Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: (aws-ec2): fix vpc endpoint incorrect issue in China region #16139

Merged
merged 15 commits into from Aug 24, 2021
Merged

fix: (aws-ec2): fix vpc endpoint incorrect issue in China region #16139

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
c796fc6
fix:(aws-ec2): fix vpc endpoint incorrect issue in China region. Fix …
readybuilderone Aug 20, 2021
66e623b
fix unit test of vpc interface endpoint creation
readybuilderone Aug 20, 2021
e2e20a4
Merge branch 'master' into fix-vpc-endpoint-issue-in-china
readybuilderone Aug 20, 2021
c191933
rename variable regionPrefix to defaultEndpointPrefix
readybuilderone Aug 22, 2021
9aded26
update to a more concise way to check whether VPC_ENDPOINT_SERVICE_EX…
readybuilderone Aug 22, 2021
a27acc1
add comments to getDefaultEndpointPrefix, and wrapped the lines
readybuilderone Aug 22, 2021
4fac703
remove traing spaces and adjust the indention in getDefaultEndpointPr…
readybuilderone Aug 22, 2021
63f167a
Merge branch 'fix-vpc-endpoint-issue-in-china' of https://github.com/…
readybuilderone Aug 22, 2021
fe93aa8
Merge branch 'master' into fix-vpc-endpoint-issue-in-china
readybuilderone Aug 22, 2021
b37b4c9
Update packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts
readybuilderone Aug 23, 2021
f606f18
Update packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts
readybuilderone Aug 23, 2021
138c50f
Add logic to handle suffix '.cn' for transcribe service in China region
readybuilderone Aug 23, 2021
88999ab
Minor tweaks
njlynch Aug 23, 2021
20f6008
Merge branch 'master' into fix-vpc-endpoint-issue-in-china
readybuilderone Aug 23, 2021
105846d
Merge branch 'master' into fix-vpc-endpoint-issue-in-china
mergify[bot] Aug 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
25 changes: 24 additions & 1 deletion packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts
View file
Open in desktop
Expand Up @@ -326,9 +326,32 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
const region = Lazy.uncachedString({
produce: (context) => Stack.of(context.scope).region,
});
this.name = `${prefix || 'com.amazonaws'}.${region}.${name}`;
const regionPrefix =Lazy.uncachedString({
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const regionPrefix =Lazy.uncachedString({
const defaultEndpointPrefix =Lazy.uncachedString({

How about just call it defaultEndpointPrefix ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @pahud, that's a good suggestion, I'll update it.

produce: (context) => {
const regionName = Stack.of(context.scope).region;
return this.getDefaultEndpointPrefix(name, regionName);
},
});

this.name = `${prefix || regionPrefix}.${region}.${name}`;
this.port = port || 443;
}

/**
* Get the endpoint prefix for the service in the specified region
* because the prefix for some of the services in cn-north-1 and cn-northwest-1 are different
*/
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we can add an AWS CLI sample in the doc comments showing how to get all endpoints from a region. That would be helpful.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, I'll add the AWS CLI sample to the comments

private getDefaultEndpointPrefix(name: string, region: string) {
const VPC_ENDPOINT_SERVICE_EXCEPTIONS: { [region: string]: string[] } = {
'cn-north-1': ['application-autoscaling', 'athena', 'autoscaling', 'awsconnector', 'cassandra', 'cloudformation', 'codedeploy-commands-secure', 'databrew', 'dms', 'ebs', 'ec2', 'ecr.api', 'ecr.dkr', 'elasticbeanstalk', 'elasticfilesystem', 'elasticfilesystem-fips', 'execute-api', 'imagebuilder', 'iotsitewise.api', 'iotsitewise.data', 'kinesis-streams', 'lambda', 'license-manager', 'monitoring', 'rds', 'redshift', 'redshift-data', 's3', 'sagemaker.api', 'sagemaker.featurestore-runtime', 'sagemaker.runtime', 'servicecatalog', 'sms', 'sqs', 'states', 'sts', 'synthetics', 'transcribe.cn', 'transcribestreaming', 'transfer', 'xray'],
'cn-northwest-1': ['application-autoscaling', 'athena', 'autoscaling', 'awsconnector', 'cassandra', 'cloudformation', 'codedeploy-commands-secure', 'databrew', 'dms', 'ebs', 'ec2', 'ecr.api', 'ecr.dkr', 'elasticbeanstalk', 'elasticfilesystem', 'elasticfilesystem-fips', 'execute-api', 'imagebuilder', 'kinesis-streams', 'lambda', 'license-manager', 'monitoring', 'rds', 'redshift', 'redshift-data', 's3', 'sagemaker.api', 'sagemaker.featurestore-runtime', 'sagemaker.runtime', 'servicecatalog', 'sms', 'sqs', 'states', 'sts', 'synthetics', 'transcribe.cn', 'transcribestreaming', 'transfer', 'workspaces', 'xray'],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's wrap the lines to make it more readable.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good suggestions, thanks Pahud

