diff --git a/internal/pkg/cli/svc_deploy_test.go b/internal/pkg/cli/svc_deploy_test.go index 5fc72f510db..ca7d07d439f 100644 --- a/internal/pkg/cli/svc_deploy_test.go +++ b/internal/pkg/cli/svc_deploy_test.go @@ -645,7 +645,7 @@ func TestSvcDeployOpts_deploySvc(t *testing.T) { "fail to get public CIDR blocks": { inBuildRequire: false, inNLB: manifest.NetworkLoadBalancerConfiguration{ - Port: aws.String("443/udp"), + Port: aws.String("443/tls"), }, inEnvironment: &config.Environment{ Name: mockEnvName, diff --git a/internal/pkg/deploy/cloudformation/stack/transformers.go b/internal/pkg/deploy/cloudformation/stack/transformers.go index 165e4e394e8..ef9ec053582 100644 --- a/internal/pkg/deploy/cloudformation/stack/transformers.go +++ b/internal/pkg/deploy/cloudformation/stack/transformers.go @@ -34,7 +34,7 @@ const ( defaultIAM = disabled defaultReadOnly = true defaultWritePermission = false - defaultNLBProtocol = manifest.TCPUDP + defaultNLBProtocol = manifest.TCP ) // Supported capacityproviders for Fargate services diff --git a/internal/pkg/manifest/validate.go b/internal/pkg/manifest/validate.go index f300c961df0..60b8a357256 100644 --- a/internal/pkg/manifest/validate.go +++ b/internal/pkg/manifest/validate.go @@ -33,13 +33,11 @@ const ( ) const ( - TCPUDP = "TCP_UDP" - tcp = "TCP" - udp = "UDP" - tls = "TLS" + TCP = "TCP" + tls = "TLS" ) -var validProtocols = []string{TCPUDP, tcp, udp, tls} +var validProtocols = []string{TCP, tls} var ( intRangeBandRegexp = regexp.MustCompile(`^(\d+)-(\d+)$`) @@ -671,7 +669,7 @@ func validateNLBPort(port *string) error { } } if !isValidProtocol { - return fmt.Errorf(`unrecognized protocol %s`, protocolVal) + return fmt.Errorf(`invalid protocol %s; valid protocols include %s`, protocolVal, english.WordSeries(validProtocols, "and")) } return nil } diff --git a/internal/pkg/manifest/validate_test.go b/internal/pkg/manifest/validate_test.go index c45de384981..8b6c934dff5 100644 --- a/internal/pkg/manifest/validate_test.go +++ b/internal/pkg/manifest/validate_test.go @@ -1102,32 +1102,34 @@ func TestNetworkLoadBalancerConfiguration_Validate(t *testing.T) { Port: aws.String("443"), }, }, - "error if protocol is not recognized": { + "fail if protocol is not recognized": { nlb: NetworkLoadBalancerConfiguration{ Port: aws.String("443/tps"), }, wantedErrorMsgPrefix: `validate "nlb": `, - wantedError: fmt.Errorf(`validate "port": unrecognized protocol tps`), + wantedError: fmt.Errorf(`validate "port": invalid protocol tps; valid protocols include TCP and TLS`), }, "success if tcp": { nlb: NetworkLoadBalancerConfiguration{ Port: aws.String("443/tcp"), }, }, - "success if udp": { + "error if udp": { nlb: NetworkLoadBalancerConfiguration{ Port: aws.String("161/udp"), }, + wantedError: fmt.Errorf(`validate "port": invalid protocol udp; valid protocols include TCP and TLS`), }, "success if tls": { nlb: NetworkLoadBalancerConfiguration{ Port: aws.String("443/tls"), }, }, - "success if tcp_udp": { + "error if tcp_udp": { nlb: NetworkLoadBalancerConfiguration{ Port: aws.String("443/TCP_udp"), }, + wantedError: fmt.Errorf(`validate "port": invalid protocol TCP_udp; valid protocols include TCP and TLS`), }, } diff --git a/internal/pkg/template/templates/workloads/partials/cf/nlb.yml b/internal/pkg/template/templates/workloads/partials/cf/nlb.yml index 3bd472978b5..7a5aed9aed6 100644 --- a/internal/pkg/template/templates/workloads/partials/cf/nlb.yml +++ b/internal/pkg/template/templates/workloads/partials/cf/nlb.yml @@ -57,8 +57,6 @@ NLBTargetGroup: Value: {{ .NLB.Listener.Stickiness }} {{- end}} {{- end}} - - Key: deregistration_delay.connection_termination.enabled {{/* It is recommended to have this enabled for UDP and TCP_UDP target groups */}} - Value: {{- if or (eq $.NLB.Listener.Protocol "UDP") (eq $.NLB.Listener.Protocol "TCP_UDP") }} true {{- else}} false {{- end}} TargetType: ip VpcId: Fn::ImportValue: @@ -72,24 +70,11 @@ NLBSecurityGroup: GroupDescription: Allow access from the network load balancer to service SecurityGroupIngress: {{range $cidr := .NLB.PublicSubnetCIDRs}} - {{- if eq $.NLB.Listener.Protocol "TCP_UDP" }} - - CidrIp: {{$cidr}} - Description: Ingress to allow access from Network Load Balancer subnet - FromPort: {{ $.NLB.Listener.TargetPort }} - IpProtocol: TCP - ToPort: {{ $.NLB.Listener.TargetPort }} - - CidrIp: {{$cidr}} - Description: Ingress to allow access from Network Load Balancer subnet - FromPort: {{ $.NLB.Listener.TargetPort }} - IpProtocol: UDP - ToPort: {{ $.NLB.Listener.TargetPort }} - {{- else }} - CidrIp: {{$cidr}} Description: Ingress to allow access from Network Load Balancer subnet FromPort: {{ $.NLB.Listener.TargetPort }} IpProtocol: {{- if eq $.NLB.Listener.Protocol "TLS" }} TCP {{- else }} {{ $.NLB.Listener.Protocol }} {{- end}} ToPort: {{ $.NLB.Listener.TargetPort }} - {{- end }} {{- if $.NLB.Listener.HealthCheck.Port}}{{- if ne $.NLB.Listener.HealthCheck.Port $.NLB.Listener.Port}} - CidrIp: {{$cidr}} Description: Ingress to allow access from Network Load Balancer subnet for health check