diff --git a/packages/@aws-cdk/aws-route53resolver-alpha/README.md b/packages/@aws-cdk/aws-route53resolver-alpha/README.md index a618804d1a403..1c9b7b5af9b9e 100644 --- a/packages/@aws-cdk/aws-route53resolver-alpha/README.md +++ b/packages/@aws-cdk/aws-route53resolver-alpha/README.md @@ -114,3 +114,21 @@ ruleGroup.associate('Association', { vpc: myVpc, }) ``` + +### Importing an existing Firewall Rule Group + +You can import an existing firewall rule group either by ID or by name. + +To import by ID: + +```ts +const existingRuleGroup = route53resolver.FirewallRuleGroup.fromFirewallRuleGroupId(this, 'ImportedRuleGroup', 'fwr-123456'); +``` + +To import by name: + +```ts +const existingRuleGroupByName = route53resolver.FirewallRuleGroup.fromFirewallRuleGroupName(this, 'ImportedRuleGroup', 'MyFirewallRuleGroup'); +``` + +The firewall rule group name should be available in the CDK context under firewallRuleGroups mapping. diff --git a/packages/@aws-cdk/aws-route53resolver-alpha/lib/firewall-rule-group.ts b/packages/@aws-cdk/aws-route53resolver-alpha/lib/firewall-rule-group.ts index 33645260fb6d4..c3efc406e3c24 100644 --- a/packages/@aws-cdk/aws-route53resolver-alpha/lib/firewall-rule-group.ts +++ b/packages/@aws-cdk/aws-route53resolver-alpha/lib/firewall-rule-group.ts @@ -15,6 +15,13 @@ export interface IFirewallRuleGroup extends IResource { * @attribute */ readonly firewallRuleGroupId: string; + + /** + * The name of the rule group + * + * @attribute + */ + readonly firewallRuleGroupName?: string; } /** @@ -156,7 +163,7 @@ export abstract class DnsBlockResponse { */ export class FirewallRuleGroup extends Resource implements IFirewallRuleGroup { /** - * Import an existing Firewall Rule Group + * Import an existing Firewall Rule Group by ID */ public static fromFirewallRuleGroupId(scope: Construct, id: string, firewallRuleGroupId: string): IFirewallRuleGroup { class Import extends Resource implements IFirewallRuleGroup { @@ -165,8 +172,29 @@ export class FirewallRuleGroup extends Resource implements IFirewallRuleGroup { return new Import(scope, id); } + /** + * Import an existing Firewall Rule Group by Name + */ + public static fromFirewallRuleGroupName(scope: Construct, id: string, firewallRuleGroupName: string): IFirewallRuleGroup { + const firewallRuleGroups: { [name: string]: string } = scope.node.tryGetContext('firewallRuleGroups') || {}; + const firewallRuleGroupId = firewallRuleGroups[firewallRuleGroupName]; + + if (!firewallRuleGroupId) { + throw new Error(`Firewall Rule Group with name "${firewallRuleGroupName}" not found in context.`); + } + + class Import extends Resource implements IFirewallRuleGroup { + public readonly firewallRuleGroupId = firewallRuleGroupId; + public readonly firewallRuleGroupName = firewallRuleGroupName; + } + + return new Import(scope, id); + } + public readonly firewallRuleGroupId: string; + public readonly firewallRuleGroupName?: string; + /** * The ARN (Amazon Resource Name) of the rule group * @attribute @@ -231,6 +259,9 @@ export class FirewallRuleGroup extends Resource implements IFirewallRuleGroup { this.rules = props.rules ?? []; + // Store the name of the rule group + this.firewallRuleGroupName = props.name; + const ruleGroup = new CfnFirewallRuleGroup(this, 'Resource', { name: props.name, firewallRules: Lazy.any({ produce: () => this.rules.map(renderRule) }), diff --git a/packages/@aws-cdk/aws-route53resolver-alpha/test/firewall-rule-group.test.ts b/packages/@aws-cdk/aws-route53resolver-alpha/test/firewall-rule-group.test.ts index 12bfab2aea828..522ca0048219f 100644 --- a/packages/@aws-cdk/aws-route53resolver-alpha/test/firewall-rule-group.test.ts +++ b/packages/@aws-cdk/aws-route53resolver-alpha/test/firewall-rule-group.test.ts @@ -135,3 +135,24 @@ test('throws when associating with a priority not between 100-9,000', () => { vpc, })).toThrow(/Priority must be greater than 100 and less than 9000/); }); + +test('fromFirewallRuleGroupName return correct imported resource when mapping provided', () => { + const stackWithContext = new Stack(); + stackWithContext.node.setContext('firewallRuleGroups', { + TestGroup: 'fwr-123456', + }); + + const importedGroup = FirewallRuleGroup.fromFirewallRuleGroupName(stackWithContext, 'ImportedGroup', 