Removed client side validations and added/removed corresponding unit tests

AlexanderJangAMZN · AlexanderJangAMZN · commit d38592d27028 · 2025-04-14T11:28:01.000-07:00
diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
@@ -1032,7 +1032,10 @@ export class InterfaceVpcEndpoint extends VpcEndpoint implements IInterfaceVpcEn
       subnetIds,
       vpcId: props.vpc.vpcId,
       ipAddressType: props.ipAddressType,
-      dnsOptions: this.getDnsOptions(props),
+      dnsOptions: {
+        privateDnsOnlyForInboundResolverEndpoint: props.privateDnsOnlyForInboundResolverEndpoint,
+        dnsRecordIpType: props.dnsRecordIpType,
+      },
     });
 
     this.vpcEndpointId = endpoint.ref;
@@ -1041,48 +1044,6 @@ export class InterfaceVpcEndpoint extends VpcEndpoint implements IInterfaceVpcEn
     this.vpcEndpointNetworkInterfaceIds = endpoint.attrNetworkInterfaceIds;
   }
 
-  private getDnsOptions(props: InterfaceVpcEndpointProps): CfnVPCEndpoint.DnsOptionsSpecificationProperty | undefined {
-    if (!props.privateDnsEnabled && props.privateDnsOnlyForInboundResolverEndpoint !== undefined) {
-      throw new Error('Enable private DNS to set the private DNS only for inbound endpoints');
-    }
-
-    if (!props.ipAddressType && props.dnsRecordIpType !== undefined) {
-      throw new Error('Configure the ipAddressType to use in the VPC endpoint');
-    }
-
-    /**
-     * Checks to see if dnsRecordIpType and ipAddressType are compatible, throw error if not
-     * @see https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html#connect-to-endpoint-service
-     */
-    switch (props.dnsRecordIpType) {
-      case VpcEndpointDnsRecordIpType.IPV4:
-        if (props.ipAddressType === VpcEndpointIpAddressType.IPV6) {
-          throw new Error('Cannot create a VPC endpoint with ipAddressType of IPv6 with DNS Records for IPv4');
-        }
-        break;
-      case VpcEndpointDnsRecordIpType.IPV6:
-        if (props.ipAddressType === VpcEndpointIpAddressType.IPV4) {
-          throw new Error('Cannot create a VPC endpoint with ipAddressType of IPv4 with DNS Records for IPv6');
-        }
-        break;
-      case VpcEndpointDnsRecordIpType.DUALSTACK:
-        if (props.ipAddressType !== VpcEndpointIpAddressType.DUALSTACK) {
-          throw new Error('VPC endpoints with dualstack ipAddressType should set dnsRecordIpType to dualstack');
-        }
-        break;
-      case VpcEndpointDnsRecordIpType.SERVICE_DEFINED:
-        if (props.ipAddressType !== VpcEndpointIpAddressType.DUALSTACK) {
-          throw new Error('VPC endpoints with service defined configuration should set dnsRecordIpType to dualstack');
-        }
-        break;
-    }
-
-    return {
-      privateDnsOnlyForInboundResolverEndpoint: props.privateDnsOnlyForInboundResolverEndpoint,
-      dnsRecordIpType: props.dnsRecordIpType,
-    };
-  }
-
   /**
    * Determine which subnets to place the endpoint in. This is in its own function
    * because there's a lot of code.
diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
@@ -1,7 +1,7 @@
-import { Match, Template } from '../../assertions';
-import { AnyPrincipal, PolicyStatement } from '../../aws-iam';
+import {Match, Template} from '../../assertions';
+import {AnyPrincipal, PolicyStatement} from '../../aws-iam';
 import * as cxschema from '../../cloud-assembly-schema';
-import { ContextProvider, Fn, Stack } from '../../core';
+import {ContextProvider, Fn, Stack} from '../../core';
 // eslint-disable-next-line max-len
 import {
   GatewayVpcEndpoint,
@@ -13,7 +13,8 @@ import {
   SubnetFilter,
   SubnetType,
   Vpc,
-  VpcEndpointDnsRecordIpType, VpcEndpointIpAddressType,
+  VpcEndpointDnsRecordIpType,
+  VpcEndpointIpAddressType,
 } from '../lib';
 
 describe('vpc endpoint', () => {
@@ -180,91 +181,25 @@ describe('vpc endpoint', () => {
       });
     });
 
