Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ec2: implement IPeer to PrefixList #33607

Open
1 of 2 tasks
Tietew opened this issue Feb 27, 2025 · 1 comment · May be fixed by #33617
Open
1 of 2 tasks

ec2: implement IPeer to PrefixList #33607

Tietew opened this issue Feb 27, 2025 · 1 comment · May be fixed by #33617
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@Tietew
Copy link
Contributor

Tietew commented Feb 27, 2025

Describe the feature

When we want to add a security group rule which peer is a PrefixList,
we should write following code:

const pl = new ec2.PrefixList(this, 'PrefixList', { ... });
instance.connections.allowFrom(ec2.Peer.prefixListId(pl.prefixListId), ec2.Port.XXX);

It's a bit frustrated with the redundant prefixListId.

Use Case

We want to write DRY:

const pl = new ec2.PrefixList(this, 'PrefixList', { ... });
instance.connections.allowFrom(pl, ec2.Port.XXX);

Proposed Solution

  • Update IPrefixList to extend IPeer
  • Update PrefixListBase to implement IPeer

Other Information

Related to #33606
We can rewrite its example simpler:

const plCloudFront = ec2.PrefixList.fromLookup(this, 'CloudFrontPrefixList', {
  prefixListName: 'com.amazonaws.global.cloudfront.origin-facing',
});
alb.connections.allowFrom(plCloudFront, ec2.Port.HTTPS);

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.180.0

Environment details (OS name and version, etc.)

N/A
@Tietew Tietew added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Feb 27, 2025
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Feb 27, 2025
@pahud
Copy link
Contributor

pahud commented Feb 27, 2025

Hi @Tietew, thanks for the feature request!

This is a great suggestion to improve the developer experience when working with prefix lists in security group rules. Having PrefixList implement IPeer would be a natural extension that makes the API more intuitive and reduces redundancy.

Your proposed approach makes sense:

  1. Update IPrefixList to extend IPeer
  2. Update PrefixListBase to implement IPeer

This would be a non-breaking change that adds functionality while maintaining backward compatibility. Since you've indicated you might be able to implement this feature, we'd be happy to review a PR for this enhancement.

When implementing, you'd want to:

  1. Modify the IPrefixList interface to extend IPeer
  2. Implement the required IPeer methods in PrefixListBase (or a mixin if that's more appropriate)
  3. Add appropriate tests to verify the new functionality works as expected

This would pair well with your other suggestion in #33606 for PrefixList.fromLookup(), allowing for a much cleaner API when working with prefix lists in security groups.

We'll review your PR when it's ready.

@pahud pahud added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Feb 27, 2025
@Tietew Tietew linked a pull request Feb 28, 2025 that will close this issue
Open
1 task
@github-actions github-actions bot mentioned this issue Mar 1, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ec2): implement IPeer to PrefixList to be usable as a connection peer Tietew/aws-cdk
2 participants
@Tietew @pahud