Skip to content

Commit

Permalink
Recovered changes from release 1.0.10 on npm (#13)
Browse files Browse the repository at this point in the history
  • Loading branch information
@plumdog
plumdog authored Nov 1, 2022
1 parent 59a8da9 commit 16920db
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 15 deletions.
7 changes: 0 additions & 7 deletions index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,13 +43,11 @@ export class AllowConnectionsToECSServiceFromNetworkLoadBalancerProvider extends
export class AllowConnectionsToECSServiceFromNetworkLoadBalancerProps {
readonly service: ecs.Ec2Service;
readonly loadBalancer: elbv2.NetworkLoadBalancer;
readonly port: number;
}

export class AllowConnectionsToECSServiceFromNetworkLoadBalancer extends cdk.Construct {
public readonly service: ecs.Ec2Service;
public readonly loadBalancer: elbv2.NetworkLoadBalancer;
public readonly port: number;
private resource: cfn.CustomResource;

constructor(scope: cdk.Construct, id: string, props: AllowConnectionsToECSServiceFromNetworkLoadBalancerProps) {
Expand All @@ -60,19 +58,14 @@ export class AllowConnectionsToECSServiceFromNetworkLoadBalancer extends cdk.Con
if (!props.loadBalancer) {
throw new Error("No load balancer specified");
}
if (!props.port) {
throw new Error("No port specified");
}
this.service = props.service;
this.loadBalancer = props.loadBalancer;
this.port = props.port;
this.resource = new cfn.CustomResource(this, 'Resource', {
provider: AllowConnectionsToECSServiceFromNetworkLoadBalancerProvider.getOrCreate(this),
resourceType: 'Custom::AllowConnectionsToECSServiceFromNetworkLoadBalancer',
properties: {
ServiceSecurityGroupId: this.service.connections.securityGroups[0].securityGroupId,
LoadBalancerArn: this.loadBalancer.loadBalancerArn,
Port: this.port,
}
});
}
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "allow-connections-to-ecs-service-from-network-load-balancer-cdk",
"version": "1.0.7",
"version": "1.0.10",
"description": "Configure an ECS Service security group to allow connections from a network load balancer",
"main": "lib/index.js",
"scripts": {
Expand Down
12 changes: 5 additions & 7 deletions provider/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,11 @@ export const getNLBIpAddresses = async (loadBalancerArn: string): Promise<string
return [...getIpAddresses(response.NetworkInterfaces)];
};

export const generateIpPermissions = (ipAddresses: string[], port: string): any => [
export const generateIpPermissions = (ipAddresses: string[]): any => [
{
IpProtocol: 'tcp',
FromPort: port,
ToPort: port,
FromPort: 32768,
ToPort: 65535,
IpRanges: ipAddresses.map((x) => ({
CidrIp: `${x}/32`,
Description: `Allow access from Network Load Balancer`,
Expand All @@ -54,12 +54,11 @@ export const generateIpPermissions = (ipAddresses: string[], port: string): any
export const onCreate = async (event: CloudFormationCustomResourceCreateEvent): Promise<CloudFormationCustomResourceResponse> => {
const securityGroupId = event.ResourceProperties.ServiceSecurityGroupId;
const loadBalancerArn = event.ResourceProperties.LoadBalancerArn;
const port = event.ResourceProperties.Port;
const ipAddresses = await getNLBIpAddresses(loadBalancerArn);
const ec2 = new AWS.EC2();
await ec2.authorizeSecurityGroupIngress({
GroupId: securityGroupId,
IpPermissions: generateIpPermissions(ipAddresses, port),
IpPermissions: generateIpPermissions(ipAddresses),
}).promise();
return {
Status: 'SUCCESS',
Expand All @@ -74,12 +73,11 @@ export const onCreate = async (event: CloudFormationCustomResourceCreateEvent):
export const onDelete = async (event: CloudFormationCustomResourceDeleteEvent): Promise<CloudFormationCustomResourceResponse> => {
const securityGroupId = event.ResourceProperties.ServiceSecurityGroupId;
const loadBalancerArn = event.ResourceProperties.LoadBalancerArn;
const port = event.ResourceProperties.Port;
const ipAddresses = await getNLBIpAddresses(loadBalancerArn);
const ec2 = new AWS.EC2();
await ec2.revokeSecurityGroupIngress({
GroupId: securityGroupId,
IpPermissions: generateIpPermissions(ipAddresses, port),
IpPermissions: generateIpPermissions(ipAddresses),
}).promise();
return {
Status: 'SUCCESS',
Expand Down

0 comments on commit 16920db

Please sign in to comment.