Merge branch 'main' into colifran/response-data

aws · Apr 13, 2024 · 1f08e31 · 1f08e31
2 parents e3b2344 + f10494c
commit 1f08e31
Show file tree

Hide file tree

Showing 6 changed files with 90 additions and 10 deletions.
diff --git a/packages/aws-cdk-lib/aws-ec2/README.md b/packages/aws-cdk-lib/aws-ec2/README.md
@@ -215,7 +215,7 @@ const provider = ec2.NatProvider.instanceV2({
 new ec2.Vpc(this, 'TheVPC', {
   natGatewayProvider: provider,
 });
-provider.connections.allowFrom(ec2.Peer.ipv4('1.2.3.4/8'), ec2.Port.tcp(80));
+provider.connections.allowFrom(ec2.Peer.ipv4('1.2.3.4/8'), ec2.Port.HTTP);
 ```
 
 You can also customize the characteristics of your NAT instances, including their security group,
@@ -266,7 +266,7 @@ const provider = ec2.NatProvider.instance({
 new ec2.Vpc(this, 'TheVPC', {
   natGatewayProvider: provider,
 });
-provider.connections.allowFrom(ec2.Peer.ipv4('1.2.3.4/8'), ec2.Port.tcp(80));
+provider.connections.allowFrom(ec2.Peer.ipv4('1.2.3.4/8'), ec2.Port.HTTP);
 ```
 
 ### Ip Address Management
@@ -724,13 +724,13 @@ declare const appFleet: autoscaling.AutoScalingGroup;
 declare const dbFleet: autoscaling.AutoScalingGroup;
 
 // Allow connections from anywhere
-loadBalancer.connections.allowFromAnyIpv4(ec2.Port.tcp(443), 'Allow inbound HTTPS');
+loadBalancer.connections.allowFromAnyIpv4(ec2.Port.HTTPS, 'Allow inbound HTTPS');
 
 // The same, but an explicit IP address
-loadBalancer.connections.allowFrom(ec2.Peer.ipv4('1.2.3.4/32'), ec2.Port.tcp(443), 'Allow inbound HTTPS');
+loadBalancer.connections.allowFrom(ec2.Peer.ipv4('1.2.3.4/32'), ec2.Port.HTTPS, 'Allow inbound HTTPS');
 
 // Allow connection between AutoScalingGroups
-appFleet.connections.allowTo(dbFleet, ec2.Port.tcp(443), 'App can call database');
+appFleet.connections.allowTo(dbFleet, ec2.Port.HTTPS, 'App can call database');
 ```
 
 ### Connection Peers
@@ -747,7 +747,7 @@ peer = ec2.Peer.anyIpv4();
 peer = ec2.Peer.ipv6('::0/0');
 peer = ec2.Peer.anyIpv6();
 peer = ec2.Peer.prefixList('pl-12345');
-appFleet.connections.allowTo(peer, ec2.Port.tcp(443), 'Allow outbound HTTPS');
+appFleet.connections.allowTo(peer, ec2.Port.HTTPS, 'Allow outbound HTTPS');
 ```
 
 Any object that has a security group can itself be used as a connection peer:
@@ -758,9 +758,9 @@ declare const fleet2: autoscaling.AutoScalingGroup;
 declare const appFleet: autoscaling.AutoScalingGroup;
 
 // These automatically create appropriate ingress and egress rules in both security groups
-fleet1.connections.allowTo(fleet2, ec2.Port.tcp(80), 'Allow between fleets');
+fleet1.connections.allowTo(fleet2, ec2.Port.HTTP, 'Allow between fleets');
 
-appFleet.connections.allowFromAnyIpv4(ec2.Port.tcp(80), 'Allow from load balancer');
+appFleet.connections.allowFromAnyIpv4(ec2.Port.HTTP, 'Allow from load balancer');
 ```
 
 ### Port Ranges
@@ -770,6 +770,7 @@ the connection specifier:
 
