diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/TestStackLoadBalancer.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/TestStackLoadBalancer.assets.json index 66c27f15a0150..92812ccb9c744 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/TestStackLoadBalancer.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/TestStackLoadBalancer.assets.json @@ -14,7 +14,7 @@ } } }, - "0be03344ff0a7f0148d6c71c551b021ab6ded967d68f471f125be5cda63fc65d": { + "5f0a3fa3c0e936a7d0fcb82b0860c69c03dde88d33ca4e1135cd990086740194": { "source": { "path": "TestStackLoadBalancer.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "0be03344ff0a7f0148d6c71c551b021ab6ded967d68f471f125be5cda63fc65d.json", + "objectKey": "5f0a3fa3c0e936a7d0fcb82b0860c69c03dde88d33ca4e1135cd990086740194.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/TestStackLoadBalancer.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/TestStackLoadBalancer.template.json index ffda13c0709e6..b9d7098f84314 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/TestStackLoadBalancer.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/TestStackLoadBalancer.template.json @@ -503,7 +503,7 @@ "vpcEndpointService08751094": { "Type": "AWS::EC2::VPCEndpointService", "Properties": { - "AcceptanceRequired": true, + "AcceptanceRequired": false, "ContributorInsightsEnabled": true, "NetworkLoadBalancerArns": [ { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/manifest.json index a238507d02a45..a474f63d22e7a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0be03344ff0a7f0148d6c71c551b021ab6ded967d68f471f125be5cda63fc65d.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5f0a3fa3c0e936a7d0fcb82b0860c69c03dde88d33ca4e1135cd990086740194.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/tree.json index 59336e2cf93bf..83883e0dab40c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.js.snapshot/tree.json @@ -31,8 +31,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PublicSubnet1": { @@ -75,16 +75,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "TestStackLoadBalancer/Vpc/PublicSubnet1/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -105,8 +105,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -124,8 +124,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -144,8 +144,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "EIP": { @@ -164,8 +164,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "NATGateway": { @@ -192,14 +192,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PublicSubnet2": { @@ -242,16 +242,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "TestStackLoadBalancer/Vpc/PublicSubnet2/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -272,8 +272,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -291,8 +291,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -311,14 +311,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PrivateSubnet1": { @@ -361,16 +361,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "TestStackLoadBalancer/Vpc/PrivateSubnet1/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -391,8 +391,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -410,8 +410,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -430,14 +430,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PrivateSubnet2": { @@ -480,16 +480,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "TestStackLoadBalancer/Vpc/PrivateSubnet2/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -510,8 +510,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -529,8 +529,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -549,14 +549,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "IGW": { @@ -574,8 +574,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "VPCGW": { @@ -593,8 +593,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RestrictDefaultSecurityGroupCustomResource": { @@ -605,28 +605,28 @@ "id": "Default", "path": "TestStackLoadBalancer/Vpc/RestrictDefaultSecurityGroupCustomResource/Default", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.Vpc", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "LatestNodeRuntimeMap": { "id": "LatestNodeRuntimeMap", "path": "TestStackLoadBalancer/LatestNodeRuntimeMap", "constructInfo": { - "fqn": "aws-cdk-lib.CfnMapping", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Custom::VpcRestrictDefaultSGCustomResourceProvider": { @@ -637,30 +637,30 @@ "id": "Staging", "path": "TestStackLoadBalancer/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Role": { "id": "Role", "path": "TestStackLoadBalancer/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Handler": { "id": "Handler", "path": "TestStackLoadBalancer/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.CustomResourceProviderBase", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "NLB": { @@ -692,14 +692,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.CfnLoadBalancer", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_elasticloadbalancingv2.NetworkLoadBalancer", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "vpcEndpointService": { @@ -712,7 +712,7 