From 28094893c9d2dfff28702283ebef6b1230f6b9e2 Mon Sep 17 00:00:00 2001 From: Tatsuya Mori Date: Sat, 26 Aug 2023 15:51:40 +0000 Subject: [PATCH] fix:(ec2): networkAclName property for NetworkAcl does not work --- .../aws-cdk-ec2-vpc.assets.json | 6 +- .../aws-cdk-ec2-vpc.template.json | 136 +++---- .../integ.vpc-networkacl.js.snapshot/cdk.out | 2 +- .../integ.json | 2 +- .../manifest.json | 16 +- .../tree.json | 332 ++++++++++-------- .../test/aws-ec2/test/integ.vpc-networkacl.ts | 1 + .../aws-cdk-lib/aws-ec2/lib/network-acl.ts | 18 +- packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts | 17 + 9 files changed, 290 insertions(+), 240 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/aws-cdk-ec2-vpc.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/aws-cdk-ec2-vpc.assets.json index 4b6ba69d1a417..3a193622ede17 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/aws-cdk-ec2-vpc.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/aws-cdk-ec2-vpc.assets.json @@ -1,7 +1,7 @@ { - "version": "20.0.0", + "version": "34.0.0", "files": { - "04eb43593fbbe54e6eadc94dac3e2388aa1e9ef1bac4156293e7b6e2363b5bb4": { + "deb6adbcfa8931cee9545cb210604a66e240d637bdf67fca383fe3f17d220ae1": { "source": { "path": "aws-cdk-ec2-vpc.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "04eb43593fbbe54e6eadc94dac3e2388aa1e9ef1bac4156293e7b6e2363b5bb4.json", + "objectKey": "deb6adbcfa8931cee9545cb210604a66e240d637bdf67fca383fe3f17d220ae1.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/aws-cdk-ec2-vpc.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/aws-cdk-ec2-vpc.template.json index b24d1e366d717..03bf92ffdc46b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/aws-cdk-ec2-vpc.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/aws-cdk-ec2-vpc.template.json @@ -18,9 +18,6 @@ "MyVpcPublicSubnet1SubnetF6608456": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -44,21 +41,24 @@ "Key": "Name", "Value": "aws-cdk-ec2-vpc/MyVpc/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "MyVpcPublicSubnet1RouteTableC46AB2F4": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "Tags": [ { "Key": "Name", "Value": "aws-cdk-ec2-vpc/MyVpc/PublicSubnet1" } - ] + ], + "VpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "MyVpcPublicSubnet1RouteTableAssociation2ECEE1CB": { @@ -75,12 +75,12 @@ "MyVpcPublicSubnet1DefaultRoute95FDF9EB": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "MyVpcPublicSubnet1RouteTableC46AB2F4" - }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "MyVpcIGW5C4A4F63" + }, + "RouteTableId": { + "Ref": "MyVpcPublicSubnet1RouteTableC46AB2F4" } }, "DependsOn": [ @@ -102,15 +102,15 @@ "MyVpcPublicSubnet1NATGatewayAD3400C1": { "Type": "AWS::EC2::NatGateway", "Properties": { - "SubnetId": { - "Ref": "MyVpcPublicSubnet1SubnetF6608456" - }, "AllocationId": { "Fn::GetAtt": [ "MyVpcPublicSubnet1EIP096967CB", "AllocationId" ] }, + "SubnetId": { + "Ref": "MyVpcPublicSubnet1SubnetF6608456" + }, "Tags": [ { "Key": "Name", @@ -126,9 +126,6 @@ "MyVpcPublicSubnet2Subnet492B6BFB": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "AvailabilityZone": { "Fn::Select": [ 1, @@ -152,21 +149,24 @@ "Key": "Name", "Value": "aws-cdk-ec2-vpc/MyVpc/PublicSubnet2" } - ] + ], + "VpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "MyVpcPublicSubnet2RouteTable1DF17386": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "Tags": [ { "Key": "Name", "Value": "aws-cdk-ec2-vpc/MyVpc/PublicSubnet2" } - ] + ], + "VpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "MyVpcPublicSubnet2RouteTableAssociation227DE78D": { @@ -183,12 +183,12 @@ "MyVpcPublicSubnet2DefaultRoute052936F6": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "MyVpcPublicSubnet2RouteTable1DF17386" - }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "MyVpcIGW5C4A4F63" + }, + "RouteTableId": { + "Ref": "MyVpcPublicSubnet2RouteTable1DF17386" } }, "DependsOn": [ @@ -210,15 +210,15 @@ "MyVpcPublicSubnet2NATGateway91BFBEC9": { "Type": "AWS::EC2::NatGateway", "Properties": { - "SubnetId": { - "Ref": "MyVpcPublicSubnet2Subnet492B6BFB" - }, "AllocationId": { "Fn::GetAtt": [ "MyVpcPublicSubnet2EIP8CCBA239", "AllocationId" ] }, + "SubnetId": { + "Ref": "MyVpcPublicSubnet2Subnet492B6BFB" + }, "Tags": [ { "Key": "Name", @@ -234,9 +234,6 @@ "MyVpcPrivateSubnet1Subnet5057CF7E": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "AvailabilityZone": { "Fn::Select": [ 0, @@ -260,21 +257,24 @@ "Key": "Name", "Value": "aws-cdk-ec2-vpc/MyVpc/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "MyVpcPrivateSubnet1RouteTable8819E6E2": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "Tags": [ { "Key": "Name", "Value": "aws-cdk-ec2-vpc/MyVpc/PrivateSubnet1" } - ] + ], + "VpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "MyVpcPrivateSubnet1RouteTableAssociation56D38C7E": { @@ -291,21 +291,18 @@ "MyVpcPrivateSubnet1DefaultRouteA8CDE2FA": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "MyVpcPrivateSubnet1RouteTable8819E6E2" - }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "MyVpcPublicSubnet1NATGatewayAD3400C1" + }, + "RouteTableId": { + "Ref": "MyVpcPrivateSubnet1RouteTable8819E6E2" } } }, "MyVpcPrivateSubnet2Subnet0040C983": { "Type": "AWS::EC2::Subnet", "Properties": { - "VpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "AvailabilityZone": { "Fn::Select": [ 1, @@ -329,21 +326,24 @@ "Key": "Name", "Value": "aws-cdk-ec2-vpc/MyVpc/PrivateSubnet2" } - ] + ], + "VpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "MyVpcPrivateSubnet2RouteTableCEDCEECE": { "Type": "AWS::EC2::RouteTable", "Properties": { - "VpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "Tags": [ { "Key": "Name", "Value": "aws-cdk-ec2-vpc/MyVpc/PrivateSubnet2" } - ] + ], + "VpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "MyVpcPrivateSubnet2RouteTableAssociation86A610DA": { @@ -360,12 +360,12 @@ "MyVpcPrivateSubnet2DefaultRoute9CE96294": { "Type": "AWS::EC2::Route", "Properties": { - "RouteTableId": { - "Ref": "MyVpcPrivateSubnet2RouteTableCEDCEECE" - }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "MyVpcPublicSubnet2NATGateway91BFBEC9" + }, + "RouteTableId": { + "Ref": "MyVpcPrivateSubnet2RouteTableCEDCEECE" } } }, @@ -383,17 +383,23 @@ "MyVpcVPCGW488ACE0D": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { - "VpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "InternetGatewayId": { "Ref": "MyVpcIGW5C4A4F63" + }, + "VpcId": { + "Ref": "MyVpcF9F0CA6F" } } }, "myNACL198AF6597": { "Type": "AWS::EC2::NetworkAcl", "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "CustomNetworkAclName" + } + ], "VpcId": { "Ref": "MyVpcF9F0CA6F" } @@ -424,35 +430,35 @@ "myNACL1AllowDNSEgressD49F54D3": { "Type": "AWS::EC2::NetworkAclEntry", "Properties": { + "CidrBlock": "172.16.0.0/24", + "Egress": true, "NetworkAclId": { "Ref": "myNACL198AF6597" }, - "Protocol": 17, - "RuleAction": "allow", - "RuleNumber": 100, - "CidrBlock": "172.16.0.0/24", - "Egress": true, "PortRange": { "From": 53, "To": 53 - } + }, + "Protocol": 17, + "RuleAction": "allow", + "RuleNumber": 100 } }, "myNACL1AllowDNSIngress3030B2C3": { "Type": "AWS::EC2::NetworkAclEntry", "Properties": { + "CidrBlock": "0.0.0.0/0", + "Egress": false, "NetworkAclId": { "Ref": "myNACL198AF6597" }, - "Protocol": 17, - "RuleAction": "allow", - "RuleNumber": 100, - "CidrBlock": "0.0.0.0/0", - "Egress": false, "PortRange": { "From": 53, "To": 53 - } + }, + "Protocol": 17, + "RuleAction": "allow", + "RuleNumber": 100 } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/cdk.out index 8ecc185e9dbee..2313ab5436501 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"21.0.0"} \ No newline at end of file +{"version":"34.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/integ.json index a70bd4dc14ec2..38af1e4ed43ed 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "34.0.0", "testCases": { "integ.vpc-networkacl": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/manifest.json index 83d71d0ec94c3..efe5511d2d2aa 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/manifest.json @@ -1,12 +1,6 @@ { - "version": "20.0.0", + "version": "34.0.0", "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, "aws-cdk-ec2-vpc.assets": { "type": "cdk:asset-manifest", "properties": { @@ -23,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/04eb43593fbbe54e6eadc94dac3e2388aa1e9ef1bac4156293e7b6e2363b5bb4.