diff --git a/packages/@aws-cdk/aws-ec2-alpha/README.md b/packages/@aws-cdk/aws-ec2-alpha/README.md index dd99db5a69ff7..27a0096e069c3 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/README.md +++ b/packages/@aws-cdk/aws-ec2-alpha/README.md @@ -298,15 +298,19 @@ const acceptorVpc = new VpcV2(this, 'VpcA', { const acceptorRoleArn = acceptorVpc.createAcceptorVpcRole('000000000000') // Requestor account ID ``` -After creating an IAM role in the acceptor account, we can initiate the peering connection request from the requestor VPC. +After creating an IAM role in the acceptor account, we can initiate the peering connection request from the requestor VPC. Import accpeptorVpc to the stack using `fromVpcV2Attributes` method, it is recommended to specify owner account id of the acceptor VPC in case of cross account peering connection, if acceptor VPC is hosted in different region provide region value for import as well. +The following code snippet demonstrates how to set up VPC peering between two VPCs in different AWS accounts using CDK: ```ts const stack = new Stack(); -// TODO: Import acceptorVpc into the requestor stack -const acceptorVpc = new VpcV2(this, 'VpcA', { - primaryAddressBlock: IpAddresses.ipv4('10.0.0.0/16'), -}); +const acceptorVpc = vpc.fromVpcV2Attributes(this, 'acceptorVpc', { + //Replace VPC Id before running integ test again + vpcId: 'vpc-XXXX', + vpcCidrBlock: '10.0.0.0/16', + region: 'us-east-2', + ownerAccountId: acceptorAccount, + }); const acceptorRoleArn = 'arn:aws:iam::111111111111:role/VpcPeeringRole'; diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts index cadf03304af30..26bde2cb903c8 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts @@ -1,6 +1,4 @@ import { Aws, Resource, Annotations } from 'aws-cdk-lib'; -import { IVpc, ISubnet, SubnetSelection, SelectedSubnets, EnableVpnGatewayOptions, VpnGateway, VpnConnectionType, CfnVPCGatewayAttachment, CfnVPNGatewayRoutePropagation, VpnConnectionOptions, VpnConnection, ClientVpnEndpointOptions, ClientVpnEndpoint, InterfaceVpcEndpointOptions, InterfaceVpcEndpoint, GatewayVpcEndpointOptions, GatewayVpcEndpoint, FlowLogOptions, FlowLog, FlowLogResourceType, SubnetType, SubnetFilter, CfnVPCCidrBlock } from 'aws-cdk-lib/aws-ec2'; -import { Resource, Annotations } from 'aws-cdk-lib'; import { IVpc, ISubnet, SubnetSelection, SelectedSubnets, EnableVpnGatewayOptions, VpnGateway, VpnConnectionType, CfnVPCGatewayAttachment, CfnVPNGatewayRoutePropagation, VpnConnectionOptions, VpnConnection, ClientVpnEndpointOptions, ClientVpnEndpoint, InterfaceVpcEndpointOptions, InterfaceVpcEndpoint, GatewayVpcEndpointOptions, GatewayVpcEndpoint, FlowLogOptions, FlowLog, FlowLogResourceType, SubnetType, SubnetFilter } from 'aws-cdk-lib/aws-ec2'; import { allRouteTableIds, flatten, subnetGroupNameFromConstructId } from './util'; import { IDependable, Dependable, IConstruct, DependencyGroup } from 'constructs'; @@ -205,16 +203,6 @@ export abstract class VpcV2Base extends Resource implements IVpcV2 { */ public abstract readonly isolatedSubnets: ISubnet[]; - /** - * Region for this VPC - */ - public abstract readonly region?: string; - - /** - * Identifier of the owner for this VPC - */ - public abstract readonly ownerAccountId?: string; - /** * AZs for this VPC */ diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts index de8ef9445a4cd..841bdcb6d8a63 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts @@ -401,16 +401,6 @@ export class VpcV2 extends VpcV2Base { */ public readonly privateSubnets: ISubnet[]; - /** - * Region for this VPC - */ - public readonly region?: string; - - /** - * Identifier of the owner for this VPC - */ - public readonly ownerAccountId?: string; - /** * To define dependency on internet connectivity */ diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/VpcpcCrossAccountIntegDefaultTestDeployAssertB5B8DCA8.