Skip to content

Commit dac26e4

Browse files
anthony-nhsanthony-nhs
committed
add interface endpoint differently
1 parent dadf0e4 commit dac26e4

File tree

2 files changed

+19
-8
lines changed

2 files changed

+19
-8
lines changed

.github/workflows/pull_request.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ jobs:
6767
VERSION_NUMBER: ${{needs.get_issue_number.outputs.issue_number}}
6868
COMMIT_ID: ${{needs.get_commit_id.outputs.commit_id}}
6969
LOG_RETENTION_IN_DAYS: 30
70-
DEPLOY_CHANGE: false
70+
DEPLOY_CHANGE: true
7171
secrets:
7272
CDK_PULL_IMAGE_ROLE: ${{ secrets.DEV_CDK_PULL_IMAGE_ROLE }}
7373
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}

packages/cdk/stacks/VpcResourcesStack.ts

Lines changed: 18 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,10 @@ import {
1010
import {
1111
CfnSubnet,
1212
FlowLogDestination,
13+
InterfaceVpcEndpoint,
1314
InterfaceVpcEndpointAwsService,
1415
IpAddresses,
16+
Peer,
1517
Vpc
1618
} from "aws-cdk-lib/aws-ec2"
1719
import {Role, ServicePrincipal} from "aws-cdk-lib/aws-iam"
@@ -29,6 +31,7 @@ export interface VpcResourcesStackProps extends StackProps{
2931
*/
3032

3133
export class VpcResourcesStack extends Stack {
34+
readonly vpc : Vpc
3235
public constructor(scope: App, id: string, props: VpcResourcesStackProps){
3336
super(scope, id, props)
3437

@@ -89,13 +92,13 @@ export class VpcResourcesStack extends Stack {
8992
}
9093

9194
// add vpc private endpoints
92-
vpc.addInterfaceEndpoint("ECRDockerEndpoint", {service: InterfaceVpcEndpointAwsService.ECR_DOCKER})
93-
vpc.addInterfaceEndpoint("ECREndpoint", {service: InterfaceVpcEndpointAwsService.ECR})
94-
vpc.addInterfaceEndpoint("SecretManagerEndpoint", {service: InterfaceVpcEndpointAwsService.SECRETS_MANAGER})
95-
vpc.addInterfaceEndpoint("CloudWatchEndpoint", {service: InterfaceVpcEndpointAwsService.CLOUDWATCH})
96-
vpc.addInterfaceEndpoint("CloudWatchLogsEndpoint", {service: InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS})
97-
vpc.addInterfaceEndpoint("CloudWatchEventsEndpoint", {service: InterfaceVpcEndpointAwsService.EVENTBRIDGE})
98-
vpc.addInterfaceEndpoint("SSMEndpoint", {service: InterfaceVpcEndpointAwsService.SSM})
95+
this.addInterfaceEndpoint("ECRDockerEndpoint", InterfaceVpcEndpointAwsService.ECR_DOCKER)
96+
this.addInterfaceEndpoint("ECREndpoint", InterfaceVpcEndpointAwsService.ECR)
97+
this.addInterfaceEndpoint("SecretManagerEndpoint", InterfaceVpcEndpointAwsService.SECRETS_MANAGER)
98+
this.addInterfaceEndpoint("CloudWatchEndpoint", InterfaceVpcEndpointAwsService.CLOUDWATCH)
99+
this.addInterfaceEndpoint("CloudWatchLogsEndpoint", InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS)
100+
this.addInterfaceEndpoint("CloudWatchEventsEndpoint", InterfaceVpcEndpointAwsService.CLOUDWATCH_EVENTS)
101+
this.addInterfaceEndpoint("SSMEndpoint", InterfaceVpcEndpointAwsService.SSM)
99102

100103
//Outputs
101104

@@ -136,4 +139,12 @@ export class VpcResourcesStack extends Stack {
136139
})
137140

138141
}
142+
143+
private addInterfaceEndpoint(name: string, awsService: InterfaceVpcEndpointAwsService): void {
144+
const endpoint: InterfaceVpcEndpoint = this.vpc.addInterfaceEndpoint(`${name}`, {
145+
service: awsService
146+
})
147+
148+
endpoint.connections.allowFrom(Peer.ipv4(this.vpc.vpcCidrBlock), endpoint.connections.defaultPort!)
149+
}
139150
}

0 commit comments

Comments
 (0)