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/deb6adbcfa8931cee9545cb210604a66e240d637bdf67fca383fe3f17d220ae1.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -221,6 +215,12 @@ ] }, "displayName": "aws-cdk-ec2-vpc" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/tree.json index a8a210b947398..2f51df52ca4c0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.js.snapshot/tree.json @@ -4,14 +4,6 @@ "id": "App", "path": "", "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, "aws-cdk-ec2-vpc": { "id": "aws-cdk-ec2-vpc", "path": "aws-cdk-ec2-vpc", @@ -39,8 +31,8 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnVPC", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "PublicSubnet1": { @@ -53,9 +45,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "availabilityZone": { "Fn::Select": [ 0, @@ -79,12 +68,15 @@ "key": "Name", "value": "aws-cdk-ec2-vpc/MyVpc/PublicSubnet1" } - ] + ], + "vpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "Acl": { @@ -92,7 +84,7 @@ "path": "aws-cdk-ec2-vpc/MyVpc/PublicSubnet1/Acl", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.2.69" } }, "RouteTable": { @@ -101,20 +93,20 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "tags": [ { "key": "Name", "value": "aws-cdk-ec2-vpc/MyVpc/PublicSubnet1" } - ] + ], + "vpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "RouteTableAssociation": { @@ -132,8 +124,8 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "DefaultRoute": { @@ -142,18 +134,18 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "MyVpcPublicSubnet1RouteTableC46AB2F4" - }, "destinationCidrBlock": "0.0.0.0/0", "gatewayId": { "Ref": "MyVpcIGW5C4A4F63" + }, + "routeTableId": { + "Ref": "MyVpcPublicSubnet1RouteTableC46AB2F4" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "EIP": { @@ -172,8 +164,8 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnEIP", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "NATGateway": { @@ -182,15 +174,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", "aws:cdk:cloudformation:props": { - "subnetId": { - "Ref": "MyVpcPublicSubnet1SubnetF6608456" - }, "allocationId": { "Fn::GetAtt": [ "MyVpcPublicSubnet1EIP096967CB", "AllocationId" ] }, + "subnetId": { + "Ref": "MyVpcPublicSubnet1SubnetF6608456" + }, "tags": [ { "key": "Name", @@ -200,14 +192,14 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnNatGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "PublicSubnet2": { @@ -220,9 +212,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "availabilityZone": { "Fn::Select": [ 1, @@ -246,12 +235,15 @@ "key": "Name", "value": "aws-cdk-ec2-vpc/MyVpc/PublicSubnet2" } - ] + ], + "vpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "Acl": { @@ -259,7 +251,7 @@ "path": "aws-cdk-ec2-vpc/MyVpc/PublicSubnet2/Acl", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.2.69" } }, "RouteTable": { @@ -268,20 +260,20 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "tags": [ { "key": "Name", "value": "aws-cdk-ec2-vpc/MyVpc/PublicSubnet2" } - ] + ], + "vpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "RouteTableAssociation": { @@ -299,8 +291,8 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "DefaultRoute": { @@ -309,18 +301,18 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "MyVpcPublicSubnet2RouteTable1DF17386" - }, "destinationCidrBlock": "0.0.0.0/0", "gatewayId": { "Ref": "MyVpcIGW5C4A4F63" + }, + "routeTableId": { + "Ref": "MyVpcPublicSubnet2RouteTable1DF17386" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "EIP": { @@ -339,8 +331,8 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnEIP", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "NATGateway": { @@ -349,15 +341,15 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", "aws:cdk:cloudformation:props": { - "subnetId": { - "Ref": "MyVpcPublicSubnet2Subnet492B6BFB" - }, "allocationId": { "Fn::GetAtt": [ "MyVpcPublicSubnet2EIP8CCBA239", "AllocationId" ] }, + "subnetId": { + "Ref": "MyVpcPublicSubnet2Subnet492B6BFB" + }, "tags": [ { "key": "Name", @@ -367,14 +359,14 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnNatGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "PrivateSubnet1": { @@ -387,9 +379,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "availabilityZone": { "Fn::Select": [ 0, @@ -413,12 +402,15 @@ "key": "Name", "value": "aws-cdk-ec2-vpc/MyVpc/PrivateSubnet1" } - ] + ], + "vpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "Acl": { @@ -426,7 +418,7 @@ "path": "aws-cdk-ec2-vpc/MyVpc/PrivateSubnet1/Acl", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.2.69" } }, "RouteTable": { @@ -435,20 +427,20 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "tags": [ { "key": "Name", "value": "aws-cdk-ec2-vpc/MyVpc/PrivateSubnet1" } - ] + ], + "vpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "RouteTableAssociation": { @@ -466,8 +458,8 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "DefaultRoute": { @@ -476,24 +468,24 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "MyVpcPrivateSubnet1RouteTable8819E6E2" - }, "destinationCidrBlock": "0.0.0.0/0", "natGatewayId": { "Ref": "MyVpcPublicSubnet1NATGatewayAD3400C1" + }, + "routeTableId": { + "Ref": "MyVpcPrivateSubnet1RouteTable8819E6E2" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "PrivateSubnet2": { @@ -506,9 +498,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "availabilityZone": { "Fn::Select": [ 1, @@ -532,12 +521,15 @@ "key": "Name", "value": "aws-cdk-ec2-vpc/MyVpc/PrivateSubnet2" } - ] + ], + "vpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "Acl": { @@ -545,7 +537,7 @@ "path": "aws-cdk-ec2-vpc/MyVpc/PrivateSubnet2/Acl", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.2.69" } }, "RouteTable": { @@ -554,20 +546,20 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "tags": [ { "key": "Name", "value": "aws-cdk-ec2-vpc/MyVpc/PrivateSubnet2" } - ] + ], + "vpcId": { + "Ref": "MyVpcF9F0CA6F" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "RouteTableAssociation": { @@ -585,8 +577,8 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "DefaultRoute": { @@ -595,24 +587,24 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::Route", "aws:cdk:cloudformation:props": { - "routeTableId": { - "Ref": "MyVpcPrivateSubnet2RouteTableCEDCEECE" - }, "destinationCidrBlock": "0.0.0.0/0", "natGatewayId": { "Ref": "MyVpcPublicSubnet2NATGateway91BFBEC9" + }, + "routeTableId": { + "Ref": "MyVpcPrivateSubnet2RouteTableCEDCEECE" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "IGW": { @@ -630,8 +622,8 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnInternetGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "VPCGW": { @@ -640,23 +632,23 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", "aws:cdk:cloudformation:props": { - "vpcId": { - "Ref": "MyVpcF9F0CA6F" - }, "internetGatewayId": { "Ref": "MyVpcIGW5C4A4F63" + }, + "vpcId": { + "Ref": "MyVpcF9F0CA6F" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnVPCGatewayAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.Vpc", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "myNACL1": { @@ -669,14 +661,20 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NetworkAcl", "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "CustomNetworkAclName" + } + ], "vpcId": { "Ref": "MyVpcF9F0CA6F" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnNetworkAcl", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "DefaultAssociationawscdkec2vpcMyVpcPrivateSubnet1FED4593C": { @@ -698,14 +696,14 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnetNetworkAclAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.SubnetNetworkAclAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "DefaultAssociationawscdkec2vpcMyVpcPrivateSubnet2A2D31E07": { @@ -727,14 +725,14 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnSubnetNetworkAclAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.SubnetNetworkAclAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "AllowDNSEgress": { @@ -747,29 +745,29 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NetworkAclEntry", "aws:cdk:cloudformation:props": { + "cidrBlock": "172.16.0.0/24", + "egress": true, "networkAclId": { "Ref": "myNACL198AF6597" }, - "protocol": 17, - "ruleAction": "allow", - "ruleNumber": 100, - "cidrBlock": "172.16.0.0/24", - "egress": true, "portRange": { "from": 53, "to": 53 - } + }, + "protocol": 