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::VPCEndpointService", "aws:cdk:cloudformation:props": { - "acceptanceRequired": true, + "acceptanceRequired": false, "contributorInsightsEnabled": true, "networkLoadBalancerArns": [ { @@ -722,36 +722,36 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCEndpointService", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.VpcEndpointService", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "TestStackLoadBalancer/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "TestStackLoadBalancer/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "VpcEndpointservice": { @@ -778,22 +778,22 @@ "id": "BootstrapVersion", "path": "VpcEndpointservice/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "VpcEndpointservice/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -818,8 +818,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.ts index 508f81a528dfd..1babaa0b44786 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint-service.ts @@ -13,11 +13,12 @@ class TestStack extends cdk.Stack { const loadBalancer = new elbv2.NetworkLoadBalancer(this, 'NLB', { vpc }); - new ec2.VpcEndpointService(this, 'vpcEndpointService', { + const service = new ec2.VpcEndpointService(this, 'vpcEndpointService', { vpcEndpointServiceLoadBalancers: [loadBalancer], acceptanceRequired: true, contributorInsights: true, }); + service.enableAcceptanceRequired(false); } } diff --git a/packages/aws-cdk-lib/aws-ec2/README.md b/packages/aws-cdk-lib/aws-ec2/README.md index 686eb78ed2a3f..50c198b49c51a 100644 --- a/packages/aws-cdk-lib/aws-ec2/README.md +++ b/packages/aws-cdk-lib/aws-ec2/README.md @@ -1121,6 +1121,19 @@ Note: The domain name must be owned (registered through Route53) by the account The VpcEndpointServiceDomainName will handle the AWS side of domain verification, the process for which can be found [here](https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html) +To update the `acceptanceRequired` property after initialization use the `enableAcceptanceRequired()` method: + +```ts +declare const networkLoadBalancer: elbv2.NetworkLoadBalancer; + +const endpointService = new ec2.VpcEndpointService(this, 'EndpointService', { + vpcEndpointServiceLoadBalancers: [networkLoadBalancer], + acceptanceRequired: true, +}); + +endpointService.enableAcceptanceRequired(false); +``` + ### Client VPN endpoint AWS Client VPN is a managed client-based VPN service that enables you to securely access your AWS diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.ts index 0e611adc996cc..95d4db8b3276f 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint-service.ts @@ -1,7 +1,7 @@ import { Construct } from 'constructs'; import { CfnVPCEndpointService, CfnVPCEndpointServicePermissions } from './ec2.generated'; import { ArnPrincipal } from '../../aws-iam'; -import { Aws, Fn, IResource, Resource, Stack, Token } from '../../core'; +import { Aws, Fn, IResource, Lazy, Resource, Stack, Token } from '../../core'; import { RegionInfo } from '../../region-info'; /** @@ -118,7 +118,7 @@ export class VpcEndpointService extends Resource implements IVpcEndpointService this.endpointService = new CfnVPCEndpointService(this, id, { networkLoadBalancerArns: this.vpcEndpointServiceLoadBalancers.map(lb => lb.loadBalancerArn), - acceptanceRequired: this.acceptanceRequired, + acceptanceRequired: Lazy.any({ produce: () => this.acceptanceRequired }), contributorInsightsEnabled: this.contributorInsightsEnabled, }); @@ -137,6 +137,13 @@ export class VpcEndpointService extends Resource implements IVpcEndpointService }); } } + + /** + * Sets the acceptance required for the VPC Endpoint Service. + */ + public enableAcceptanceRequired(acceptanceRequired: boolean) { + this.endpointService.acceptanceRequired = acceptanceRequired; + } } /** diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint-service.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint-service.test.ts index 5ffc11c5025e2..0d8728beaad66 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint-service.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint-service.test.ts @@ -129,6 +129,33 @@ describe('vpc endpoint service', () => { }); + test('with acceptance required set by `setAcceptanceRequired`', () => { + // GIVEN + const stack = new Stack(); + + // WHEN + const lb = new DummyEndpointLoadBalacer('arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a'); + const service = new VpcEndpointService(stack, 'EndpointService', { + vpcEndpointServiceLoadBalancers: [lb], + allowedPrincipals: [new ArnPrincipal('arn:aws:iam::123456789012:root')], + acceptanceRequired: true, + }); + service.enableAcceptanceRequired(false); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpointService', { + NetworkLoadBalancerArns: ['arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/net/Test/9bn6qkf4e9jrw77a'], + AcceptanceRequired: false, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpointServicePermissions', { + ServiceId: { + Ref: 'EndpointServiceED36BE1F', + }, + AllowedPrincipals: ['arn:aws:iam::123456789012:root'], + }); + }); + test('with contributor insights enabled', () => { // GIVEN const stack = new Stack();