feat(ec2): add support for vpc endpoints (#2104)

Add support for both gateway and interface VPC endpoints. Static members are exposed for all AWS service endpoints. As gateway endpoints reference route tables, they currently cannot be added to imported VPC networks. BREAKING CHANGE: * `vpc.selectSubnetIds(...)` has been replaced with `vpc.selectSubnets(...).subnetIds`.
aws · Apr 9, 2019 · bbb3f34 · bbb3f34
1 parent 1e8f938
commit bbb3f34
Show file tree

Hide file tree

Showing 18 changed files with 1,756 additions and 110 deletions.
diff --git a/packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts b/packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts
@@ -268,7 +268,7 @@ export class AutoScalingGroup extends cdk.Construct implements IAutoScalingGroup
       throw new Error(`Should have minCapacity (${minCapacity}) <= desiredCapacity (${desiredCapacity}) <= maxCapacity (${maxCapacity})`);
     }
 
-    const subnetIds = props.vpc.subnetIds(props.vpcSubnets);
+    const { subnetIds } = props.vpc.selectSubnets(props.vpcSubnets);
     const asgProps: CfnAutoScalingGroupProps = {
       cooldown: props.cooldownSeconds !== undefined ? `${props.cooldownSeconds}` : undefined,
       minSize: minCapacity.toString(),

diff --git a/packages/@aws-cdk/aws-codebuild/lib/project.ts b/packages/@aws-cdk/aws-codebuild/lib/project.ts
@@ -879,9 +879,6 @@ export class Project extends ProjectBase {
       });
       this._securityGroups = [securityGroup];
     }
-    const subnetSelection: ec2.SubnetSelection = props.subnetSelection ? props.subnetSelection : {
-      subnetType: ec2.SubnetType.Private
-    };
     this.addToRoleInlinePolicy(new iam.PolicyStatement()
       .addAllResources()
       .addActions(
@@ -904,7 +901,7 @@ export class Project extends ProjectBase {
       .addAction('ec2:CreateNetworkInterfacePermission'));
     return {
       vpcId: props.vpc.vpcId,
-      subnets: props.vpc.subnetIds(subnetSelection).map(s => s),
+      subnets: props.vpc.selectSubnets(props.subnetSelection).subnetIds,
       securityGroupIds: this._securityGroups.map(s => s.securityGroupId)
     };
   }

diff --git a/packages/@aws-cdk/aws-ec2/README.md b/packages/@aws-cdk/aws-ec2/README.md
@@ -399,3 +399,10 @@ const vpnConnection = vpc.addVpnConnection('Dynamic', {
 });
 const state = vpnConnection.metricTunnelState();
 ```
+
+### VPC endpoints
+A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
+
+Endpoints are virtual devices. They are horizontally scaled, redundant, and highly available VPC components that allow communication between instances in your VPC and services without imposing availability risks or bandwidth constraints on your network traffic.
+
+[example of setting up VPC endpoints](test/integ.vpc-endpoint.lit.ts)
diff --git a/packages/@aws-cdk/aws-ec2/lib/index.ts b/packages/@aws-cdk/aws-ec2/lib/index.ts
@@ -7,6 +7,7 @@ export * from './vpc';
 export * from './vpc-ref';
 export * from './vpc-network-provider';
 export * from './vpn';
+export * from './vpc-endpoint';
 
 // AWS::EC2 CloudFormation Resources:
 export * from './ec2.generated';