Skip to content

Commit

Permalink
feat(aws-autoscaling): attach security group to launch configuration (#…
Browse files Browse the repository at this point in the history
…636)

Add the ability attach a security group to an autoscaling launch configuration
  • Loading branch information
moofish32 authored and Elad Ben-Israel committed Sep 3, 2018
1 parent d255953 commit 1e627e2
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 2 deletions.
17 changes: 15 additions & 2 deletions packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts
Original file line number Diff line number Diff line change
Expand Up @@ -153,14 +153,16 @@ export class AutoScalingGroup extends cdk.Construct implements ec2.IClassicLoadB

private readonly userDataLines = new Array<string>();
private readonly autoScalingGroup: cloudformation.AutoScalingGroupResource;
private readonly securityGroup: ec2.SecurityGroup;
private readonly securityGroup: ec2.SecurityGroupRef;
private readonly securityGroups: ec2.SecurityGroupRef[] = [];
private readonly loadBalancerNames: cdk.Token[] = [];

constructor(parent: cdk.Construct, name: string, props: AutoScalingGroupProps) {
super(parent, name);

this.securityGroup = new ec2.SecurityGroup(this, 'InstanceSecurityGroup', { vpc: props.vpc });
this.connections = new ec2.Connections({ securityGroup: this.securityGroup });
this.securityGroups.push(this.securityGroup);

if (props.allowAllOutbound !== false) {
this.connections.allowTo(new ec2.AnyIPv4(), new ec2.AllConnections(), 'Outbound traffic allowed by default');
Expand All @@ -177,12 +179,13 @@ export class AutoScalingGroup extends cdk.Construct implements ec2.IClassicLoadB
// use delayed evaluation
const machineImage = props.machineImage.getImage(this);
const userDataToken = new cdk.Token(() => new cdk.FnBase64((machineImage.os.createUserData(this.userDataLines))));
const securityGroupsToken = new cdk.Token(() => this.securityGroups.map(sg => sg.securityGroupId));

const launchConfig = new cloudformation.LaunchConfigurationResource(this, 'LaunchConfig', {
imageId: machineImage.imageId,
keyName: props.keyName,
instanceType: props.instanceType.toString(),
securityGroups: [this.securityGroup.securityGroupId],
securityGroups: securityGroupsToken,
iamInstanceProfile: iamProfile.ref,
userData: userDataToken
});
Expand Down Expand Up @@ -227,6 +230,16 @@ export class AutoScalingGroup extends cdk.Construct implements ec2.IClassicLoadB
this.applyUpdatePolicies(props);
}

/**
* Add the security group to all instances via the launch configuration
* security groups array.
*
* @param securityGroup: The SecurityGroupRef to add
*/
public addSecurityGroup(securityGroup: ec2.SecurityGroupRef): void {
this.securityGroups.push(securityGroup);
}

public attachToClassicLB(loadBalancer: ec2.ClassicLoadBalancer): void {
this.loadBalancerNames.push(loadBalancer.loadBalancerName);
}
Expand Down
30 changes: 30 additions & 0 deletions packages/@aws-cdk/aws-autoscaling/test/test.auto-scaling-group.ts
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,30 @@ export = {

test.done();
},
'can add Security Group to Fleet'(test: Test) {
// GIVEN
const stack = new cdk.Stack(undefined, 'MyStack', { env: { region: 'us-east-1', account: '1234' }});
const vpc = mockVpc(stack);

// WHEN
const asg = new autoscaling.AutoScalingGroup(stack, 'MyFleet', {
instanceType: new ec2.InstanceTypePair(ec2.InstanceClass.M4, ec2.InstanceSize.Micro),
machineImage: new ec2.AmazonLinuxImage(),
vpc,
});
asg.addSecurityGroup(mockSecurityGroup(stack));
expect(stack).to(haveResource("AWS::AutoScaling::LaunchConfiguration", {
SecurityGroups: [
{
"Fn::GetAtt": [
"MyFleetInstanceSecurityGroup774E8234",
"GroupId"
]
},
'most-secure'],
}));
test.done();
},
};

function mockVpc(stack: cdk.Stack) {
Expand All @@ -342,3 +366,9 @@ function mockVpc(stack: cdk.Stack) {
privateSubnetIds: [ new ec2.SubnetId('pri1') ],
});
}

function mockSecurityGroup(stack: cdk.Stack) {
return ec2.SecurityGroupRef.import(stack, 'MySG', {
securityGroupId: new ec2.SecurityGroupId('most-secure'),
});
}

0 comments on commit 1e627e2

Please sign in to comment.