diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/aws-cdk-elbv2-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/aws-cdk-elbv2-integ.assets.json index 3d4aefd221839..f3870688a57db 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/aws-cdk-elbv2-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/aws-cdk-elbv2-integ.assets.json @@ -1,7 +1,7 @@ { - "version": "34.0.0", + "version": "35.0.0", "files": { - "9df5f70ad5f6e013c7593ed95422a1e173c6b752ee7b4970f1828655ada2c730": { + "58137a7e393bbbec6a08c4136b185d818385d40e1f85647bd30f101efaaadfc7": { "source": { "path": "aws-cdk-elbv2-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "9df5f70ad5f6e013c7593ed95422a1e173c6b752ee7b4970f1828655ada2c730.json", + "objectKey": "58137a7e393bbbec6a08c4136b185d818385d40e1f85647bd30f101efaaadfc7.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/aws-cdk-elbv2-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/aws-cdk-elbv2-integ.template.json index edc6ef8fecb1f..f8704be7ed070 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/aws-cdk-elbv2-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/aws-cdk-elbv2-integ.template.json @@ -391,6 +391,31 @@ } } }, + "SGADB53937": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-cdk-elbv2-integ/SG", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "SecurityGroupIngress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "allow https access from the world", + "FromPort": 443, + "IpProtocol": "tcp", + "ToPort": 443 + } + ], + "VpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, "LB8A12904C": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { @@ -401,6 +426,14 @@ } ], "Scheme": "internet-facing", + "SecurityGroups": [ + { + "Fn::GetAtt": [ + "SGADB53937", + "GroupId" + ] + } + ], "Subnets": [ { "Ref": "VPCPublicSubnet1SubnetB4246D30" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/cdk.out index 2313ab5436501..c5cb2e5de6344 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"34.0.0"} \ No newline at end of file +{"version":"35.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/elbv2integDefaultTestDeployAssert6120E394.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/elbv2integDefaultTestDeployAssert6120E394.assets.json index a7bfe23b50153..360ee2c5dd548 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/elbv2integDefaultTestDeployAssert6120E394.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/elbv2integDefaultTestDeployAssert6120E394.assets.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "35.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/integ.json index b21a2894e1825..c3fc397124ed4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "35.0.0", "testCases": { "elbv2-integ/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/manifest.json index 0f31f824c6b58..ee75835aab21a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "34.0.0", + "version": "35.0.0", "artifacts": { "aws-cdk-elbv2-integ.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "aws-cdk-elbv2-integ.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9df5f70ad5f6e013c7593ed95422a1e173c6b752ee7b4970f1828655ada2c730.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/58137a7e393bbbec6a08c4136b185d818385d40e1f85647bd30f101efaaadfc7.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -171,6 +172,12 @@ "data": "VPCVPCGW99B986DC" } ], + "/aws-cdk-elbv2-integ/SG/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "SGADB53937" + } + ], "/aws-cdk-elbv2-integ/LB/Resource": [ { "type": "aws:cdk:logicalId", @@ -217,6 +224,7 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "elbv2integDefaultTestDeployAssert6120E394.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/tree.json index 6eba5977cc702..a4bae20f116a3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.js.snapshot/tree.json @@ -31,8 +31,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" } }, "PublicSubnet1": { @@ -75,16 +75,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-elbv2-integ/VPC/PublicSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -105,8 +105,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" } }, "RouteTableAssociation": { @@ -124,8 +124,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" } }, "DefaultRoute": { @@ -144,8 +144,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" } }, "EIP": { @@ -164,8 +164,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" } }, "NATGateway": { @@ -192,14 +192,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" } }, "PublicSubnet2": { @@ -242,16 +242,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-elbv2-integ/VPC/PublicSubnet2/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -272,8 +272,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" } }, "RouteTableAssociation": { @@ -291,8 +291,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" } }, "DefaultRoute": { @@ -311,8 +311,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" } }, "EIP": { @@ -331,8 +331,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" } }, "NATGateway": { @@ -359,14 +359,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" } }, "PrivateSubnet1": { @@ -409,16 +409,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-elbv2-integ/VPC/PrivateSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -439,8 +439,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" } }, "RouteTableAssociation": { @@ -458,8 +458,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" } }, "DefaultRoute": { @@ -478,14 +478,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" } }, "PrivateSubnet2": { @@ -528,16 +528,16 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-elbv2-integ/VPC/PrivateSubnet2/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -558,8 +558,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" } }, "RouteTableAssociation": { @@ -577,8 +577,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" } }, "DefaultRoute": { @@ -597,14 +597,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" } }, "IGW": { @@ -622,8 +622,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" } }, "VPCGW": { @@ -641,14 +641,57 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "SG": { + "id": "SG", + "path": "aws-cdk-elbv2-integ/SG", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-elbv2-integ/SG/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "aws-cdk-elbv2-integ/SG", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "securityGroupIngress": [ + { + "cidrIp": "0.0.0.0/0", + "ipProtocol": "tcp", + "fromPort": 443, + "toPort": 443, + "description": "allow https access from the world" + } + ], + "vpcId": { + "Ref": "VPCB9E5F0B4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" } }, "LB": { @@ -668,6 +711,14 @@ } ], "scheme": "internet-facing", + "securityGroups": [ + { + "Fn::GetAtt": [ + "SGADB53937", + "GroupId" + ] + } + ], "subnets": [ { "Ref": "VPCPublicSubnet1SubnetB4246D30" @@ -680,8 +731,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.CfnLoadBalancer", + "version": "0.0.0" } }, "Listener": { @@ -710,8 +761,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.CfnListener", + "version": "0.0.0" } }, "TargetGroup": { @@ -743,48 +794,48 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.CfnTargetGroup", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.NetworkTargetGroup", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.BaseListener", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.BaseLoadBalancer", + "version": "0.0.0" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-elbv2-integ/BootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "aws-cdk-elbv2-integ/CheckBootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" } }, "elbv2-integ": { @@ -800,7 +851,7 @@ "path": "elbv2-integ/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } }, "DeployAssert": { @@ -811,22 +862,22 @@ "id": "BootstrapVersion", "path": "elbv2-integ/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "elbv2-integ/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" } } }, @@ -846,13 +897,13 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.ts index 3b8aadf3b2747..c1e35de7915b1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.ts @@ -11,9 +11,13 @@ const vpc = new ec2.Vpc(stack, 'VPC', { maxAzs: 2, }); +const sg = new ec2.SecurityGroup(stack, 'SG', { vpc }); +sg.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(443), 'allow https access from the world'); + const lb = new elbv2.NetworkLoadBalancer(stack, 'LB', { vpc, internetFacing: true, + securityGroups: [sg], }); const listener = lb.addListener('Listener', { diff --git a/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES b/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES index 8a792ecf69c82..4fc8eaf268c73 100644 --- a/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES +++ b/packages/@aws-cdk/cli-lib-alpha/THIRD_PARTY_LICENSES @@ -1,6 +1,213 @@ The @aws-cdk/cli-lib-alpha package includes the following third-party software/licensing: -** @jsii/check-node@1.89.0 - https://www.npmjs.com/package/@jsii/check-node/v/1.89.0 | Apache-2.0 +** @cdklabs/tskb@0.0.3 - https://www.npmjs.com/package/@cdklabs/tskb/v/0.0.3 | Apache-2.0 + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + +---------------- + +** @jsii/check-node@1.91.0 - https://www.npmjs.com/package/@jsii/check-node/v/1.91.0 | Apache-2.0 jsii Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -229,7 +436,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI ---------------- -** async@3.2.4 - https://www.npmjs.com/package/async/v/3.2.4 | MIT +** async@3.2.5 - https://www.npmjs.com/package/async/v/3.2.5 | MIT Copyright (c) 2010-2018 Caolan McMahon Permission is hereby granted, free of charge, to any person obtaining a copy @@ -264,7 +471,7 @@ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH RE ---------------- -** aws-sdk@2.1466.0 - https://www.npmjs.com/package/aws-sdk/v/2.1466.0 | Apache-2.0 +** aws-sdk@2.1492.0 - https://www.npmjs.com/package/aws-sdk/v/2.1492.0 | Apache-2.0 AWS SDK for JavaScript Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -461,7 +668,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI ---------------- -** cdk-from-cfn@0.47.0 - https://www.npmjs.com/package/cdk-from-cfn/v/0.47.0 | MIT OR Apache-2.0 +** cdk-from-cfn@0.67.0 - https://www.npmjs.com/package/cdk-from-cfn/v/0.67.0 | MIT OR Apache-2.0 ---------------- @@ -867,7 +1074,29 @@ OTHER DEALINGS IN THE SOFTWARE. ---------------- -** data-uri-to-buffer@5.0.1 - https://www.npmjs.com/package/data-uri-to-buffer/v/5.0.1 | MIT +** data-uri-to-buffer@6.0.1 - https://www.npmjs.com/package/data-uri-to-buffer/v/6.0.1 | MIT +(The MIT License) + +Copyright (c) 2014 Nathan Rajlich + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +'Software'), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---------------- @@ -1283,7 +1512,29 @@ the licensed code: ---------------- -** get-uri@6.0.1 - https://www.npmjs.com/package/get-uri/v/6.0.1 | MIT +** get-uri@6.0.2 - https://www.npmjs.com/package/get-uri/v/6.0.2 | MIT +(The MIT License) + +Copyright (c) 2014 Nathan Rajlich + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +'Software'), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---------------- @@ -3158,7 +3409,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ---------------- -** universalify@2.0.0 - https://www.npmjs.com/package/universalify/v/2.0.0 | MIT +** universalify@2.0.1 - https://www.npmjs.com/package/universalify/v/2.0.1 | MIT (The MIT License) Copyright (c) 2017, Ryan Zimmerman diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md index fa8d644b26501..87dfc57b6be75 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md @@ -230,12 +230,14 @@ Balancers: ```ts declare const vpc: ec2.Vpc; declare const asg: autoscaling.AutoScalingGroup; +declare const sg: ec2.ISecurityGroup; // Create the load balancer in a VPC. 'internetFacing' is 'false' // by default, which creates an internal load balancer. const lb = new elbv2.NetworkLoadBalancer(this, 'LB', { vpc, - internetFacing: true + internetFacing: true, + securityGroups: [sg], }); // Add a listener on a particular port. diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-load-balancer.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-load-balancer.ts index ff512bc0e1613..e2bf04bf01237 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-load-balancer.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-load-balancer.ts @@ -19,6 +19,13 @@ export interface NetworkLoadBalancerProps extends BaseLoadBalancerProps { * @default false */ readonly crossZoneEnabled?: boolean; + + /** + * Security groups to associate with this load balancer + * + * @default - No security groups associated with the load balancer. + */ + readonly securityGroups?: ec2.ISecurityGroup[]; } /** @@ -51,6 +58,13 @@ export interface NetworkLoadBalancerAttributes { * balancers. */ readonly vpc?: ec2.IVpc; + + /** + * Security groups to associate with this load balancer + * + * @default - No security groups associated with the load balancer. + */ + readonly loadBalancerSecurityGroups?: string[]; } /** @@ -143,6 +157,7 @@ export class NetworkLoadBalancer extends BaseLoadBalancer implements INetworkLoa public readonly loadBalancerArn = attrs.loadBalancerArn; public readonly vpc?: ec2.IVpc = attrs.vpc; public readonly metrics: INetworkLoadBalancerMetrics = new NetworkLoadBalancerMetrics(this, parseLoadBalancerFullName(attrs.loadBalancerArn)); + public readonly securityGroups?: string[] = attrs.loadBalancerSecurityGroups; public addListener(lid: string, props: BaseNetworkListenerProps): NetworkListener { return new NetworkListener(this, lid, { @@ -168,13 +183,16 @@ export class NetworkLoadBalancer extends BaseLoadBalancer implements INetworkLoa } public readonly metrics: INetworkLoadBalancerMetrics; + public readonly securityGroups?: string[]; constructor(scope: Construct, id: string, props: NetworkLoadBalancerProps) { super(scope, id, props, { type: 'network', + securityGroups: props.securityGroups?.map(sg => sg.securityGroupId), }); this.metrics = new NetworkLoadBalancerMetrics(this, this.loadBalancerFullName); + this.securityGroups = props.securityGroups?.map(sg => sg.securityGroupId); if (props.crossZoneEnabled) { this.setAttribute('load_balancing.cross_zone.enabled', 'true'); } } @@ -395,6 +413,11 @@ export interface INetworkLoadBalancer extends ILoadBalancerV2, ec2.IVpcEndpointS */ readonly metrics: INetworkLoadBalancerMetrics; + /** + * Security groups associated with this load balancer + */ + readonly securityGroups?: string[]; + /** * Add a listener to this load balancer * @@ -409,6 +432,7 @@ class LookedUpNetworkLoadBalancer extends Resource implements INetworkLoadBalanc public readonly loadBalancerArn: string; public readonly vpc?: ec2.IVpc; public readonly metrics: INetworkLoadBalancerMetrics; + public readonly securityGroups?: string[]; constructor(scope: Construct, id: string, props: cxapi.LoadBalancerContextResponse) { super(scope, id, { environmentFromArn: props.loadBalancerArn }); @@ -417,6 +441,7 @@ class LookedUpNetworkLoadBalancer extends Resource implements INetworkLoadBalanc this.loadBalancerCanonicalHostedZoneId = props.loadBalancerCanonicalHostedZoneId; this.loadBalancerDnsName = props.loadBalancerDnsName; this.metrics = new NetworkLoadBalancerMetrics(this, parseLoadBalancerFullName(props.loadBalancerArn)); + this.securityGroups = props.securityGroupIds; this.vpc = ec2.Vpc.fromLookup(this, 'Vpc', { vpcId: props.vpcId, diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/load-balancer.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/load-balancer.test.ts index 6e8dcea8dc685..4ce08a8960542 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/load-balancer.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/load-balancer.test.ts @@ -653,6 +653,67 @@ describe('tests', () => { }); }); + test('Trivial construction: security groups', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const sg1 = new ec2.SecurityGroup(stack, 'SG1', { vpc }); + const sg2 = new ec2.SecurityGroup(stack, 'SG2', { vpc }); + + // WHEN + new elbv2.NetworkLoadBalancer(stack, 'LB', { + vpc, + internetFacing: true, + securityGroups: [sg1, sg2], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Scheme: 'internet-facing', + Subnets: [ + { Ref: 'StackPublicSubnet1Subnet0AD81D22' }, + { Ref: 'StackPublicSubnet2Subnet3C7D2288' }, + ], + SecurityGroups: [ + { + 'Fn::GetAtt': [ + stack.getLogicalId(sg1.node.findChild('Resource') as cdk.CfnElement), + 'GroupId', + ], + }, + { + 'Fn::GetAtt': [ + stack.getLogicalId(sg2.node.findChild('Resource') as cdk.CfnElement), + 'GroupId', + ], + }, + ], + Type: 'network', + }); + }); + + test('Trivial construction: no security groups', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + + // WHEN + new elbv2.NetworkLoadBalancer(stack, 'LB', { + vpc, + internetFacing: true, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Scheme: 'internet-facing', + Subnets: [ + { Ref: 'StackPublicSubnet1Subnet0AD81D22' }, + { Ref: 'StackPublicSubnet2Subnet3C7D2288' }, + ], + SecurityGroups: Match.absent(), + }); + }); + describe('lookup', () => { test('Can look up a NetworkLoadBalancer', () => { // GIVEN @@ -736,5 +797,37 @@ describe('tests', () => { LoadBalancer: 'network/my-load-balancer/50dc6c495c0c9188', }); }); + + test('can look up security groups', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + const sg = new ec2.SecurityGroup(stack, 'SG', { vpc }); + + // WHEN + const nlb = new elbv2.NetworkLoadBalancer(stack, 'LB', { + vpc, + internetFacing: true, + securityGroups: [sg], + }); + + // THEN + expect(nlb.securityGroups).toEqual([`${sg.securityGroupId}`]); + }); + + test('can look up with no security groups', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + + // WHEN + const nlb = new elbv2.NetworkLoadBalancer(stack, 'LB', { + vpc, + internetFacing: true, + }); + + // THEN + expect(nlb.securityGroups).toBeUndefined(); + }); }); }); diff --git a/packages/aws-cdk-lib/awslint.json b/packages/aws-cdk-lib/awslint.json index 14e70371a3c4a..f7a6975d787c3 100644 --- a/packages/aws-cdk-lib/awslint.json +++ b/packages/aws-cdk-lib/awslint.json @@ -340,6 +340,7 @@ "docs-public-apis:aws-cdk-lib.aws_elasticloadbalancing.LoadBalancer.loadBalancerSourceSecurityGroupOwnerAlias", "docs-public-apis:aws-cdk-lib.aws_elasticloadbalancing.LoadBalancer.addTarget", "docs-public-apis:aws-cdk-lib.aws_elasticloadbalancingv2.BaseLoadBalancer.loadBalancerSecurityGroups", + "docs-public-apis:aws-cdk-lib.aws_elasticloadbalancingv2.NetworkLoadBalancer.securityGroups", "docs-public-apis:aws-cdk-lib.aws_elasticloadbalancingv2.NetworkLoadBalancer.fromNetworkLoadBalancerAttributes", "docs-public-apis:aws-cdk-lib.aws_elasticloadbalancingv2_targets.InstanceTarget", "docs-public-apis:aws-cdk-lib.aws_elasticloadbalancingv2_targets.LambdaTarget",