Skip to content

Commit 21945a4

Browse files
anthony-nhsanthony-nhs
committed
add tags to endpoint
1 parent 0b6200b commit 21945a4

File tree

1 file changed

+26
-1
lines changed

1 file changed

+26
-1
lines changed

packages/cdk/stacks/VpcResourcesStack.ts

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ import {
2020
import {Role, ServicePrincipal} from "aws-cdk-lib/aws-iam"
2121
import {Key} from "aws-cdk-lib/aws-kms"
2222
import {LogGroup} from "aws-cdk-lib/aws-logs"
23+
import {AwsCustomResource, AwsCustomResourcePolicy, PhysicalResourceId} from "aws-cdk-lib/custom-resources"
2324

2425
export interface VpcResourcesStackProps extends StackProps{
2526
readonly version: string
@@ -94,7 +95,7 @@ export class VpcResourcesStack extends Stack {
9495

9596
this.vpc = vpc
9697

97-
// add vpc private endpoints
98+
// add vpc private endpoints - needed to set up ECR
9899
this.addInterfaceEndpoint("ECRDockerEndpoint", InterfaceVpcEndpointAwsService.ECR_DOCKER)
99100
this.addInterfaceEndpoint("ECREndpoint", InterfaceVpcEndpointAwsService.ECR)
100101
this.addInterfaceEndpoint("SecretManagerEndpoint", InterfaceVpcEndpointAwsService.SECRETS_MANAGER)
@@ -103,6 +104,7 @@ export class VpcResourcesStack extends Stack {
103104
this.addInterfaceEndpoint("CloudWatchEventsEndpoint", InterfaceVpcEndpointAwsService.EVENTBRIDGE)
104105
this.addInterfaceEndpoint("SSMEndpoint", InterfaceVpcEndpointAwsService.SSM)
105106

107+
// add a gateway endpoint for S3
106108
vpc.addGatewayEndpoint("S3Endpoint", {
107109
service: GatewayVpcEndpointAwsService.S3
108110
})
@@ -152,6 +154,29 @@ export class VpcResourcesStack extends Stack {
152154
service: awsService
153155
})
154156

157+
new AwsCustomResource(this, `${name}-tags`, {
158+
installLatestAwsSdk: false,
159+
onUpdate: {
160+
action: "createTags",
161+
parameters: {
162+
Resources: [
163+
endpoint.vpcEndpointId
164+
],
165+
Tags: [
166+
{
167+
Key: "Name",
168+
Value: `${this.stackName}-${name}-endpoint`
169+
}
170+
]
171+
},
172+
physicalResourceId: PhysicalResourceId.of(Date.now().toString()),
173+
service: "EC2"
174+
},
175+
policy: AwsCustomResourcePolicy.fromSdkCalls({
176+
resources: AwsCustomResourcePolicy.ANY_RESOURCE
177+
})
178+
})
179+
155180
endpoint.connections.allowFrom(Peer.ipv4(this.vpc.vpcCidrBlock), endpoint.connections.defaultPort!)
156181
}
157182
}

0 commit comments

Comments
 (0)