feat(ec2): added support for network interfaces on ec2 instances by p…

…roviding an associatePublicIpAddress property (#25441) ## Motivation When creating and launching an EC2 instance, a public IPv4 address will be assigned by default for any instances being launched into a default public subnet. Conversely, any EC2 instance being launched into a nondefault public subnet will not be automatically assigned a public IPv4 address. The decision to automatically assign or not assign a public IPv4 address is based on a subnet property which is true by default for default public subnets and false by default for nondefault public subnets. This property can be controlled by specifying that the 'associatePublicIpAddress' be true for an EC2 instance. This property can be exposed via the 'networkInterfaces' property on the underlying L1 CfnInstance construct. Furthermore, any network interface that has an 'associatePublicIpAddress' set to true must also be the primary network interface for the EC2 instance and a primary network interface will always have a device index of 0. The work in this PR will allow a user to automatically have a public IPv4 address assigned to an EC2 instance that they are launching into a nondefault public subnet or stop the default subnet behavior of automatically assigning a public IPv4 address. ## Important Changes The changes made in this PR start by exposing the 'networkInterfaces' property on the underlying L1 CfnInstance. Next, I added 'associatePublicIpAddress' as an optional boolean property that is part of the 'InstanceProps' interface. Importantly, if 'associatePublicIpAddress' is set to true or false, then this means we need to launch the EC2 instance with a configured primary network interface. If 'associatePublicIpAddress' is set to true or false, a network interfaces array is created with the specified network interface configuration for the primary network interface. The subnetId and securityGroupIds are also configured for the network interface since they must be defined on the network interface level when launching an EC2 instance with a configured network interface. I updated the L1 CfnInstance to set subnetId and securityGroupIds to undefined in the event that the network interfaces array is defined. Closes #17127 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · May 23, 2023 · d43834d · d43834d
1 parent 3893da5
commit d43834d
Show file tree

Hide file tree

Showing 12 changed files with 1,507 additions and 3 deletions.
diff --git a/...s-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/cdk.out b/...s-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/cdk.out
@@ -0,0 +1 @@
+{"version":"31.0.0"}
diff --git a/...integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.assets.json b/...integ.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "31.0.0",
+  "files": {
+    "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
+      "source": {
+        "path": "instancetestDefaultTestDeployAssert5516EAF1.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}
diff --git a/...teg.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.template.json b/...teg.instance-public.js.snapshot/instancetestDefaultTestDeployAssert5516EAF1.template.json
@@ -0,0 +1,36 @@
+{
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}
diff --git a/...-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.assets.json b/...-integ/test/aws-ec2/test/integ.instance-public.js.snapshot/integ-ec2-instance.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "31.0.0",
+  "files": {
+    "488d9cf540c6790fc09af871e06438e043f47d03101ef192131f1dafbbb434cb": {
+      "source": {
+        "path": "integ-ec2-instance.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "488d9cf540c6790fc09af871e06438e043f47d03101ef192131f1dafbbb434cb.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}