Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(ec2): Add tag support to security groups (#766)
Browse files Browse the repository at this point in the history
moofish32 committed Sep 26, 2018

Verified

This commit was signed with the committer’s verified signature. The key has expired.
moofish32 Mike Cowgill
1 parent 8606f8d commit fe9be9f
Showing 13 changed files with 182 additions and 120 deletions.
Original file line number Diff line number Diff line change
@@ -492,7 +492,7 @@ function renderRollingUpdateConfig(config: RollingUpdateConfiguration = {}): cdk

class TagManager extends cdk.TagManager {
protected tagFormatResolve(tagGroups: cdk.TagGroups): any {
const tags = {...tagGroups.nonSitckyTags, ...tagGroups.ancestorTags, ...tagGroups.stickyTags};
const tags = {...tagGroups.nonStickyTags, ...tagGroups.ancestorTags, ...tagGroups.stickyTags};
return Object.keys(tags).map( (key) => {
const propagateAtLaunch = !!tagGroups.propagateTags[key] || !!tagGroups.ancestorTags[key];
return {key, value: tags[key], propagateAtLaunch};
Original file line number Diff line number Diff line change
@@ -453,6 +453,12 @@
}
],
"SecurityGroupIngress": [],
"Tags": [
{
"Key": "Name",
"Value": "aws-cdk-ec2-integ/Fleet"
}
],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
@@ -583,6 +589,7 @@
"ToPort": 80
}
],
"Tags": [],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
Original file line number Diff line number Diff line change
@@ -319,6 +319,12 @@
}
],
"SecurityGroupIngress": [],
"Tags": [
{
"Key": "Name",
"Value": "aws-cdk-ec2-integ/Fleet"
}
],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
@@ -405,6 +411,13 @@
"LaunchConfigurationName": {
"Ref": "FleetLaunchConfig59F79D36"
},
"Tags": [
{
"Key": "Name",
"PropagateAtLaunch": true,
"Value": "aws-cdk-ec2-integ/Fleet"
}
],
"TargetGroupARNs": [
{
"Ref": "LBListenerTargetGroupF04FCF6D"
@@ -463,6 +476,7 @@
"ToPort": 80
}
],
"Tags": [],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
123 changes: 41 additions & 82 deletions packages/@aws-cdk/aws-autoscaling/test/test.auto-scaling-group.ts
Original file line number Diff line number Diff line change
@@ -19,28 +19,35 @@ export = {

expect(stack).toMatch({
"Resources": {
"MyFleetInstanceSecurityGroup774E8234": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "MyFleet/InstanceSecurityGroup",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Outbound traffic allowed by default",
"FromPort": -1,
"IpProtocol": "-1",
"ToPort": -1
"MyFleetInstanceSecurityGroup774E8234": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "MyFleet/InstanceSecurityGroup",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Outbound traffic allowed by default",
"FromPort": -1,
"IpProtocol": "-1",
"ToPort": -1
}
],
"SecurityGroupIngress": [],
"Tags": [
{
"Key": "Name",
"Value": "MyFleet"
}
],

"VpcId": "my-vpc"
}
],
"SecurityGroupIngress": [],
"VpcId": "my-vpc"
}
},
"MyFleetInstanceRole25A84AB8": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
},
"MyFleetInstanceRole25A84AB8": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
@@ -99,19 +106,19 @@ export = {
"LaunchConfigurationName": {
"Ref": "MyFleetLaunchConfig5D7F9801"
},
"LoadBalancerNames": [],
"Tags": [
{
"Key": "Name",
"PropagateAtLaunch": true,
"Value": "MyFleet"
}
],
"MaxSize": "1",
"MinSize": "1",
"VPCZoneIdentifier": [
"pri1"
]
"Tags": [
{
"Key": "Name",
"PropagateAtLaunch": true,
"Value": "MyFleet"
}
],

"MaxSize": "1",
"MinSize": "1",
"VPCZoneIdentifier": [
"pri1"
]
}
}
}
@@ -180,54 +187,6 @@ export = {
test.done();
},

