feat(elbv2): default config for internal load balancer will fall back to Isolated subnets

packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts

@@ -29,7 +29,9 @@ export interface BaseLoadBalancerProps {
   /**
    * Where in the VPC to place the load balancer
    *
-   * @default - Public subnets if internetFacing, otherwise private subnets.
+   * @default - Public subnets if internetFacing, Private subnets if internal and
+   * there are Private subnets, Isolated subnets if internal and there are no
+   * Private subnets.
    */
   readonly vpcSubnets?: ec2.SubnetSelection;
 
@@ -128,8 +130,7 @@ export abstract class BaseLoadBalancer extends Resource {
     const internetFacing = ifUndefined(baseProps.internetFacing, false);
 
     const vpcSubnets = ifUndefined(baseProps.vpcSubnets,
-      { subnetType: internetFacing ? ec2.SubnetType.PUBLIC : ec2.SubnetType.PRIVATE });
-
+      (internetFacing ? {subnetType: ec2.SubnetType.PUBLIC} : {}) );
     const { subnetIds, internetConnectivityEstablished } = baseProps.vpc.selectSubnets(vpcSubnets);
 
     this.vpc = baseProps.vpc;

packages/@aws-cdk/aws-elasticloadbalancingv2/test/nlb/test.load-balancer.ts

@@ -90,6 +90,174 @@ export = {
       Name: 'myLoadBalancer'
     }));
     test.done();
-  }
+  },
+
+  'Trivial construction: internal with Isolated subnets only'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = new ec2.Vpc(stack, 'VPC', {
+      subnetConfiguration: [{
+           cidrMask: 20,
+           name: 'Isolated',
+           subnetType: ec2.SubnetType.ISOLATED,
+         }]
+    });
+
+    // WHEN
+    new elbv2.NetworkLoadBalancer(stack, 'LB', {
+      vpc,
+      internetFacing: false,
+    });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::ElasticLoadBalancingV2::LoadBalancer', {
+      Scheme: "internal",
+      Subnets: [
+        { Ref: "VPCIsolatedSubnet1SubnetEBD00FC6" },
+        { Ref: "VPCIsolatedSubnet2Subnet4B1C8CAA" },
+      ],
+      Type: "network"
+    }));
+
+    test.done();
+  },
+    'Internal with Public, Private, and Isolated subnets'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = new ec2.Vpc(stack, 'VPC', {
+      subnetConfiguration: [{
+           cidrMask: 24,
+           name: 'Public',
+           subnetType: ec2.SubnetType.PUBLIC,
+         }, {
+           cidrMask: 24,
+           name: 'Private',
+           subnetType: ec2.SubnetType.PRIVATE,
+         }, {
+           cidrMask: 28,
+           name: 'Isolated',
+           subnetType: ec2.SubnetType.ISOLATED,
+         }
+         ]
+    });
 
+    // WHEN
+    new elbv2.NetworkLoadBalancer(stack, 'LB', {
+      vpc,
+      internetFacing: false,
+    });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::ElasticLoadBalancingV2::LoadBalancer', {
+      Scheme: "internal",
+      Subnets: [
+        { Ref: "VPCPrivateSubnet1Subnet8BCA10E0" },
+        { Ref: "VPCPrivateSubnet2SubnetCFCDAA7A" },
+      ],
+      Type: "network"
+    }));
+
+    test.done();
+  },
+    'Internet-facing with Public, Private, and Isolated subnets'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = new ec2.Vpc(stack, 'VPC', {
+      subnetConfiguration: [{
+           cidrMask: 24,
+           name: 'Public',
+           subnetType: ec2.SubnetType.PUBLIC,
+         }, {
+           cidrMask: 24,
+           name: 'Private',
+           subnetType: ec2.SubnetType.PRIVATE,
+         }, {
+           cidrMask: 28,
+           name: 'Isolated',
+           subnetType: ec2.SubnetType.ISOLATED,
+         }
+         ]
+    });
+
+    // WHEN
+    new elbv2.NetworkLoadBalancer(stack, 'LB', {
+      vpc,
+      internetFacing: true,
+    });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::ElasticLoadBalancingV2::LoadBalancer', {
+      Scheme: "internet-facing",
+      Subnets: [
+        { Ref: "VPCPublicSubnet1SubnetB4246D30" },
+        { Ref: "VPCPublicSubnet2Subnet74179F39" },
+      ],
+      Type: "network"
+    }));
+
+    test.done();
+  },
+  'Internal load balancer supplying public subnets'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = new ec2.Vpc(stack, 'VPC');
+
+    // WHEN
+    new elbv2.NetworkLoadBalancer(stack, 'LB', {
+      vpc,
+      internetFacing: false,
+      vpcSubnets: {subnetType: ec2.SubnetType.PUBLIC}
+    });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::ElasticLoadBalancingV2::LoadBalancer', {
+      Scheme: "internal",
+      Subnets: [
+        { Ref: "VPCPublicSubnet1SubnetB4246D30" },
+        { Ref: "VPCPublicSubnet2Subnet74179F39" },
+      ],
+      Type: "network"
+    }));
+
+    test.done();
+  },
+  'Internal load balancer supplying isolated subnets'(test: Test) {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = new ec2.Vpc(stack, 'VPC', {
+      subnetConfiguration: [{
+           cidrMask: 24,
+           name: 'Public',
+           subnetType: ec2.SubnetType.PUBLIC,
+         }, {
+           cidrMask: 24,
+           name: 'Private',
+           subnetType: ec2.SubnetType.PRIVATE,
+         }, {
+           cidrMask: 28,
+           name: 'Isolated',
+           subnetType: ec2.SubnetType.ISOLATED,
+         }
+         ]
+    });
+
+    // WHEN
+    new elbv2.NetworkLoadBalancer(stack, 'LB', {
+      vpc,
+      internetFacing: false,
+      vpcSubnets: {subnetType: ec2.SubnetType.ISOLATED}
+    });
+
+    // THEN
+    expect(stack).to(haveResource('AWS::ElasticLoadBalancingV2::LoadBalancer', {
+      Scheme: "internal",
+      Subnets: [
+        { Ref: "VPCIsolatedSubnet1SubnetEBD00FC6" },
+        { Ref: "VPCIsolatedSubnet2Subnet4B1C8CAA" },
+      ],
+      Type: "network"
+    }));
+
+    test.done();
+  }
 };