatewayRouteTableAssociation(this, id, { | ||
| transitGatewayVpcAttachment: transitGatewayAttachment, | ||
| transitGatewayRouteTable: this, | ||
| }); | ||
| } | ||
|
|
||
| enablePropagation(id: string, transitGatewayAttachment: ITransitGatewayAttachment): TransitGatewayRouteTablePropagation { |
There was a problem hiding this comment.
Should this functionality be exposed ITransitGatewayRouteTable? i.e. I see that imported TGRT is not supported yet, but when it is supported, should the imported TGRT have the capability of adding routes/ adding balckhole routes/etc?
There was a problem hiding this comment.
I think it is okay to leave for now. When we do support imported route tables then we can move the declarations for these methods into the interface which will not be a breaking change.
| const customRouteTable = new ec2.TransitGatewayRouteTable(this, 'TransitGatewayRouteTable'); | ||
|
|
||
| const transitGateway = new ec2.TransitGateway(this, 'MyTransitGateway', { | ||
| customDefaultRouteTable: customRouteTable, |
There was a problem hiding this comment.
I don't see this option customDefaultRouteTable?
There was a problem hiding this comment.
You are right, similar to the above, I realized it's not possible to create a TGW with a custom route table that gets passed in so I've removed the property. Will also remove this example from the README.
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Issue # (if applicable)
Closes #.
Reason for this change
Description of changes
Describe any new or updated permissions being added
Description of how you validated changes
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license