'can configure rolling update'(test: Test) {
// GIVEN
const stack = new cdk.Stack(undefined, 'MyStack', { env: { region: 'us-east-1', account: '1234' }});
const vpc = mockVpc(stack);

// WHEN
new autoscaling.AutoScalingGroup(stack, 'MyFleet', {
{
"Ref": "MyFleetInstanceRole25A84AB8"
}
],
Version: "2012-10-17"
},
}));
test.done();
},

'can configure replacing update'(test: Test) {
// GIVEN
const stack = new cdk.Stack(undefined, 'MyStack', { env: { region: 'us-east-1', account: '1234' }});
const vpc = mockVpc(stack);

// WHEN
new autoscaling.AutoScalingGroup(stack, 'MyFleet', {
instanceType: new ec2.InstanceTypePair(ec2.InstanceClass.M4, ec2.InstanceSize.Micro),
machineImage: new ec2.AmazonLinuxImage(),
vpc,
updateType: autoscaling.UpdateType.ReplacingUpdate,
replacingUpdateMinSuccessfulInstancesPercent: 50
});

// THEN
expect(stack).to(haveResource("AWS::AutoScaling::AutoScalingGroup", {
UpdatePolicy: {
AutoScalingReplacingUpdate: {
WillReplace: true
}
},
CreationPolicy: {
AutoScalingCreationPolicy: {
MinSuccessfulInstancesPercent: 50
}
}
}, ResourcePart.CompleteDefinition));

test.done();
},

'can configure rolling update'(test: Test) {
// GIVEN
const stack = new cdk.Stack(undefined, 'MyStack', { env: { region: 'us-east-1', account: '1234' }});
16 changes: 14 additions & 2 deletions packages/@aws-cdk/aws-ec2/lib/security-group.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { Construct, Output, Token } from '@aws-cdk/cdk';
import { Construct, ITaggable, Output, TagManager, Tags, Token } from '@aws-cdk/cdk';
import { Connections, IConnectable } from './connections';
import { cloudformation } from './ec2.generated';
import { IPortRange, ISecurityGroupRule } from './security-group-rule';
@@ -106,6 +106,11 @@ export interface SecurityGroupProps {
*/
description?: string;

/**
* The AWS resource tags to associate with the security group.
*/
tags?: Tags;

/**
* The VPC in which to create the security group.
*/
@@ -119,7 +124,7 @@ export interface SecurityGroupProps {
* inline ingress and egress rule (which saves on the total number of resources inside
* the template).
*/
export class SecurityGroup extends SecurityGroupRef {
export class SecurityGroup extends SecurityGroupRef implements ITaggable {
/**
* An attribute that represents the security group name.
*/
@@ -135,20 +140,27 @@ export class SecurityGroup extends SecurityGroupRef {
*/
public readonly securityGroupId: string;

/**
* Manage tags for this construct and children
*/
public readonly tags: TagManager;

private readonly securityGroup: cloudformation.SecurityGroupResource;
private readonly directIngressRules: cloudformation.SecurityGroupResource.IngressProperty[] = [];
private readonly directEgressRules: cloudformation.SecurityGroupResource.EgressProperty[] = [];

constructor(parent: Construct, name: string, props: SecurityGroupProps) {
super(parent, name);

this.tags = new TagManager(this, { initialTags: props.tags});
const groupDescription = props.description || this.path;
this.securityGroup = new cloudformation.SecurityGroupResource(this, 'Resource', {
groupName: props.groupName,
groupDescription,
securityGroupIngress: new Token(() => this.directIngressRules),
securityGroupEgress: new Token(() => this.directEgressRules),
vpcId: props.vpc.vpcId,
tags: this.tags,
});

this.securityGroupId = this.securityGroup.securityGroupId;
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-ec2/lib/vpc.ts
Original file line number Diff line number Diff line change
@@ -468,7 +468,7 @@ export class VpcSubnet extends VpcSubnetRef implements cdk.ITaggable {

