Skip to content

Commit db796cf

Browse files
nandajavarmanandajavarma
authored
Merge pull request #3 from gitpod-io/nvn/vpc-endpoint-check
Add check for execute-api vpc endpoint
2 parents 29be69f + 35649c7 commit db796cf

File tree

1 file changed

+28
-7
lines changed

1 file changed

+28
-7
lines changed

gitpod-network-check/cmd/checks.go

Lines changed: 28 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -139,23 +139,41 @@ var checkCommand = &cobra.Command{ // nolint:gochecknoglobals
139139
},
140140
}
141141

142+
type vpcEndpointsMap struct {
143+
Endpoint string
144+
Required bool
145+
}
146+
142147
// the ssm-agent requires that ec2messages, ssm and ssmmessages are available
143148
// we check the endpoints here so that if we cannot send commands to the ec2 instance
144149
// in a private setup we know why
145150
func checkSMPrerequisites(ctx context.Context, ec2Client *ec2.Client) error {
146151
log.Infof("ℹ️ Checking prerequisites")
147-
vpcEndpoints := []string{
148-
fmt.Sprintf("com.amazonaws.%s.ec2messages", networkConfig.AwsRegion),
149-
fmt.Sprintf("com.amazonaws.%s.ssm", networkConfig.AwsRegion),
150-
fmt.Sprintf("com.amazonaws.%s.ssmmessages", networkConfig.AwsRegion),
152+
vpcEndpoints := []vpcEndpointsMap{
153+
{
154+
Endpoint: fmt.Sprintf("com.amazonaws.%s.ec2messages", networkConfig.AwsRegion),
155+
Required: false,
156+
},
157+
{
158+
Endpoint: fmt.Sprintf("com.amazonaws.%s.ssm", networkConfig.AwsRegion),
159+
Required: false,
160+
},
161+
{
162+
Endpoint: fmt.Sprintf("com.amazonaws.%s.ssmmessages", networkConfig.AwsRegion),
163+
Required: false,
164+
},
165+
{
166+
Endpoint: fmt.Sprintf("com.amazonaws.%s.execute-api", networkConfig.AwsRegion),
167+
Required: true,
168+
},
151169
}
152170

153171
for _, endpoint := range vpcEndpoints {
154172
response, err := ec2Client.DescribeVpcEndpoints(ctx, &ec2.DescribeVpcEndpointsInput{
155173
Filters: []types.Filter{
156174
{
157175
Name: aws.String("service-name"),
158-
Values: []string{endpoint},
176+
Values: []string{endpoint.Endpoint},
159177
},
160178
},
161179
})
@@ -165,9 +183,12 @@ func checkSMPrerequisites(ctx context.Context, ec2Client *ec2.Client) error {
165183
}
166184

167185
if len(response.VpcEndpoints) == 0 {
168-
log.Infof("ℹ️ VPC endpoint %s is not configured", endpoint)
186+
if endpoint.Required {
187+
return fmt.Errorf("❌ VPC endpoint %s not configured: %w", endpoint.Endpoint, err)
188+
}
189+
log.Infof("ℹ️ VPC endpoint %s is not configured", endpoint.Endpoint)
169190
} else {
170-
log.Infof("✅ VPC endpoint %s is configured", endpoint)
191+
log.Infof("✅ VPC endpoint %s is configured", endpoint.Endpoint)
171192
}
172193
}
173194

0 commit comments

Comments
 (0)