17, + "ruleAction": "allow", + "ruleNumber": 100 } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnNetworkAclEntry", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.NetworkAclEntry", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } }, "AllowDNSIngress": { @@ -782,47 +780,71 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::EC2::NetworkAclEntry", "aws:cdk:cloudformation:props": { + "cidrBlock": "0.0.0.0/0", + "egress": false, "networkAclId": { "Ref": "myNACL198AF6597" }, - "protocol": 17, - "ruleAction": "allow", - "ruleNumber": 100, - "cidrBlock": "0.0.0.0/0", - "egress": false, "portRange": { "from": 53, "to": 53 - } + }, + "protocol": 17, + "ruleAction": "allow", + "ruleNumber": 100 } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.CfnNetworkAclEntry", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.NetworkAclEntry", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-ec2.NetworkAcl", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.69" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-ec2-vpc/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.69" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-ec2-vpc/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.69" } } }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.2.69" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.69" } } }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.2.69" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.ts index 6af38cb7f04da..c44c1198b4ec3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-networkacl.ts @@ -12,6 +12,7 @@ const vpc = new ec2.Vpc(stack, 'MyVpc'); const nacl1 = new ec2.NetworkAcl(stack, 'myNACL1', { vpc, + networkAclName: 'CustomNetworkAclName', subnetSelection: { subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }, }); diff --git a/packages/aws-cdk-lib/aws-ec2/lib/network-acl.ts b/packages/aws-cdk-lib/aws-ec2/lib/network-acl.ts index 323c4bd1b38e8..116d7f6f2822d 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/network-acl.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/network-acl.ts @@ -2,7 +2,12 @@ import { Construct } from 'constructs'; import { CfnNetworkAcl, CfnNetworkAclEntry, CfnSubnetNetworkAclAssociation } from './ec2.generated'; import { AclCidr, AclTraffic } from './network-acl-types'; import { ISubnet, IVpc, SubnetSelection } from './vpc'; -import { IResource, Resource } from '../../core'; +import { IResource, Resource, Tags } from '../../core'; + +/** + * Name tag constant + */ +const NAME_TAG: string = 'Name'; /** * A NetworkAcl @@ -51,10 +56,9 @@ export interface NetworkAclProps { /** * The name of the NetworkAcl. * - * It is not recommended to use an explicit name. + * Since the NetworkAcl resource doesn't support providing a physical name, the value provided here will be recorded in the `Name` tag. * - * @default If you don't specify a networkAclName, AWS CloudFormation generates a - * unique physical ID and uses that ID for the group name. + * @default CDK generated name */ readonly networkAclName?: string; @@ -112,12 +116,12 @@ export class NetworkAcl extends NetworkAclBase { private readonly vpc: IVpc; constructor(scope: Construct, id: string, props: NetworkAclProps) { - super(scope, id, { - physicalName: props.networkAclName, - }); + super(scope, id); this.vpc = props.vpc; + Tags.of(this).add(NAME_TAG, props.networkAclName || this.node.path); + this.networkAcl = new CfnNetworkAcl(this, 'Resource', { vpcId: props.vpc.vpcId, }); diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts index 90b90ac87cdec..01973a63c1eb8 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts @@ -1669,6 +1669,23 @@ describe('vpc', () => { }, }); }); + + test('with networkAclName, adds Name tag with the name', () => { + // GIVEN + const stack = getTestStack(); + const vpc = new Vpc(stack, 'TheVPC', { ipAddresses: IpAddresses.cidr('192.168.0.0/16') }); + + // WHEN + new NetworkAcl(stack, 'ACL', { + vpc, + networkAclName: 'CustomNetworkAclName', + }); + + Template.fromStack(stack).hasResource('AWS::EC2::NetworkAcl', hasTags([{ + Key: 'Name', + Value: 'CustomNetworkAclName', + }])); + }); }); describe('When creating a VPC with a custom CIDR range', () => {