'TestGroup'); + + expect(importedGroup.firewallRuleGroupId).toEqual('fwr-123456'); + expect(importedGroup.firewallRuleGroupName).toEqual('TestGroup'); +}); + +test('fromFirewallRuleGroupName throws an error when the name is not in context', () => { + const stackWithoutMapping = new Stack(); + stackWithoutMapping.node.setContext('firewallRuleGroups', {}); + + expect(() => { + FirewallRuleGroup.fromFirewallRuleGroupName(stackWithoutMapping, 'ImportedGroup', 'NonExistentGroup'); + }).toThrow(/Firewall Rule Group with name "NonExistentGroup" not found in context./); +}); diff --git a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/cdk-route53-resolver-firewall.assets.json b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/cdk-route53-resolver-firewall.assets.json index bcceb3b1d4ac7..9a766ca2ed6cb 100644 --- a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/cdk-route53-resolver-firewall.assets.json +++ b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/cdk-route53-resolver-firewall.assets.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "40.0.0", "files": { "e820b3f07bf66854be0dfd6f3ec357a10d644f2011069e5ad07d42f4f89ed35a": { "source": { @@ -14,7 +14,7 @@ } } }, - "e4d564e2e1e1df6b0fbf0d36e4b706373e62d2e210d50c24ffe00ea80be1fabd": { + "31311aafb98618b73756cfef214fb713592fc0aef5bfc23ebb22b119b76ed13c": { "source": { "path": "cdk-route53-resolver-firewall.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e4d564e2e1e1df6b0fbf0d36e4b706373e62d2e210d50c24ffe00ea80be1fabd.json", + "objectKey": "31311aafb98618b73756cfef214fb713592fc0aef5bfc23ebb22b119b76ed13c.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/cdk-route53-resolver-firewall.template.json b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/cdk-route53-resolver-firewall.template.json index bf6728a9e30a3..c2a6d9a1e4ce6 100644 --- a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/cdk-route53-resolver-firewall.template.json +++ b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/cdk-route53-resolver-firewall.template.json @@ -18,9 +18,6 @@ "VpcPublicSubnet1Subnet5C2D37C4": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -44,21 +41,24 @@ "Key": "Name", "Value": "cdk-route53-resolver-firewall/Vpc/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet1RouteTable6C95E38E": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "cdk-route53-resolver-firewall/Vpc/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPublicSubnet1RouteTableAssociation97140677": { @@ -75,12 +75,12 @@ "VpcPublicSubnet1DefaultRoute3DA9E72A": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" } }, "DependsOn": [ @@ -102,15 +102,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "Tags": [ { "Key": "Name", @@ -126,9 +126,6 @@ "VpcPrivateSubnet1Subnet536B997A": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -152,21 +149,24 @@ "Key": "Name", "Value": "cdk-route53-resolver-firewall/Vpc/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet1RouteTableB2C5B500": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "Tags": [ { "Key": "Name", "Value": "cdk-route53-resolver-firewall/Vpc/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } } }, "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { @@ -183,12 +183,12 @@ "VpcPrivateSubnet1DefaultRouteBE02A9ED": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" - }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" } } }, @@ -206,11 +206,11 @@ "VpcVPCGWBF912B6E": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { - "VpcId": { - "Ref": "Vpc8378EB38" - }, "InternetGatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" } } }, @@ -287,6 +287,11 @@ } } }, + "Outputs": { + "ImportedRuleGroupIdOutput": { + "Value": "fwr-12345678" + } + }, "Parameters": { "BootstrapVersion": { "Type": "AWS::SSM::Parameter::Value", diff --git a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/cdk.out b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/cdk.out index 588d7b269d34f..1e02a2deb191b 100644 --- a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"40.