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/VpcpcCrossAccountIntegDefaultTestDeployAssertB5B8DCA8.assets.json similarity index 100% rename from packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/VpcpcCrossAccountIntegDefaultTestDeployAssertB5B8DCA8.assets.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/VpcpcCrossAccountIntegDefaultTestDeployAssertB5B8DCA8.assets.json diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/VpcpcCrossAccountIntegDefaultTestDeployAssertB5B8DCA8.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/VpcpcCrossAccountIntegDefaultTestDeployAssertB5B8DCA8.template.json similarity index 100% rename from packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/VpcpcCrossAccountIntegDefaultTestDeployAssertB5B8DCA8.template.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/VpcpcCrossAccountIntegDefaultTestDeployAssertB5B8DCA8.template.json diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/acceptor-stack.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/acceptor-stack.assets.json new file mode 100644 index 0000000000000..d555c22e17c20 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/acceptor-stack.assets.json @@ -0,0 +1,20 @@ +{ + "version": "38.0.1", + "files": { + "494d74ef500a1a14c7035e88ad557730f9fc107b438e11e51d34f14cf5f83c09": { + "source": { + "path": "acceptor-stack.template.json", + "packaging": "file" + }, + "destinations": { + "916743627080-us-east-2": { + "bucketName": "cdk-hnb659fds-assets-916743627080-us-east-2", + "objectKey": "494d74ef500a1a14c7035e88ad557730f9fc107b438e11e51d34f14cf5f83c09.json", + "region": "us-east-2", + "assumeRoleArn": "arn:${AWS::Partition}:iam::916743627080:role/cdk-hnb659fds-file-publishing-role-916743627080-us-east-2" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/acceptor-stack.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/acceptor-stack.template.json similarity index 76% rename from packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/acceptor-stack.template.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/acceptor-stack.template.json index 40f646eca36dd..be38f3225896d 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/acceptor-stack.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/acceptor-stack.template.json @@ -18,7 +18,7 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::234567890123:root" + "AWS": "arn:aws:iam::12345678:root" } } ], @@ -44,7 +44,7 @@ { "Ref": "AWS::Partition" }, - ":ec2:us-east-1:234567890123:vpc/", + ":ec2:us-east-2:916743627080:vpc/", { "Fn::GetAtt": [ "acceptorVpc5B7D1670", @@ -67,7 +67,7 @@ { "Ref": "AWS::Partition" }, - ":ec2:us-east-1:234567890123:vpc/", + ":ec2:us-east-2:916743627080:vpc/", { "Fn::GetAtt": [ "acceptorVpc5B7D1670", @@ -88,7 +88,7 @@ { "Ref": "AWS::Partition" }, - ":ec2:us-east-1:234567890123:vpc-peering-connection/*" + ":ec2:us-east-2:916743627080:vpc-peering-connection/*" ] ] } @@ -103,6 +103,34 @@ } ] } + }, + "requestorVpcSameAccountF27E91F7": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.1.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default" + } + }, + "requestorVpcSameAccountsameAccountPeeringVPCPeeringConnection4E07C8CD": { + "Type": "AWS::EC2::VPCPeeringConnection", + "Properties": { + "PeerOwnerId": "916743627080", + "PeerRegion": "us-east-2", + "PeerVpcId": { + "Fn::GetAtt": [ + "acceptorVpc5B7D1670", + "VpcId" + ] + }, + "VpcId": { + "Fn::GetAtt": [ + "requestorVpcSameAccountF27E91F7", + "VpcId" + ] + } + } } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/cdk.out b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/cdk.out similarity index 100% rename from packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/cdk.out rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/cdk.out diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/integ.