diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts index d05a44bfb7f94..0a4cb0ac3eaeb 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts @@ -29,7 +29,9 @@ export interface BaseLoadBalancerProps { /** * Where in the VPC to place the load balancer * - * @default - Public subnets if internetFacing, otherwise private subnets. + * @default - Public subnets if internetFacing, Private subnets if internal and + * there are Private subnets, Isolated subnets if internal and there are no + * Private subnets. */ readonly vpcSubnets?: ec2.SubnetSelection; @@ -128,8 +130,7 @@ export abstract class BaseLoadBalancer extends Resource { const internetFacing = ifUndefined(baseProps.internetFacing, false); const vpcSubnets = ifUndefined(baseProps.vpcSubnets, - { subnetType: internetFacing ? ec2.SubnetType.PUBLIC : ec2.SubnetType.PRIVATE }); - + (internetFacing ? {subnetType: ec2.SubnetType.PUBLIC} : {}) ); const { subnetIds, internetConnectivityEstablished } = baseProps.vpc.selectSubnets(vpcSubnets); this.vpc = baseProps.vpc; diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/nlb/test.load-balancer.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/nlb/test.load-balancer.ts index 1977dd8425ce5..5c0046e186013 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/nlb/test.load-balancer.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/nlb/test.load-balancer.ts @@ -90,6 +90,174 @@ export = { Name: 'myLoadBalancer' })); test.done(); - } + }, + + 'Trivial construction: internal with Isolated subnets only'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC', { + subnetConfiguration: [{ + cidrMask: 20, + name: 'Isolated', + subnetType: ec2.SubnetType.ISOLATED, + }] + }); + + // WHEN + new elbv2.NetworkLoadBalancer(stack, 'LB', { + vpc, + internetFacing: false, + }); + + // THEN + expect(stack).to(haveResource('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Scheme: "internal", + Subnets: [ + { Ref: "VPCIsolatedSubnet1SubnetEBD00FC6" }, + { Ref: "VPCIsolatedSubnet2Subnet4B1C8CAA" }, + ], + Type: "network" + })); + + test.done(); + }, + 'Internal with Public, Private, and Isolated subnets'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC', { + subnetConfiguration: [{ + cidrMask: 24, + name: 'Public', + subnetType: ec2.SubnetType.PUBLIC, + }, { + cidrMask: 24, + name: 'Private', + subnetType: ec2.SubnetType.PRIVATE, + }, { + cidrMask: 28, + name: 'Isolated', + subnetType: ec2.SubnetType.ISOLATED, + } + ] + }); + // WHEN + new elbv2.NetworkLoadBalancer(stack, 'LB', { + vpc, + internetFacing: false, + }); + + // THEN + expect(stack).to(haveResource('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Scheme: "internal", + Subnets: [ + { Ref: "VPCPrivateSubnet1Subnet8BCA10E0" }, + { Ref: "VPCPrivateSubnet2SubnetCFCDAA7A" }, + ], + Type: "network" + })); + + test.done(); + }, + 'Internet-facing with Public, Private, and Isolated subnets'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC', { + subnetConfiguration: [{ + cidrMask: 24, + name: 'Public', + subnetType: ec2.SubnetType.PUBLIC, + }, { + cidrMask: 24, + name: 'Private', + subnetType: ec2.SubnetType.PRIVATE, + }, { + cidrMask: 28, + name: 'Isolated', + subnetType: ec2.SubnetType.ISOLATED, + } + ] + }); + + // WHEN + new elbv2.NetworkLoadBalancer(stack, 'LB', { + vpc, + internetFacing: true, + }); + + // THEN + expect(stack).to(haveResource('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Scheme: "internet-facing", + Subnets: [ + { Ref: "VPCPublicSubnet1SubnetB4246D30" }, + { Ref: "VPCPublicSubnet2Subnet74179F39" }, + ], + Type: "network" + })); + + test.done(); + }, + 'Internal load balancer supplying public subnets'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + // WHEN + new elbv2.NetworkLoadBalancer(stack, 'LB', { + vpc, + internetFacing: false, + vpcSubnets: {subnetType: ec2.SubnetType.PUBLIC} + }); + + // THEN + expect(stack).to(haveResource('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Scheme: "internal", + Subnets: [ + { Ref: "VPCPublicSubnet1SubnetB4246D30" }, + { Ref: "VPCPublicSubnet2Subnet74179F39" }, + ], + Type: "network" + })); + + test.done(); + }, + 'Internal load balancer supplying isolated subnets'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC', { + subnetConfiguration: [{ + cidrMask: 24, + name: 'Public', + subnetType: ec2.SubnetType.PUBLIC, + }, { + cidrMask: 24, + name: 'Private', + subnetType: ec2.SubnetType.PRIVATE, + }, { + cidrMask: 28, + name: 'Isolated', + subnetType: ec2.SubnetType.ISOLATED, + } + ] + }); + + // WHEN + new elbv2.NetworkLoadBalancer(stack, 'LB', { + vpc, + internetFacing: false, + vpcSubnets: {subnetType: ec2.SubnetType.ISOLATED} + }); + + // THEN + expect(stack).to(haveResource('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Scheme: "internal", + Subnets: [ + { Ref: "VPCIsolatedSubnet1SubnetEBD00FC6" }, + { Ref: "VPCIsolatedSubnet2Subnet4B1C8CAA" }, + ], + Type: "network" + })); + + test.done(); + } };