Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(route53): Vpc endpoint service private dns #10780

Merged
merged 49 commits into from
Dec 17, 2020
Merged

feat(route53): Vpc endpoint service private dns #10780

merged 49 commits into from
Dec 17, 2020

Conversation

flemjame-at-amazon
Copy link
Contributor

https://aws.amazon.com/premiumsupport/knowledge-center/vpc-private-dns-name-endpoint-service/
https://docs.aws.amazon.com/vpc/latest/userguide/verify-domains.html

AWS added the ability to specify a custom DNS name for an endpoint service earlier this year. It makes it so your clients don't have to create aliases for an InterfaceVpcEndpoint when they connect to your service. This reduces undifferentiated lifting done by clients. This PR creates a construct that will set up the custom DNS.

stack = new Stack();
vpc = new Vpc(stack, 'VPC');
nlb = new NetworkLoadBalancer(stack, 'NLB', {
  vpc,
});
vpces = new VpcEndpointService(stack, 'VPCES', {
  vpcEndpointServiceLoadBalancers: [nlb],
});
// You must use a public hosted zone so domain ownership can be verified
zone = new PublicHostedZone(stack, 'PHZ', {
  zoneName: 'aws-cdk.dev',
});
new VpcEndpointServiceDomainName(stack, 'EndpointDomain', {
  endpointService: vpces,
  domainName: 'my-stuff.aws-cdk.dev',
  publicZone: zone,
});

Original design ticket: #10580

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@flemjame-at-amazon
Copy link
Contributor Author

rix0rrr opined this should be in the route53 module - #10580

@flemjame-at-amazon
Copy link
Contributor Author

Any update on this @rix0rrr @shivlaks ?

@gitpod-io
Copy link

gitpod-io bot commented Oct 21, 2020
edited
Loading

shivlaks
shivlaks previously requested changes Oct 21, 2020
View reviewed changes
Copy link
Contributor

@shivlaks shivlaks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@flemjame-at-amazon took a first pass, take a look at the suggestions/feedback and let me know what you think!

  • what's the added newFile.ts in aws-route53-patterns - can that be removed?
  • an integration test needs to be added for VpcEndpointServiceDomainName

packages/@aws-cdk/aws-route53-patterns/README.md Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-route53-patterns/lib/vpc-endpoint-service-domain-name.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-route53-patterns/lib/vpc-endpoint-service-domain-name.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-route53-patterns/test/vpc-endpoint-service-domain-name.test.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-ec2/README.md Show resolved Hide resolved
packages/@aws-cdk/aws-route53-patterns/lib/vpc-endpoint-service-domain-name.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-route53-patterns/lib/vpc-endpoint-service-domain-name.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-route53-patterns/lib/vpc-endpoint-service-domain-name.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-route53-patterns/lib/vpc-endpoint-service-domain-name.ts Outdated Show resolved Hide resolved
packages/@aws-cdk/aws-route53-patterns/lib/vpc-endpoint-service-domain-name.ts Outdated Show resolved Hide resolved
@flemjame-at-amazon
Copy link
Contributor Author

flemjame-at-amazon commented Oct 21, 2020
edited
Loading

@shivlaks

* what's the added `newFile.ts` in `aws-route53-patterns` - can that be removed?

I'm not sure how that got in, must have misclicked - yes it will be removed.

* an integration test needs to be added for `VpcEndpointServiceDomainName`

Can you elaborate on what an integration test is? Do you mean an integ.vpc-endpoint-service-domain-name.test.ts coupled with an integ.expected.json ?

@flemjame-at-amazon
Remove elbv2 as a dependency by mocking out the lb in unit testing, a…
46b4360 
…nd remove file accidentally created and added
@mergify mergify bot dismissed shivlaks’s stale review October 21, 2020 18:31

Pull request has been modified.

@shivlaks
Copy link
Contributor

@flemjame-at-amazon

Can you elaborate on what an integration test is? Do you mean an integ.vpc-endpoint-service-domain-name.test.ts coupled with an integ.expected.json ?