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/integ.json similarity index 100% rename from packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/integ.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/integ.json diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/manifest.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/manifest.json similarity index 81% rename from packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/manifest.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/manifest.json index 181d22a9525fb..800bfe56ff2f7 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/manifest.json @@ -11,22 +11,22 @@ }, "acceptor-stack": { "type": "aws:cloudformation:stack", - "environment": "aws://234567890123/us-east-1", + "environment": "aws://916743627080/us-east-2", "properties": { "templateFile": "acceptor-stack.template.json", "terminationProtection": false, "validateOnSynth": false, "notificationArns": [], - "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-deploy-role-234567890123-us-east-1", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-cfn-exec-role-234567890123-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-234567890123-us-east-1/0f24269a2562149271e39a0d72b62808fb6210582ae268699403114701a77f7d.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::916743627080:role/cdk-hnb659fds-deploy-role-916743627080-us-east-2", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::916743627080:role/cdk-hnb659fds-cfn-exec-role-916743627080-us-east-2", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-916743627080-us-east-2/494d74ef500a1a14c7035e88ad557730f9fc107b438e11e51d34f14cf5f83c09.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ "acceptor-stack.assets" ], "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-lookup-role-234567890123-us-east-1", + "arn": "arn:${AWS::Partition}:iam::916743627080:role/cdk-hnb659fds-lookup-role-916743627080-us-east-2", "requiresBootstrapStackVersion": 8, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } @@ -53,6 +53,18 @@ "data": "acceptorVpcVpcPeeringRoleDefaultPolicyE79C72D0" } ], + "/acceptor-stack/requestorVpcSameAccount/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "requestorVpcSameAccountF27E91F7" + } + ], + "/acceptor-stack/requestorVpcSameAccount/sameAccountPeering/VPCPeeringConnection": [ + { + "type": "aws:cdk:logicalId", + "data": "requestorVpcSameAccountsameAccountPeeringVPCPeeringConnection4E07C8CD" + } + ], "/acceptor-stack/BootstrapVersion": [ { "type": "aws:cdk:logicalId", @@ -78,22 +90,22 @@ }, "requestor-stack": { "type": "aws:cloudformation:stack", - "environment": "aws://123456789012/us-east-1", + "environment": "aws://12345678/us-east-2", "properties": { "templateFile": "requestor-stack.template.json", "terminationProtection": false, "validateOnSynth": false, "notificationArns": [], - "assumeRoleArn": "arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-deploy-role-123456789012-us-east-1", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-cfn-exec-role-123456789012-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-123456789012-us-east-1/97ed73811c6238b5ca810c262385064a85e50d171ac8685e8aa595963d0ed115.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-us-east-2", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-cfn-exec-role-12345678-us-east-2", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-12345678-us-east-2/fc15bc49f7a6a9e5349f088175d53557b03bf8d8766ab06caaefc7b68c22cc6f.