Enforce TCP Protocol for target groups (#115)

Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
opensearch-project · Mar 15, 2024 · 9ce1869 · 9ce1869
1 parent 2a3968b
commit 9ce1869
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 3 deletions.
diff --git a/lib/infra/infra-stack.ts b/lib/infra/infra-stack.ts
@@ -482,13 +482,15 @@ export class InfraStack extends Stack {
 
       opensearchListener.addTargets('single-node-target', {
         port: 9200,
+        protocol: Protocol.TCP,
         targets: [new InstanceTarget(singleNodeInstance)],
       });
 
       if (this.dashboardsUrl !== 'undefined') {
         // @ts-ignore
         dashboardsListener.addTargets('single-node-osd-target', {
           port: 5601,
+          protocol: Protocol.TCP,
           targets: [new InstanceTarget(singleNodeInstance)],
         });
       }
@@ -662,13 +664,15 @@ export class InfraStack extends Stack {
 
       opensearchListener.addTargets('opensearchTarget', {
         port: 9200,
+        protocol: Protocol.TCP,
         targets: [clientNodeAsg],
       });
 
       if (this.dashboardsUrl !== 'undefined') {
         // @ts-ignore
         dashboardsListener.addTargets('dashboardsTarget', {
           port: 5601,
+          protocol: Protocol.TCP,
           targets: [clientNodeAsg],
         });
       }

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@opensearch-project/opensearch-cluster-cdk",
-  "version": "1.2.1",
+  "version": "1.2.2",
   "bin": {
     "cdk_v2": "bin/app.js"
   },

diff --git a/test/opensearch-cluster-cdk.test.ts b/test/opensearch-cluster-cdk.test.ts
@@ -1026,3 +1026,47 @@ test('Throw error on duplicate ports', () => {
     expect(error.message).toEqual('OpenSearch and OpenSearch-Dashboards cannot be mapped to the same port! Please provide different port numbers. Current mapping is OpenSearch:8443 OpenSearch-Dashboards:8443');
   }
 });
+
+test('Ensure target group protocol is always TCP', () => {
+  const app = new App({
+    context: {
+      securityDisabled: false,
+      minDistribution: false,
+      distributionUrl: 'www.example.com',
+      cpuArch: 'x64',
+      singleNodeCluster: false,
+      dashboardsUrl: 'www.example.com',
+      distVersion: '1.0.0',
+      serverAccessType: 'ipv4',
+      restrictServerAccessTo: 'all',
+      certificateArn: 'arn:1234',
+      mapOpensearchPortTo: '8440',
+      mapOpensearchDashboardsPortTo: '443',
+    },
+  });
+
+  // WHEN
+  const networkStack = new NetworkStack(app, 'opensearch-network-stack', {
+    env: { account: 'test-account', region: 'us-east-1' },
+  });
+
+  // @ts-ignore
+  const infraStack = new InfraStack(app, 'opensearch-infra-stack', {
+    vpc: networkStack.vpc,
+    securityGroup: networkStack.osSecurityGroup,
+    env: { account: 'test-account', region: 'us-east-1' },
+  });
+
+  // THEN
+  const infraTemplate = Template.fromStack(infraStack);
+  infraTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::TargetGroup', {
+    Port: 9200,
+    Protocol: 'TCP',
+    TargetType: 'instance',
+  });
+  infraTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::TargetGroup', {
+    Port: 5601,
+    Protocol: 'TCP',
+    TargetType: 'instance',
+  });
+});