constructor(parent: cdk.Construct, name: string, props: VpcSubnetProps) {
super(parent, name);
this.tags = new cdk.TagManager(this, props.tags);
this.tags = new cdk.TagManager(this, {initialTags: props.tags});
this.tags.setTag(NAME_TAG, this.path, {overwrite: false});

this.availabilityZone = props.availabilityZone;
68 changes: 39 additions & 29 deletions packages/@aws-cdk/aws-ec2/test/test.vpc.ts
Original file line number Diff line number Diff line change
@@ -128,6 +128,10 @@ export = {
cidrMask: 24,
name: 'ingress',
subnetType: SubnetType.Public,
tags: {
type: 'Public',
init: 'No',
},
},
{
cidrMask: 24,
@@ -155,44 +159,50 @@ export = {
CidrBlock: `10.0.6.${i * 16}/28`
}));
}
expect(stack).to(haveResource("AWS::EC2::Subnet", hasTags(
[
{ Key: 'type', Value: 'Public'},
{ Key: 'init', Value: 'No'},
],
)));
test.done();
},
"with custom subents and natGateways = 2 there should be only two NATGW"(test: Test) {
const stack = getTestStack();
new VpcNetwork(stack, 'TheVPC', {
cidr: '10.0.0.0/21',
natGateways: 2,
subnetConfiguration: [
{
cidrMask: 24,
name: 'ingress',
subnetType: SubnetType.Public,
},
{
cidrMask: 24,
name: 'application',
subnetType: SubnetType.Private,
},
{
cidrMask: 28,
name: 'rds',
subnetType: SubnetType.Isolated,
}
],
maxAZs: 3
cidr: '10.0.0.0/21',
natGateways: 2,
subnetConfiguration: [
{
cidrMask: 24,
name: 'ingress',
subnetType: SubnetType.Public,
},
{
cidrMask: 24,
name: 'application',
subnetType: SubnetType.Private,
},
{
cidrMask: 28,
name: 'rds',
subnetType: SubnetType.Isolated,
}
],
maxAZs: 3
});
expect(stack).to(countResources("AWS::EC2::InternetGateway", 1));
expect(stack).to(countResources("AWS::EC2::NatGateway", 2));
expect(stack).to(countResources("AWS::EC2::Subnet", 9));
for (let i = 0; i < 6; i++) {
expect(stack).to(haveResource("AWS::EC2::Subnet", {
CidrBlock: `10.0.${i}.0/24`
}));
expect(stack).to(haveResource("AWS::EC2::Subnet", {
CidrBlock: `10.0.${i}.0/24`
}));
}
for (let i = 0; i < 3; i++) {
expect(stack).to(haveResource("AWS::EC2::Subnet", {
CidrBlock: `10.0.6.${i * 16}/28`
}));
expect(stack).to(haveResource("AWS::EC2::Subnet", {
CidrBlock: `10.0.6.${i * 16}/28`
}));
}
test.done();
},
@@ -229,9 +239,9 @@ export = {
expect(stack).to(countResources("AWS::EC2::Subnet", 4));
expect(stack).to(countResources("AWS::EC2::Route", 4));
for (let i = 0; i < 4; i++) {
expect(stack).to(haveResource("AWS::EC2::Subnet", {
CidrBlock: `10.0.${i * 64}.0/18`
}));
expect(stack).to(haveResource("AWS::EC2::Subnet", {
CidrBlock: `10.0.${i * 64}.0/18`
}));
}
expect(stack).to(haveResource("AWS::EC2::Route", {
DestinationCidrBlock: '0.0.0.0/0',
Original file line number Diff line number Diff line change
@@ -185,6 +185,7 @@
"ToPort": 80
}
],
"Tags": [],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
Original file line number Diff line number Diff line change
@@ -343,6 +343,7 @@
"ToPort": 80
}
],
"Tags": [],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
Original file line number Diff line number Diff line change
@@ -382,6 +382,7 @@
}
],
"SecurityGroupIngress": [],
"Tags": [],
"VpcId": {
"Ref": "VPCB9E5F0B4"
}
Loading

0 comments on commit fe9be9f

Please sign in to comment.