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ "requestor-stack.assets" ], "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-lookup-role-123456789012-us-east-1", + "arn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-lookup-role-12345678-us-east-2", "requiresBootstrapStackVersion": 8, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } @@ -102,28 +114,16 @@ "requestor-stack.assets" ], "metadata": { - "/requestor-stack/requestorVpc/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "requestorVpcFFA7DDD4" - } - ], - "/requestor-stack/requestorVpc/TempBlock": [ - { - "type": "aws:cdk:logicalId", - "data": "requestorVpcTempBlock78E0B4F4" - } - ], - "/requestor-stack/VpcB/Resource": [ + "/requestor-stack/requestorVpcCrossAccount/Resource": [ { "type": "aws:cdk:logicalId", - "data": "VpcB98A08B07" + "data": "requestorVpcCrossAccount6372A252" } ], - "/requestor-stack/VpcB/acceptorAccountCrossRegionPeering/VPCPeeringConnection": [ + "/requestor-stack/requestorVpcCrossAccount/acceptorAccountCrossRegionPeering/VPCPeeringConnection": [ { "type": "aws:cdk:logicalId", - "data": "VpcBacceptorAccountCrossRegionPeeringVPCPeeringConnection8510BFF3" + "data": "requestorVpcCrossAccountacceptorAccountCrossRegionPeeringVPCPeeringConnection3605B6B0" } ], "/requestor-stack/RouteTable/RouteTable": [ diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/requestor-stack.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/requestor-stack.assets.json new file mode 100644 index 0000000000000..89ed3e092b207 --- /dev/null +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/requestor-stack.assets.json @@ -0,0 +1,20 @@ +{ + "version": "38.0.1", + "files": { + "fc15bc49f7a6a9e5349f088175d53557b03bf8d8766ab06caaefc7b68c22cc6f": { + "source": { + "path": "requestor-stack.template.json", + "packaging": "file" + }, + "destinations": { + "12345678-us-east-2": { + "bucketName": "cdk-hnb659fds-assets-12345678-us-east-2", + "objectKey": "fc15bc49f7a6a9e5349f088175d53557b03bf8d8766ab06caaefc7b68c22cc6f.json", + "region": "us-east-2", + "assumeRoleArn": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-us-east-2" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/requestor-stack.template.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/requestor-stack.template.json similarity index 64% rename from packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/requestor-stack.template.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/requestor-stack.template.json index d2ec40b042e07..bec22c3dffc3c 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/requestor-stack.template.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/requestor-stack.template.json @@ -1,27 +1,6 @@ { "Resources": { - "requestorVpcFFA7DDD4": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.1.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default" - } - }, - "requestorVpcTempBlock78E0B4F4": { - "Type": "AWS::EC2::VPCCidrBlock", - "Properties": { - "CidrBlock": "10.3.0.0/16", - "VpcId": { - "Fn::GetAtt": [ - "requestorVpcFFA7DDD4", - "VpcId" - ] - } - } - }, - "VpcB98A08B07": { + "requestorVpcCrossAccount6372A252": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.2.0.0/16", @@ -30,20 +9,16 @@ "InstanceTenancy": "default" } }, - "VpcBacceptorAccountCrossRegionPeeringVPCPeeringConnection8510BFF3": { + "requestorVpcCrossAccountacceptorAccountCrossRegionPeeringVPCPeeringConnection3605B6B0": { "Type": "AWS::EC2::VPCPeeringConnection", "Properties": { - "PeerOwnerId": "12345678", - "PeerRegion": "us-east-1", - "PeerVpcId": { - "Fn::GetAtt": [ - "requestorVpcFFA7DDD4", - "VpcId" - ] - }, + "PeerOwnerId": "916743627080", + "PeerRegion": "us-east-2", + "PeerRoleArn": "arn:aws:iam::916743627080:role/VpcPeeringRole", + "PeerVpcId": "vpc-09b9235d8a3195ba3", "VpcId": { "Fn::GetAtt": [ - "VpcB98A08B07", + "requestorVpcCrossAccount6372A252", "VpcId" ] } @@ -54,7 +29,7 @@ "Properties": { "VpcId": { "Fn::GetAtt": [ - "VpcB98A08B07", + "requestorVpcCrossAccount6372A252", "VpcId" ] } @@ -72,13 +47,13 @@ }, "VpcPeeringConnectionId": { "Fn::GetAtt": [ - "VpcBacceptorAccountCrossRegionPeeringVPCPeeringConnection8510BFF3", + "requestorVpcCrossAccountacceptorAccountCrossRegionPeeringVPCPeeringConnection3605B6B0", "Id" ] } }, "DependsOn": [ - "VpcBacceptorAccountCrossRegionPeeringVPCPeeringConnection8510BFF3" + "requestorVpcCrossAccountacceptorAccountCrossRegionPeeringVPCPeeringConnection3605B6B0" ] } }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/tree.