-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test(api): restrict e2e rds instances public access #1875
test(api): restrict e2e rds instances public access #1875
Conversation
7d883bc
to
4898660
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A lot of repetition in the setup code, any chance to centralize & reuse?
Addressed it. Moved the complete database setup and port opening logic to the E2E core. |
|
||
export const getIpRanges = async (): Promise<string[]> => { | ||
return Promise.all( | ||
[IPIFY_URL, AWSCHECKIP_URL].map(async (url) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On my workstation, I get the same result from both services. We should dedupe the result set so we don't create multiple rules with the same IP ranges.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you connected to VPN? If yes, then the IPs would differ. We can't create a duplicate rule. If there is already an entry, the second API call would fail and we ignore the error.
Description of changes
Restrict inbound security role added by E2E tests to smaller CIDR range (example: x.y.0.0/16). Also, now the ports are open for a very short time to execute the initial DDLs to create tables. The total time the port kept open has decreased from an average of 15 minutes to less than 5 seconds.
Improve SSM read parameter timeout issue. Instead of throwing an exception from wait method, now it returns a string which is used to determine whether to throw an error or not. (This avoids incorrect logging of exception message in the cloudwatch logs).
CDK / CloudFormation Parameters Changed
NA
Issue #, if available
NA
Description of how you validated changes
Checklist
yarn test
passesBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.