 ```ts
 ec2.Port.tcp(80)
+ec2.Port.HTTPS
 ec2.Port.tcpRange(60000, 65535)
 ec2.Port.allTcp()
 ec2.Port.allIcmp()
@@ -823,7 +824,7 @@ const mySecurityGroupWithoutInlineRules = new ec2.SecurityGroup(this, 'SecurityG
   disableInlineRules: true
 });
 //This will add the rule as an external cloud formation construct
-mySecurityGroupWithoutInlineRules.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(22), 'allow ssh access from the world');
+mySecurityGroupWithoutInlineRules.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.SSH, 'allow ssh access from the world');
 ```
 
 ### Importing an existing security group

diff --git a/packages/aws-cdk-lib/aws-ec2/lib/port.ts b/packages/aws-cdk-lib/aws-ec2/lib/port.ts
@@ -188,6 +188,41 @@ export interface PortProps {
  * Interface for classes that provide the connection-specification parts of a security group rule
  */
 export class Port {
+  /** Well-known SSH port (TCP 22) */
+  public static readonly SSH = Port.tcp(22);
+  /** Well-known SMTP port (TCP 25) */
+  public static readonly SMTP = Port.tcp(25);
+  /** Well-known DNS port (UDP 53) */
+  public static readonly DNS_UDP = Port.udp(53);
+  /** Well-known DNS port (TCP 53) */
+  public static readonly DNS_TCP = Port.tcp(53);
+  /** Well-known HTTP port (TCP 80) */
+  public static readonly HTTP = Port.tcp(80);
+  /** Well-known POP3 port (TCP 110) */
+  public static readonly POP3 = Port.tcp(110);
+  /** Well-known IMAP port (TCP 143) */
+  public static readonly IMAP = Port.tcp(143);
+  /** Well-known LDAP port (TCP 389) */
+  public static readonly LDAP = Port.tcp(389);
+  /** Well-known HTTPS port (TCP 443) */
+  public static readonly HTTPS = Port.tcp(443);
+  /** Well-known SMB port (TCP 445) */
+  public static readonly SMB = Port.tcp(445);
+  /** Well-known IMAPS port (TCP 993) */
+  public static readonly IMAPS = Port.tcp(993);
+  /** Well-known POP3S port (TCP 995) */
+  public static readonly POP3S = Port.tcp(995);
+  /** Well-known Microsoft SQL Server port (TCP 1433) */
+  public static readonly MSSQL = Port.tcp(1433);
+  /** Well-known NFS port (TCP 2049) */
+  public static readonly NFS = Port.tcp(2049);
+  /** Well-known MySQL and Aurora port (TCP 3306) */
+  public static readonly MYSQL_AURORA = Port.tcp(3306);
+  /** Well-known Microsoft Remote Desktop Protocol port (TCP 3389) */
+  public static readonly RDP = Port.tcp(3389);
+  /** Well-known PostgreSQL port (TCP 5432) */
+  public static readonly POSTGRES = Port.tcp(5432);
+
   /**
    * A single TCP port
    */

diff --git a/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts b/packages/aws-cdk-lib/aws-ec2/test/security-group.test.ts
@@ -503,6 +503,12 @@ describe('security group', () => {
         }],
       });
     });
+
+    test('Static well-known ports are well-defined', () => {
+      // THEN
+      expect(Port.SSH).toEqual(Port.tcp(22));
+      expect(Port.DNS_UDP).toEqual(Port.udp(53));
+    });
   });
 });
 

diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function.ts b/packages/aws-cdk-lib/aws-lambda/lib/function.ts
@@ -671,7 +671,18 @@ export class Function extends FunctionBase {
    * in the same account and region as the stack you are importing it into.
    */
   public static fromFunctionArn(scope: Construct, id: string, functionArn: string): IFunction {
-    return Function.fromFunctionAttributes(scope, id, { functionArn });
+    /**
+     * If the functionArn has a trailing version or alias (more than 7 parts when split by ":",
+     * we trim off the trailing version/alias to retrieve the real functionArn.
+     * See lambda resource ARN format here: https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html
+     */
+    const parts = functionArn.split(':');
+    if (parts.length > 7) {
+      const _functionArn = parts.slice(0, 7).join(':');
+      return Function.fromFunctionAttributes(scope, id, { functionArn: _functionArn });
+    } else {
+      return Function.fromFunctionAttributes(scope, id, { functionArn });
+    }
   }
 
   /**

diff --git a/packages/aws-cdk-lib/aws-lambda/test/function.test.ts b/packages/aws-cdk-lib/aws-lambda/test/function.test.ts
@@ -397,6 +397,30 @@ describe('function', () => {
     expect(imported.functionName).toEqual('ProcessKinesisRecords');
   });
 
+  test('fromFunctionArn with verionArn as the input', () => {
+    // GIVEN
+    const stack2 = new cdk.Stack();
+
+    // WHEN
+    const imported = lambda.Function.fromFunctionArn(stack2, 'Imported', 'arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:1');
+
+    // THEN
+    expect(imported.functionArn).toEqual('arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords');
+    expect(imported.functionName).toEqual('ProcessKinesisRecords');
+  });
+
+  test('fromFunctionArn with trailing alias as the input', () => {
+    // GIVEN
+    const stack2 = new cdk.Stack();
+
+    // WHEN
+    const imported = lambda.Function.fromFunctionArn(stack2, 'Imported', 'arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:TEST');
+
+    // THEN
+    expect(imported.functionArn).toEqual('arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords');
+    expect(imported.functionName).toEqual('ProcessKinesisRecords');
+  });
+
   test('Function.fromFunctionName', () => {
     // GIVEN
     const stack = new cdk.Stack();

diff --git a/packages/aws-cdk-lib/aws-lambda/test/lambda-version.test.ts b/packages/aws-cdk-lib/aws-lambda/test/lambda-version.test.ts
@@ -15,6 +15,9 @@ describe('lambda version', () => {
     // WHEN
     const version = lambda.Version.fromVersionArn(stack, 'Version', 'arn:aws:lambda:region:account-id:function:function-name:version');
 
+    expect(version.version).toStrictEqual('version');
+    expect(version.lambda.functionArn).toStrictEqual('arn:aws:lambda:region:account-id:function:function-name');
+
     new cdk.CfnOutput(stack, 'ARN', { value: version.functionArn });
     new cdk.CfnOutput(stack, 'Name', { value: version.functionName });
-Original file line number
+Diff line change
@@ Expand Up / @@ -503,6 +503,12 @@ describe('security group', () => { @@
             }],
           });
         });
+        test('Static well-known ports are well-defined', () => {
+          // THEN
+          expect(Port.SSH).toEqual(Port.tcp(22));
+          expect(Port.DNS_UDP).toEqual(Port.udp(53));
+        });
       });
     });
@@ Expand Down @@