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/tree.json similarity index 84% rename from packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/tree.json rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/tree.json index b4edf1295d79b..3a63c26903e05 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.js.snapshot/tree.json @@ -53,7 +53,7 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::234567890123:root" + "AWS": "arn:aws:iam::12345678:root" } } ], @@ -91,7 +91,7 @@ { "Ref": "AWS::Partition" }, - ":ec2:us-east-1:234567890123:vpc/", + ":ec2:us-east-2:916743627080:vpc/", { "Fn::GetAtt": [ "acceptorVpc5B7D1670", @@ -114,7 +114,7 @@ { "Ref": "AWS::Partition" }, - ":ec2:us-east-1:234567890123:vpc/", + ":ec2:us-east-2:916743627080:vpc/", { "Fn::GetAtt": [ "acceptorVpc5B7D1670", @@ -135,7 +135,7 @@ { "Ref": "AWS::Partition" }, - ":ec2:us-east-1:234567890123:vpc-peering-connection/*" + ":ec2:us-east-2:916743627080:vpc-peering-connection/*" ] ] } @@ -174,39 +174,13 @@ "version": "0.0.0" } }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "acceptor-stack/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "acceptor-stack/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "requestor-stack": { - "id": "requestor-stack", - "path": "requestor-stack", - "children": { - "requestorVpc": { - "id": "requestorVpc", - "path": "requestor-stack/requestorVpc", + "requestorVpcSameAccount": { + "id": "requestorVpcSameAccount", + "path": "acceptor-stack/requestorVpcSameAccount", "children": { "Resource": { "id": "Resource", - "path": "requestor-stack/requestorVpc/Resource", + "path": "acceptor-stack/requestorVpcSameAccount/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::VPC", "aws:cdk:cloudformation:props": { @@ -221,23 +195,40 @@ "version": "0.0.0" } }, - "TempBlock": { - "id": "TempBlock", - "path": "requestor-stack/requestorVpc/TempBlock", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EC2::VPCCidrBlock", - "aws:cdk:cloudformation:props": { - "cidrBlock": "10.3.0.0/16", - "vpcId": { - "Fn::GetAtt": [ - "requestorVpcFFA7DDD4", - "VpcId" - ] + "sameAccountPeering": { + "id": "sameAccountPeering", + "path": "acceptor-stack/requestorVpcSameAccount/sameAccountPeering", + "children": { + "VPCPeeringConnection": { + "id": "VPCPeeringConnection", + "path": "acceptor-stack/requestorVpcSameAccount/sameAccountPeering/VPCPeeringConnection", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCPeeringConnection", + "aws:cdk:cloudformation:props": { + "peerOwnerId": "916743627080", + "peerRegion": "us-east-2", + "peerVpcId": { + "Fn::GetAtt": [ + "acceptorVpc5B7D1670", + "VpcId" + ] + }, + "vpcId": { + "Fn::GetAtt": [ + "requestorVpcSameAccountF27E91F7", + "VpcId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCPeeringConnection", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCCidrBlock", + "fqn": "@aws-cdk/aws-ec2-alpha.VPCPeeringConnection", "version": "0.0.0" } } @@ -247,13 +238,47 @@ "version": "0.0.0" } }, - "VpcB": { - "id": "VpcB", - "path": "requestor-stack/VpcB", + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "acceptor-stack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "acceptor-stack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "requestor-stack": { + "id": "requestor-stack", + "path": "requestor-stack", + "children": { + "acceptorVpc": { + "id": "acceptorVpc", + "path": "requestor-stack/acceptorVpc", + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2-alpha.VpcV2Base", + "version": "0.0.0" + } + }, + "requestorVpcCrossAccount": { + "id": "requestorVpcCrossAccount", + "path": "requestor-stack/requestorVpcCrossAccount", "children": { "Resource": { "id": "Resource", - "path": "requestor-stack/VpcB/Resource", + "path": "requestor-stack/requestorVpcCrossAccount/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::VPC", "aws:cdk:cloudformation:props": { @@ -270,25 +295,21 @@ }, "acceptorAccountCrossRegionPeering": { "id": "acceptorAccountCrossRegionPeering", - "path": "requestor-stack/VpcB/acceptorAccountCrossRegionPeering", + "path": "requestor-stack/requestorVpcCrossAccount/acceptorAccountCrossRegionPeering", "children": { "VPCPeeringConnection": { "id": "VPCPeeringConnection", - "path": "requestor-stack/VpcB/acceptorAccountCrossRegionPeering/VPCPeeringConnection", + "path": "requestor-stack/requestorVpcCrossAccount/acceptorAccountCrossRegionPeering/VPCPeeringConnection", "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::VPCPeeringConnection", "aws:cdk:cloudformation:props": { - "peerOwnerId": "123456789012", - "peerRegion": "us-east-1", - "peerVpcId": { - "Fn::GetAtt": [ - "requestorVpcFFA7DDD4", - "VpcId" - ] - }, + "peerOwnerId": "916743627080", + "peerRegion": "us-east-2", + "peerRoleArn": "arn:aws:iam::916743627080:role/VpcPeeringRole", + "peerVpcId": "vpc-09b9235d8a3195ba3", "vpcId": { "Fn::GetAtt": [ - "VpcB98A08B07", + "requestorVpcCrossAccount6372A252", "VpcId" ] } @@ -323,7 +344,7 @@ "aws:cdk:cloudformation:props": { "vpcId": { "Fn::GetAtt": [ - "VpcB98A08B07", + "requestorVpcCrossAccount6372A252", "VpcId" ] } @@ -353,7 +374,7 @@ }, "vpcPeeringConnectionId": { "Fn::GetAtt": [ - "VpcBacceptorAccountCrossRegionPeeringVPCPeeringConnection8510BFF3", + "requestorVpcCrossAccountacceptorAccountCrossRegionPeeringVPCPeeringConnection3605B6B0", "Id" ] } @@ -411,7 +432,7 @@ "path": "VpcpcCrossAccountInteg/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.3.0" + "version": "10.4.2" } }, "DeployAssert": { @@ -457,7 +478,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.3.0" + "version": "10.4.2" } } }, diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.ts b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.ts similarity index 68% rename from packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.ts rename to packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.ts index c0106993e9664..bdd54fd5cfcd6 100644 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.ts +++ b/packages/@aws-cdk/aws-ec2-alpha/test/integ.peering-cross-account.ts @@ -18,14 +18,19 @@ * - assuming this is the default profile for aws credentials * * 2. Set environment variables - * a. `export CDK_INTEG_ACCOUNT=123456789012` - * b. `export CDK_INTEG_CROSS_ACCOUNT=234567890123` + * a. `export CDK_INTEG_ACCOUNT=812589051300` //Requestor Account + * b. `export CDK_INTEG_CROSS_ACCOUNT=916743627080` //Acceptor Account * - * 3. Run the integ test (from the @aws-cdk/aws-ec2-alpha/test directory) + * 3. Run the integ test (from the @aws-cdk/aws-ec2-alpha/test directory)with no clean flag * a. Get temporary console access credentials for Requestor Account - * - `yarn integ test/integ.vpcpc.js` + * - `yarn integ test/integ.vpcpc.js --no-clean` * b. Fall back if temp credentials do not work (account info may be in snapshot) * - `yarn integ test/integ.vpcpc.js --profiles cross-account` + * Note: Integration test will fail since vpcId of acceptor stack is a dummy value + * + * 4. Modify acceptorVpcId to actual physical Id and rerun the integration test to + * test cross account peering + * - `yarn integ test/integ.vpcpc.js` */ import * as vpc_v2 from '../lib/vpc-v2'; @@ -45,7 +50,18 @@ class AcceptorStack extends cdk.Stack { const acceptorVpc = new vpc_v2.VpcV2(this, 'acceptorVpc', { primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.0.0.0/16'), }); - acceptorVpc.createAcceptorVpcRole(acceptorAccount); + + //Same account VPC