Yes, running the integ test by yarn integ or npm run integ would deploy all the integration tests in a module.

yarn integ.test-name.js would deploy a specific test. A successful deployment will automatically create the .generated file. You should not need to add this manually.

@flemjame-at-amazon
Copy link
Contributor Author

@shivlaks @rix0rrr any update on this?

@shivlaks shivlaks added the pr/do-not-merge This PR should not be merged at this time. label Dec 1, 2020
shivlaks
shivlaks previously approved these changes Dec 1, 2020
View reviewed changes
Copy link
Contributor

@shivlaks shivlaks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@flemjame-at-amazon looks good to me! added the do-not-merge so @rix0rrr can also have one final look.

@mergify mergify bot dismissed shivlaks’s stale review December 8, 2020 14:32

Pull request has been modified.

@flemjame-at-amazon
Update README.md
c99da4d 
Linting rule: Fenced code blocks should be surrounded by blank lines
@flemjame-at-amazon
Copy link
Contributor Author

@shivlaks do you know what's happening with this?

@shivlaks
Copy link
Contributor

@shivlaks do you know what's happening with this?

checking on it, hoping to get it merged ahead of the next release

@shivlaks shivlaks removed the pr/do-not-merge This PR should not be merged at this time. label Dec 15, 2020
@shivlaks
Copy link
Contributor

dropping the do-not-merge as I verified with @rix0rrr that we can move forward with this change

@mergify
Copy link
Contributor

mergify bot commented Dec 17, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify
Copy link
Contributor

mergify bot commented Dec 17, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 8f6f9a8 into aws:master Dec 17, 2020
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: b56d705
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

flochaz pushed a commit to flochaz/aws-cdk that referenced this pull request Jan 5, 2021
@flemjame-at-amazon @flochaz
feat(route53): Vpc endpoint service private dns (aws#10780)
f5493dc 
https://aws.amazon.com/premiumsupport/knowledge-center/vpc-private-dns-name-endpoint-service/
https://docs.aws.amazon.com/vpc/latest/userguide/verify-domains.html

AWS added the ability to specify a custom DNS name for an endpoint service earlier this year. It makes it so your clients don't have to create aliases for an InterfaceVpcEndpoint when they connect to your service. This reduces undifferentiated lifting done by clients. This PR creates a construct that will set up the custom DNS.

```ts
stack = new Stack();
vpc = new Vpc(stack, 'VPC');
nlb = new NetworkLoadBalancer(stack, 'NLB', {
  vpc,
});
vpces = new VpcEndpointService(stack, 'VPCES', {
  vpcEndpointServiceLoadBalancers: [nlb],
});
// You must use a public hosted zone so domain ownership can be verified
zone = new PublicHostedZone(stack, 'PHZ', {
  zoneName: 'aws-cdk.dev',
});
new VpcEndpointServiceDomainName(stack, 'EndpointDomain', {
  endpointService: vpces,
  domainName: 'my-stuff.aws-cdk.dev',
  publicZone: zone,
});
```

Original design ticket: aws#10580

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
ravitejasomisetty
ravitejasomisetty reviewed Mar 16, 2021
View reviewed changes
packages/@aws-cdk/aws-route53/README.md
vpcEndpointServiceLoadBalancers: [nlb],
});
// You must use a public hosted zone so domain ownership can be verified
zone = new PublicHostedZone(stack, 'PHZ', {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be even better if we can import a hosted zone from different account by providing IAM access. DNS delegation may have been set up in a central account.

@flemjame-at-amazon flemjame-at-amazon mentioned this pull request Jul 21, 2021
Closed
5 tasks
@flemjame-at-amazon flemjame-at-amazon deleted the vpc-endpoint-service-private-dns branch July 29, 2021 17:20
@MrArnoldPalmer MrArnoldPalmer mentioned this pull request Jan 25, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ravitejasomisetty ravitejasomisetty ravitejasomisetty left review comments

@shivlaks shivlaks shivlaks approved these changes

@rix0rrr rix0rrr Awaiting requested review from rix0rrr

Assignees

@shivlaks shivlaks

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@flemjame-at-amazon @shivlaks @aws-cdk-automation @rix0rrr @ravitejasomisetty