chore: remove udp and tcp_udp for LBWS (#3224)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.
aws · Jan 26, 2022 · 060b8d1 · 060b8d1
1 parent 7dfd222
commit 060b8d1
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 27 deletions.
diff --git a/internal/pkg/cli/svc_deploy_test.go b/internal/pkg/cli/svc_deploy_test.go
@@ -645,7 +645,7 @@ func TestSvcDeployOpts_deploySvc(t *testing.T) {
 		"fail to get public CIDR blocks": {
 			inBuildRequire: false,
 			inNLB: manifest.NetworkLoadBalancerConfiguration{
-				Port: aws.String("443/udp"),
+				Port: aws.String("443/tls"),
 			},
 			inEnvironment: &config.Environment{
 				Name:   mockEnvName,

diff --git a/internal/pkg/deploy/cloudformation/stack/transformers.go b/internal/pkg/deploy/cloudformation/stack/transformers.go
@@ -34,7 +34,7 @@ const (
 	defaultIAM             = disabled
 	defaultReadOnly        = true
 	defaultWritePermission = false
-	defaultNLBProtocol     = manifest.TCPUDP
+	defaultNLBProtocol     = manifest.TCP
 )
 
 // Supported capacityproviders for Fargate services

diff --git a/internal/pkg/manifest/validate.go b/internal/pkg/manifest/validate.go
@@ -33,13 +33,11 @@ const (
 )
 
 const (
-	TCPUDP = "TCP_UDP"
-	tcp    = "TCP"
-	udp    = "UDP"
-	tls    = "TLS"
+	TCP = "TCP"
+	tls = "TLS"
 )
 
-var validProtocols = []string{TCPUDP, tcp, udp, tls}
+var validProtocols = []string{TCP, tls}
 
 var (
 	intRangeBandRegexp  = regexp.MustCompile(`^(\d+)-(\d+)$`)
@@ -671,7 +669,7 @@ func validateNLBPort(port *string) error {
 		}
 	}
 	if !isValidProtocol {
-		return fmt.Errorf(`unrecognized protocol %s`, protocolVal)
+		return fmt.Errorf(`invalid protocol %s; valid protocols include %s`, protocolVal, english.WordSeries(validProtocols, "and"))
 	}
 	return nil
 }

diff --git a/internal/pkg/manifest/validate_test.go b/internal/pkg/manifest/validate_test.go
@@ -1102,32 +1102,34 @@ func TestNetworkLoadBalancerConfiguration_Validate(t *testing.T) {
 				Port: aws.String("443"),
 			},
 		},
-		"error if protocol is not recognized": {
+		"fail if protocol is not recognized": {
 			nlb: NetworkLoadBalancerConfiguration{
 				Port: aws.String("443/tps"),
 			},
 			wantedErrorMsgPrefix: `validate "nlb": `,
-			wantedError:          fmt.Errorf(`validate "port": unrecognized protocol tps`),
+			wantedError:          fmt.Errorf(`validate "port": invalid protocol tps; valid protocols include TCP and TLS`),
 		},
 		"success if tcp": {
 			nlb: NetworkLoadBalancerConfiguration{
 				Port: aws.String("443/tcp"),
 			},
 		},
-		"success if udp": {
+		"error if udp": {
 			nlb: NetworkLoadBalancerConfiguration{
 				Port: aws.String("161/udp"),
 			},
+			wantedError: fmt.Errorf(`validate "port": invalid protocol udp; valid protocols include TCP and TLS`),
 		},
 		"success if tls": {
 			nlb: NetworkLoadBalancerConfiguration{
 				Port: aws.String("443/tls"),
 			},
 		},
-		"success if tcp_udp": {
+		"error if tcp_udp": {
 			nlb: NetworkLoadBalancerConfiguration{
 				Port: aws.String("443/TCP_udp"),
 			},
+			wantedError: fmt.Errorf(`validate "port": invalid protocol TCP_udp; valid protocols include TCP and TLS`),
 		},
 	}
 

diff --git a/internal/pkg/template/templates/workloads/partials/cf/nlb.yml b/internal/pkg/template/templates/workloads/partials/cf/nlb.yml
@@ -57,8 +57,6 @@ NLBTargetGroup:
         Value: {{ .NLB.Listener.Stickiness }}
 {{- end}}
 {{- end}}
-      - Key: deregistration_delay.connection_termination.enabled {{/* It is recommended to have this enabled for UDP and TCP_UDP target groups */}}
-        Value: {{- if or (eq $.NLB.Listener.Protocol "UDP") (eq $.NLB.Listener.Protocol "TCP_UDP") }} true {{- else}} false {{- end}}
     TargetType: ip
     VpcId:
       Fn::ImportValue:
@@ -72,24 +70,11 @@ NLBSecurityGroup:
     GroupDescription: Allow access from the network load balancer to service
     SecurityGroupIngress:
 {{range $cidr := .NLB.PublicSubnetCIDRs}}
-      {{- if eq $.NLB.Listener.Protocol "TCP_UDP" }}
-      - CidrIp: {{$cidr}}
-        Description: Ingress to allow access from Network Load Balancer subnet
-        FromPort: {{ $.NLB.Listener.TargetPort }}
-        IpProtocol: TCP
-        ToPort: {{ $.NLB.Listener.TargetPort }}
-      - CidrIp: {{$cidr}}
-        Description: Ingress to allow access from Network Load Balancer subnet
-        FromPort: {{ $.NLB.Listener.TargetPort }}
-        IpProtocol: UDP
-        ToPort: {{ $.NLB.Listener.TargetPort }}
-      {{- else }}
       - CidrIp: {{$cidr}}
         Description: Ingress to allow access from Network Load Balancer subnet
         FromPort: {{ $.NLB.Listener.TargetPort }}
         IpProtocol: {{- if eq $.NLB.Listener.Protocol "TLS" }} TCP {{- else }} {{ $.NLB.Listener.Protocol }} {{- end}}
         ToPort: {{ $.NLB.Listener.TargetPort }}
-      {{- end }}
       {{- if $.NLB.Listener.HealthCheck.Port}}{{- if ne $.NLB.Listener.HealthCheck.Port $.NLB.Listener.Port}}
       - CidrIp: {{$cidr}}
         Description: Ingress to allow access from Network Load Balancer subnet for health check