From 16920db6624f47d2d437505f9693d972a987c08e Mon Sep 17 00:00:00 2001
From: Andrew Plummer <andrew.plummer@isotoma.com>
Date: Tue, 1 Nov 2022 10:59:26 +0000
Subject: [PATCH] Recovered changes from release 1.0.10 on npm (#13)

---
 index.ts          |  7 -------
 package.json      |  2 +-
 provider/index.ts | 12 +++++-------
 3 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/index.ts b/index.ts
index e20b3f9..b2858e8 100644
--- a/index.ts
+++ b/index.ts
@@ -43,13 +43,11 @@ export class AllowConnectionsToECSServiceFromNetworkLoadBalancerProvider extends
 export class AllowConnectionsToECSServiceFromNetworkLoadBalancerProps {
     readonly service: ecs.Ec2Service;
     readonly loadBalancer: elbv2.NetworkLoadBalancer;
-    readonly port: number;
 }
 
 export class AllowConnectionsToECSServiceFromNetworkLoadBalancer extends cdk.Construct {
     public readonly service: ecs.Ec2Service;
     public readonly loadBalancer: elbv2.NetworkLoadBalancer;
-    public readonly port: number;
     private resource: cfn.CustomResource;
 
     constructor(scope: cdk.Construct, id: string, props: AllowConnectionsToECSServiceFromNetworkLoadBalancerProps) {
@@ -60,19 +58,14 @@ export class AllowConnectionsToECSServiceFromNetworkLoadBalancer extends cdk.Con
         if (!props.loadBalancer) {
             throw new Error("No load balancer specified");
         }
-        if (!props.port) {
-            throw new Error("No port specified");
-        }
         this.service = props.service;
         this.loadBalancer = props.loadBalancer;
-        this.port = props.port;
         this.resource = new cfn.CustomResource(this, 'Resource', {
             provider: AllowConnectionsToECSServiceFromNetworkLoadBalancerProvider.getOrCreate(this),
             resourceType: 'Custom::AllowConnectionsToECSServiceFromNetworkLoadBalancer',
             properties: {
                 ServiceSecurityGroupId: this.service.connections.securityGroups[0].securityGroupId,
                 LoadBalancerArn: this.loadBalancer.loadBalancerArn,
-                Port: this.port,
             }
         });
     }
diff --git a/package.json b/package.json
index 0b0b144..0011d42 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "allow-connections-to-ecs-service-from-network-load-balancer-cdk",
-  "version": "1.0.7",
+  "version": "1.0.10",
   "description": "Configure an ECS Service security group to allow connections from a network load balancer",
   "main": "lib/index.js",
   "scripts": {
diff --git a/provider/index.ts b/provider/index.ts
index b5e522f..0835ae8 100644
--- a/provider/index.ts
+++ b/provider/index.ts
@@ -39,11 +39,11 @@ export const getNLBIpAddresses = async (loadBalancerArn: string): Promise<string
     return [...getIpAddresses(response.NetworkInterfaces)];
 };
 
-export const generateIpPermissions = (ipAddresses: string[], port: string): any => [
+export const generateIpPermissions = (ipAddresses: string[]): any => [
     {
         IpProtocol: 'tcp',
-        FromPort: port,
-        ToPort: port,
+        FromPort: 32768,
+        ToPort: 65535,
         IpRanges: ipAddresses.map((x) => ({
             CidrIp: `${x}/32`,
             Description: `Allow access from Network Load Balancer`,
@@ -54,12 +54,11 @@ export const generateIpPermissions = (ipAddresses: string[], port: string): any
 export const onCreate = async (event: CloudFormationCustomResourceCreateEvent): Promise<CloudFormationCustomResourceResponse> => {
     const securityGroupId = event.ResourceProperties.ServiceSecurityGroupId;
     const loadBalancerArn = event.ResourceProperties.LoadBalancerArn;
-    const port = event.ResourceProperties.Port;
     const ipAddresses = await getNLBIpAddresses(loadBalancerArn);
     const ec2 = new AWS.EC2();
     await ec2.authorizeSecurityGroupIngress({
         GroupId: securityGroupId,
-        IpPermissions: generateIpPermissions(ipAddresses, port),
+        IpPermissions: generateIpPermissions(ipAddresses),
     }).promise();
     return {
         Status: 'SUCCESS',
@@ -74,12 +73,11 @@ export const onCreate = async (event: CloudFormationCustomResourceCreateEvent):
 export const onDelete = async (event: CloudFormationCustomResourceDeleteEvent): Promise<CloudFormationCustomResourceResponse> => {
     const securityGroupId = event.ResourceProperties.ServiceSecurityGroupId;
     const loadBalancerArn = event.ResourceProperties.LoadBalancerArn;
-    const port = event.ResourceProperties.Port;
     const ipAddresses = await getNLBIpAddresses(loadBalancerArn);
     const ec2 = new AWS.EC2();
     await ec2.revokeSecurityGroupIngress({
         GroupId: securityGroupId,
-        IpPermissions: generateIpPermissions(ipAddresses, port),
+        IpPermissions: generateIpPermissions(ipAddresses),
     }).promise();
     return {
         Status: 'SUCCESS',