};
if (VPC_ENDPOINT_SERVICE_EXCEPTIONS.hasOwnProperty(region) && VPC_ENDPOINT_SERVICE_EXCEPTIONS[region].includes(name)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (VPC_ENDPOINT_SERVICE_EXCEPTIONS.hasOwnProperty(region) && VPC_ENDPOINT_SERVICE_EXCEPTIONS[region].includes(name)) {
if (VPC_ENDPOINT_SERVICE_EXCEPTIONS[region] && VPC_ENDPOINT_SERVICE_EXCEPTIONS[region].includes(name)) {

I believe this should be working.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It will be more concise, thanks Pahud for your suggestion, I'll update it

return 'cn.com.amazonaws';
} else {
return 'com.amazonaws';
}
}
}

/**
Expand Down
68 changes: 68 additions & 0 deletions packages/@aws-cdk/aws-ec2/test/vpc-endpoint.test.ts
View file
Open in desktop
Expand Up @@ -607,5 +607,73 @@ nodeunitShim({
}));
test.done();
},
'test vpc interface endpoint with cn.com.amazonaws prefix can be created correctly in cn-north-1'(test: Test) {
//GIVEN
const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region: 'cn-north-1' } });
const vpc = new Vpc(stack, 'VPC');

//WHEN
vpc.addInterfaceEndpoint('ECR Endpoint', {
service: InterfaceVpcEndpointAwsService.ECR,
});

//THEN
expect(stack).to(haveResource('AWS::EC2::VPCEndpoint', {
ServiceName: 'cn.com.amazonaws.cn-north-1.ecr.api',
}));

test.done();
},
'test vpc interface endpoint with cn.com.amazonaws prefix can be created correctly in cn-northwest-1'(test: Test) {
//GIVEN
const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region: 'cn-northwest-1' } });
const vpc = new Vpc(stack, 'VPC');

//WHEN
vpc.addInterfaceEndpoint('Lambda Endpoint', {
service: InterfaceVpcEndpointAwsService.LAMBDA,
});

//THEN
expect(stack).to(haveResource('AWS::EC2::VPCEndpoint', {
ServiceName: 'cn.com.amazonaws.cn-northwest-1.lambda',
}));

test.done();
},
'test vpc interface endpoint without cn.com.amazonaws prefix can be created correctly in cn-north-1'(test: Test) {
//GIVEN
const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region: 'cn-north-1' } });
const vpc = new Vpc(stack, 'VPC');

//WHEN
vpc.addInterfaceEndpoint('ECS Endpoint', {
service: InterfaceVpcEndpointAwsService.ECS,
});

//THEN
expect(stack).to(haveResource('AWS::EC2::VPCEndpoint', {
ServiceName: 'com.amazonaws.cn-north-1.ecs',
}));

test.done();
},
'test vpc interface endpoint without cn.com.amazonaws prefix can be created correctly in cn-northwest-1'(test: Test) {
//GIVEN
const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region: 'cn-northwest-1' } });
const vpc = new Vpc(stack, 'VPC');

//WHEN
vpc.addInterfaceEndpoint('Glue Endpoint', {
service: InterfaceVpcEndpointAwsService.GLUE,
});

//THEN
expect(stack).to(haveResource('AWS::EC2::VPCEndpoint', {
ServiceName: 'com.amazonaws.cn-northwest-1.glue',
}));

test.done();
},
},
});