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/integ.json b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/integ.json index 5838104a1c522..0b89709511355 100644 --- a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "40.0.0", "testCases": { "integ.firewall": { "stacks": [ diff --git a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/manifest.json b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/manifest.json index 7d6ec2cdb6181..9ef6ef0653a1d 100644 --- a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/manifest.json @@ -1,12 +1,6 @@ { - "version": "20.0.0", + "version": "40.0.0", "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, "cdk-route53-resolver-firewall.assets": { "type": "cdk:asset-manifest", "properties": { @@ -20,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "cdk-route53-resolver-firewall.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e4d564e2e1e1df6b0fbf0d36e4b706373e62d2e210d50c24ffe00ea80be1fabd.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/31311aafb98618b73756cfef214fb713592fc0aef5bfc23ebb22b119b76ed13c.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -39,12 +34,57 @@ "cdk-route53-resolver-firewall.assets" ], "metadata": { + "/cdk-route53-resolver-firewall/Vpc": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "maxAzs": "*", + "restrictDefaultSecurityGroup": false + } + } + ], "/cdk-route53-resolver-firewall/Vpc/Resource": [ { "type": "aws:cdk:logicalId", "data": "Vpc8378EB38" } ], + "/cdk-route53-resolver-firewall/Vpc/PublicSubnet1": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": true, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + } + }, + { + "type": "aws:cdk:analytics:construct", + "data": { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": true, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + } + }, + { + "type": "aws:cdk:analytics:method", + "data": {} + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addNatGateway": [ + "*" + ] + } + } + ], "/cdk-route53-resolver-firewall/Vpc/PublicSubnet1/Subnet": [ { "type": "aws:cdk:logicalId", @@ -81,6 +121,34 @@ "data": "VpcPublicSubnet1NATGateway4D7517AA" } ], + "/cdk-route53-resolver-firewall/Vpc/PrivateSubnet1": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": false, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + } + }, + { + "type": "aws:cdk:analytics:construct", + "data": { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": false, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + } + }, + { + "type": "aws:cdk:analytics:method", + "data": {} + } + ], "/cdk-route53-resolver-firewall/Vpc/PrivateSubnet1/Subnet": [ { "type": "aws:cdk:logicalId", @@ -117,36 +185,84 @@ "data": "VpcVPCGWBF912B6E" } ], + "/cdk-route53-resolver-firewall/BlockList": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], "/cdk-route53-resolver-firewall/BlockList/Resource": [ { "type": "aws:cdk:logicalId", "data": "BlockListC03D0423" } ], + "/cdk-route53-resolver-firewall/OverrideList": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], "/cdk-route53-resolver-firewall/OverrideList/Resource": [ { "type": "aws:cdk:logicalId", "data": "OverrideListF573FB0F" } ], + "/cdk-route53-resolver-firewall/OtherList": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], "/cdk-route53-resolver-firewall/OtherList/Resource": [ { "type": "aws:cdk:logicalId", "data": "OtherListBA4427B5" } ], + "/cdk-route53-resolver-firewall/RuleGroup": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + }, + { + "type": "aws:cdk:analytics:method", + "data": "*" + }, + { + "type": "aws:cdk:analytics:method", + "data": "*" + }, + { + "type": "aws:cdk:analytics:method", + "data": "*" + } + ], "/cdk-route53-resolver-firewall/RuleGroup/Resource": [ { "type": "aws:cdk:logicalId", "data": "RuleGroup06BA8844" } ], + "/cdk-route53-resolver-firewall/RuleGroup/Association": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], "/cdk-route53-resolver-firewall/RuleGroup/Association/Resource": [ { "type": "aws:cdk:logicalId", "data": "RuleGroupAssociation5494BFB1" } ], + "/cdk-route53-resolver-firewall/ImportedRuleGroupIdOutput": [ + { + "type": "aws:cdk:logicalId", + "data": "ImportedRuleGroupIdOutput" + } + ], "/cdk-route53-resolver-firewall/BootstrapVersion": [ { "type": "aws:cdk:logicalId", @@ -161,6 +277,12 @@ ] }, "displayName": "cdk-route53-resolver-firewall" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/tree.json b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/tree.json index 371cedf355518..4e09617e6ccb4 100644 --- a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.js.snapshot/tree.json @@ -4,14 +4,6 @@ "id": "App", "path": "", "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, "cdk-route53-resolver-firewall": { "id": "cdk-route53-resolver-firewall", "path": "cdk-route53-resolver-firewall", @@ -39,7 +31,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnVPC", + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", "version": "0.0.0" } }, @@ -53,9 +45,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 0, @@ -79,11 +68,14 @@ "key": "Name", "value": "cdk-route53-resolver-firewall/Vpc/PublicSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", "version": "0.0.0" } }, @@ -91,8 +83,9 @@ "id": "Acl", "path": "cdk-route53-resolver-firewall/Vpc/PublicSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [] } }, "RouteTable": { @@ -101,19 +94,19 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "cdk-route53-resolver-firewall/Vpc/PublicSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", "version": "0.0.0" } }, @@ -132,7 +125,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", "version": "0.0.0" } }, @@ -142,17 +135,17 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E" - }, "destinationCidrBlock": "0.0.0.0/0", "gatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", "version": "0.0.0" } }, @@ -172,7 +165,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnEIP", + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", "version": "0.0.0" } }, @@ -182,15 +175,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", "aws:cdk:cloudformation:props": { - "subnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "allocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "tags": [ { "key": "Name", @@ -200,14 +193,38 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnNatGateway", + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0", + "metadata": [ + { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": true, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + }, + { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": true, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + }, + {}, + { + "addNatGateway": [ + "*" + ] + } + ] } }, "PrivateSubnet1": { @@ -220,9 +237,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "availabilityZone": { "Fn::Select": [ 0, @@ -246,11 +260,14 @@ "key": "Name", "value": "cdk-route53-resolver-firewall/Vpc/PrivateSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", "version": "0.0.0" } }, @@ -258,8 +275,9 @@ "id": "Acl", "path": "cdk-route53-resolver-firewall/Vpc/PrivateSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [] } }, "RouteTable": { @@ -268,19 +286,19 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "tags": [ { "key": "Name", "value": "cdk-route53-resolver-firewall/Vpc/PrivateSubnet1" } - ] + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", "version": "0.0.0" } }, @@ -299,7 +317,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", "version": "0.0.0" } }, @@ -309,24 +327,43 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" - }, "destinationCidrBlock": "0.0.0.0/0", "natGatewayId": { "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0", + "metadata": [ + { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": false, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + }, + { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": false, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + }, + {} + ] } }, "IGW": { @@ -344,7 +381,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnInternetGateway", + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", "version": "0.0.0" } }, @@ -354,23 +391,29 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "Vpc8378EB38" - }, "internetGatewayId": { "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnVPCGatewayAttachment", + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.Vpc", - "version": "0.0.0" + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0", + "metadata": [ + { + "maxAzs": "*", + "restrictDefaultSecurityGroup": false + } + ] } }, "BlockList": { @@ -390,14 +433,17 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-route53resolver.CfnFirewallDomainList", + "fqn": "aws-cdk-lib.aws_route53resolver.CfnFirewallDomainList", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-route53resolver.FirewallDomainList", - "version": "0.0.0" + "fqn": "@aws-cdk/aws-route53resolver-alpha.FirewallDomainList", + "version": "0.0.0", + "metadata": [ + "*" + ] } }, "OverrideList": { @@ -416,14 +462,17 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-route53resolver.CfnFirewallDomainList", + "fqn": "aws-cdk-lib.aws_route53resolver.CfnFirewallDomainList", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-route53resolver.FirewallDomainList", - "version": "0.0.0" + "fqn": "@aws-cdk/aws-route53resolver-alpha.FirewallDomainList", + "version": "0.0.0", + "metadata": [ + "*" + ] } }, "OtherList": { @@ -438,21 +487,22 @@ "id": "Stage", "path": "cdk-route53-resolver-firewall/OtherList/Domains/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { "id": "AssetBucket", "path": "cdk-route53-resolver-firewall/OtherList/Domains/AssetBucket", "constructInfo": { - "fqn": "@aws-cdk/aws-s3.BucketBase", - "version": "0.0.0" + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0", + "metadata": [] } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3-assets.Asset", + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", "version": "0.0.0" } }, @@ -468,14 +518,17 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-route53resolver.CfnFirewallDomainList", + "fqn": "aws-cdk-lib.aws_route53resolver.CfnFirewallDomainList", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-route53resolver.FirewallDomainList", - "version": "0.0.0" + "fqn": "@aws-cdk/aws-route53resolver-alpha.FirewallDomainList", + "version": "0.0.0", + "metadata": [ + "*" + ] } }, "RuleGroup": { @@ -518,7 +571,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-route53resolver.CfnFirewallRuleGroup", + "fqn": "aws-cdk-lib.aws_route53resolver.CfnFirewallRuleGroup", "version": "0.0.0" } }, @@ -545,32 +598,82 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-route53resolver.CfnFirewallRuleGroupAssociation", + "fqn": "aws-cdk-lib.aws_route53resolver.CfnFirewallRuleGroupAssociation", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-route53resolver.FirewallRuleGroupAssociation", - "version": "0.0.0" + "fqn": "@aws-cdk/aws-route53resolver-alpha.FirewallRuleGroupAssociation", + "version": "0.0.0", + "metadata": [ + "*" + ] } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-route53resolver.FirewallRuleGroup", + "fqn": "@aws-cdk/aws-route53resolver-alpha.FirewallRuleGroup", + "version": "0.0.0", + "metadata": [ + "*", + "*", + "*", + "*" + ] + } + }, + "ImportedRuleGroup": { + "id": "ImportedRuleGroup", + "path": "cdk-route53-resolver-firewall/ImportedRuleGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [] + } + }, + "ImportedRuleGroupIdOutput": { + "id": "ImportedRuleGroupIdOutput", + "path": "cdk-route53-resolver-firewall/ImportedRuleGroupIdOutput", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cdk-route53-resolver-firewall/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cdk-route53-resolver-firewall/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.4.2" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.ts b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.ts index 790c4586ab107..38e6a34c797a6 100644 --- a/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.ts +++ b/packages/@aws-cdk/aws-route53resolver-alpha/test/integ.firewall.ts @@ -1,6 +1,6 @@ import * as path from 'path'; import { Vpc } from 'aws-cdk-lib/aws-ec2'; -import { App, Stack, StackProps } from 'aws-cdk-lib'; +import { App, Stack, StackProps, CfnOutput } from 'aws-cdk-lib'; import { Construct } from 'constructs'; import * as route53resolver from '../lib'; @@ -8,6 +8,10 @@ class TestStack extends Stack { constructor(scope: Construct, id: string, props?: StackProps) { super(scope, id, props); + this.node.setContext('firewallRuleGroups', { + TestRuleGroup: 'fwr-12345678', + }); + const vpc = new Vpc(this, 'Vpc', { maxAzs: 1, restrictDefaultSecurityGroup: false }); const blockList = new route53resolver.FirewallDomainList(this, 'BlockList', { @@ -38,6 +42,16 @@ class TestStack extends Stack { priority: 101, vpc, }); + + const importedRuleGroup = route53resolver.FirewallRuleGroup.fromFirewallRuleGroupName( + this, + 'ImportedRuleGroup', + 'TestRuleGroup', + ); + + new CfnOutput(this, 'ImportedRuleGroupIdOutput', { + value: importedRuleGroup.firewallRuleGroupId, + }); } }