feat(ec2): L2 Construct - VpcPeeringConnection #9339
Conversation
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
| /** | ||
| * VPC with which you are creating the VPC peering connection. | ||
| */ | ||
| export class PeerVpc { |
There was a problem hiding this comment.
I think that if you wait for #8280 to be merged, this can be replaced with an IVpc instead which seems nicer.
There was a problem hiding this comment.
Well, the peer vpc is different from a regular vpc. (that is, the peer vpc is not a vpc.)
- You cannot get its details. only
account,region,vpc-id, andcidrare provided. - You have no control over it. You cannot do anything with it. So
IVpcmight be false implication.
| * | ||
| * @default - conditional | ||
| */ | ||
| readonly role?: iam.IRole |
There was a problem hiding this comment.
I guess we could probably create this role? What are the permissions on it that are necessary? Please give links to documentation?
The current documentation is not really enough for people to make use of this feature, and we should always be looking if we can simplify it.
There was a problem hiding this comment.
The peer(acceptor)'s acceptance is required to establish vpc peering connection.
This is usually done by hand on the console.
Maybe an IAM Role with this policy is needed:
"Effect": "Allow",
"Action": [
"ec2:AcceptVpcPeeringConnection"
],
"Resource": [
"arn:aws:ec2:(requestor-region):(requestor-account):vpc-peering-connection/(vpc-peering-connection-id)",
"arn:aws:ec2:(acceptor-region):(acceptor-account):vpc/(vpc-id)",
]
There was a problem hiding this comment.
I'm not sure it's correct. I'll look into it a little bit more.
There was a problem hiding this comment.
| /** | ||
| * Props for constructing VpcPeeringConnection | ||
| */ | ||
| export interface VpcPeeringConnectionProps extends VpcPeeringConnectionOptions { |
There was a problem hiding this comment.
You probably only want to make a distinction between VpcPeeringConnectionProps and VpcPeeringConnectionOptions if you're going to add a vpc.addPeeringConnection() method to Vpc itself (or maybe even to IVpc?)
There was a problem hiding this comment.
I intended that.
|
Any news or progress for this pr? I am badly missing the possibility to peer vpc's with the cdk and not by hand |
|
This PR has been deemed to be abandoned, and will be closed. Please create a new PR for these changes if you think this decision has been made in error. |
fixes #9338
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license