peering + const requestorVpc = new vpc_v2.VpcV2(this, 'requestorVpcSameAccount', { + primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.1.0.0/16'), + }); + + requestorVpc.createPeeringConnection('sameAccountPeering', { + acceptorVpc: acceptorVpc, + }); + + //For cross-account peering connection + acceptorVpc.createAcceptorVpcRole(account); } } @@ -53,19 +69,22 @@ class RequestorStack extends cdk.Stack { constructor(scope: Construct, id: string, props?: cdk.StackProps) { super(scope, id, props); - // TODO: Import acceptorVpc into the requestor stack - // Once implemented, need to test for cross account - const acceptorVpc = new vpc_v2.VpcV2(this, 'requestorVpc', { - primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.1.0.0/16'), - secondaryAddressBlocks: [vpc_v2.IpAddresses.ipv4('10.3.0.0/16', { cidrBlockName: 'TempBlock' })], + //Import acceptorVpc into the requestor stack, change vpcId after vpc is created using acceptorStack definition + const acceptorVpc = vpc_v2.VpcV2.fromVpcV2Attributes(this, 'acceptorVpc', { + //Replace VPC Id before running integ test again + vpcId: 'vpc-09b9235d8a3195ba3', + vpcCidrBlock: '10.0.0.0/16', + region: 'us-east-2', + ownerAccountId: acceptorAccount, }); - const requestorVpc = new vpc_v2.VpcV2(this, 'VpcB', { + const requestorVpc = new vpc_v2.VpcV2(this, 'requestorVpcCrossAccount', { primaryAddressBlock: vpc_v2.IpAddresses.ipv4('10.2.0.0/16'), }); const peeringConnection = requestorVpc.createPeeringConnection('acceptorAccountCrossRegionPeering', { acceptorVpc: acceptorVpc, + peerRoleArn: 'arn:aws:iam::916743627080:role/VpcPeeringRole', }); const routeTable = new RouteTable(this, 'RouteTable', { @@ -79,14 +98,14 @@ class RequestorStack extends cdk.Stack { const acceptorStack = new AcceptorStack(app, 'acceptor-stack', { env: { account: acceptorAccount, - region: 'us-east-1', + region: 'us-east-2', }, }); const requestorStack = new RequestorStack(app, 'requestor-stack', { env: { account: account, - region: 'us-east-1', + region: 'us-east-2', }, }); diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/acceptor-stack.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/acceptor-stack.assets.json deleted file mode 100644 index 5caef75119bf9..0000000000000 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/acceptor-stack.assets.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "version": "38.0.1", - "files": { - "0f24269a2562149271e39a0d72b62808fb6210582ae268699403114701a77f7d": { - "source": { - "path": "acceptor-stack.template.json", - "packaging": "file" - }, - "destinations": { - "234567890123-us-east-1": { - "bucketName": "cdk-hnb659fds-assets-234567890123-us-east-1", - "objectKey": "0f24269a2562149271e39a0d72b62808fb6210582ae268699403114701a77f7d.json", - "region": "us-east-1", - "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-file-publishing-role-234567890123-us-east-1" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/requestor-stack.assets.json b/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/requestor-stack.assets.json deleted file mode 100644 index 7a4af96bbe403..0000000000000 --- a/packages/@aws-cdk/aws-ec2-alpha/test/integ.vpcpc.js.snapshot/requestor-stack.assets.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "version": "38.0.1", - "files": { - "97ed73811c6238b5ca810c262385064a85e50d171ac8685e8aa595963d0ed115": { - "source": { - "path": "requestor-stack.template.json", - "packaging": "file" - }, - "destinations": { - "123456789012-us-east-1": { - "bucketName": "cdk-hnb659fds-assets-123456789012-us-east-1", - "objectKey": "97ed73811c6238b5ca810c262385064a85e50d171ac8685e8aa595963d0ed115.json", - "region": "us-east-1", - "assumeRoleArn": "arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-file-publishing-role-123456789012-us-east-1" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file