-    test('throws when adding dnsRecordIpType without private dns enabled', () => {
-      // GIVEN
-      const stack = new Stack();
-      const vpc = new Vpc(stack, 'VpcNetwork');
-
-      // WHEN
-      expect(() => {
-        vpc.addInterfaceEndpoint('EcrDocker', {
-          privateDnsEnabled: false,
-          service: InterfaceVpcEndpointAwsService.ECR_DOCKER,
-          dnsRecordIpType: VpcEndpointDnsRecordIpType.DUALSTACK,
-        });
-        // THEN
-      }).toThrow();
-    });
-
-    test('throws when adding dnsRecordIpType without ipAddressType', () => {
-      // GIVEN
-      const stack = new Stack();
-      const vpc = new Vpc(stack, 'VpcNetwork');
-
-      // WHEN
-      expect(() => {
-        vpc.addInterfaceEndpoint('EcrDocker', {
-          service: InterfaceVpcEndpointAwsService.ECR_DOCKER,
-          dnsRecordIpType: VpcEndpointDnsRecordIpType.DUALSTACK,
-        });
-        // THEN
-      }).toThrow();
-    });
-
-    test.each([
-      [VpcEndpointIpAddressType.IPV4, VpcEndpointDnsRecordIpType.IPV4],
-      [VpcEndpointIpAddressType.DUALSTACK, VpcEndpointDnsRecordIpType.IPV4],
-      [VpcEndpointIpAddressType.IPV6, VpcEndpointDnsRecordIpType.IPV6],
-      [VpcEndpointIpAddressType.DUALSTACK, VpcEndpointDnsRecordIpType.IPV6],
-      [VpcEndpointIpAddressType.DUALSTACK, VpcEndpointDnsRecordIpType.DUALSTACK],
-      [VpcEndpointIpAddressType.DUALSTACK, VpcEndpointDnsRecordIpType.SERVICE_DEFINED],
-    ])('add an endpoint to a vpc with various matching IP address types', (
-      ipAddressType: VpcEndpointIpAddressType,
-      dnsRecordIpType: VpcEndpointDnsRecordIpType) => {
+    test('check ipAddressType and dnsOptions are present when specified', () => {
       // GIVEN
       const stack = new Stack();
       const vpc = new Vpc(stack, 'VpcNetwork');
 
       // WHEN
       vpc.addInterfaceEndpoint('EcrDocker', {
         service: InterfaceVpcEndpointAwsService.ECR_DOCKER,
-        ipAddressType: ipAddressType,
-        dnsRecordIpType: dnsRecordIpType,
+        ipAddressType: VpcEndpointIpAddressType.DUALSTACK,
+        dnsRecordIpType: VpcEndpointDnsRecordIpType.DUALSTACK,
       });
 
       // THEN
       Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpoint', {
-        IpAddressType: ipAddressType,
-        DnsOptions: { DnsRecordIpType: dnsRecordIpType },
+        IpAddressType: VpcEndpointIpAddressType.DUALSTACK,
+        DnsOptions: { DnsRecordIpType: VpcEndpointDnsRecordIpType.DUALSTACK },
       });
     });
 
-    test.each([
-      [VpcEndpointIpAddressType.IPV6, VpcEndpointDnsRecordIpType.IPV4],
-      [VpcEndpointIpAddressType.IPV4, VpcEndpointDnsRecordIpType.IPV6],
-      [VpcEndpointIpAddressType.IPV4, VpcEndpointDnsRecordIpType.DUALSTACK],
-      [VpcEndpointIpAddressType.IPV6, VpcEndpointDnsRecordIpType.DUALSTACK],
-      [VpcEndpointIpAddressType.IPV4, VpcEndpointDnsRecordIpType.SERVICE_DEFINED],
-      [VpcEndpointIpAddressType.IPV6, VpcEndpointDnsRecordIpType.SERVICE_DEFINED],
-    ])('add an endpoint to a vpc with mismatched ipAddressType and dnsRecordIpType, which throws error', (
-      ipAddressType: VpcEndpointIpAddressType,
-      dnsRecordIpType: VpcEndpointDnsRecordIpType,
-    ) => {
-      // GIVEN
-      const stack = new Stack();
-      const vpc = new Vpc(stack, 'VpcNetwork');
-
-      // WHEN
-      expect(() => {
-        vpc.addInterfaceEndpoint('EcrDocker', {
-          service: InterfaceVpcEndpointAwsService.ECR_DOCKER,
-          ipAddressType: ipAddressType,
-          dnsRecordIpType: dnsRecordIpType,
-        });
-        // THEN
-      }).toThrow();
-    });
-
     test('import/export', () => {
       // GIVEN
       const stack2 = new Stack();
