-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: setup client VPC and associated endpoint for accessing the network
- Loading branch information
1 parent
f66ac4f
commit 16efcc9
Showing
6 changed files
with
309 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
| // SPDX-License-Identifier: MIT-0 | ||
|
|
||
| import * as cdk from 'aws-cdk-lib'; | ||
| import * as ec2 from 'aws-cdk-lib/aws-ec2'; | ||
| import * as constructs from 'constructs'; | ||
|
|
||
| import * as network from './network'; | ||
|
|
||
| /** | ||
| * Construct properties for `HyperledgerFabricVpc` | ||
| */ | ||
| export interface HyperledgerFabricClientProps { | ||
| /** | ||
| * Client VPC to create the endpoints. If not provided, | ||
| * VPC will be created with the default properties | ||
| * (CIDR-`10.0.0.0/16` and subnets of type `PRIVATE_ISOLATED`) | ||
| * | ||
| */ | ||
| readonly vpc?: ec2.IVpc; | ||
|
|
||
| } | ||
|
|
||
| /** | ||
| * Creates a VPC and endpoint that allows Hyperledger Fabric client to | ||
| * interact with the Hyperledger Fabric endpoints that Amazon Managed Blockchain | ||
| * exposes for the member and network resources. | ||
| */ | ||
| export class HyperledgerFabricClient extends constructs.Construct { | ||
|
|
||
| /** | ||
| * The client VPC that has endpoint to access the Amazon Managed Blockchain | ||
| */ | ||
| public readonly vpc: ec2.IVpc; | ||
|
|
||
| /** | ||
| * VPC endpoint to access Secret Manager | ||
| */ | ||
| public readonly secretsManagerVpcEndpoint: ec2.VpcEndpoint; | ||
|
|
||
| /** | ||
| * Managed Blockchain network VPC endpoint | ||
| */ | ||
| public readonly vpcEndpoint: ec2.VpcEndpoint; | ||
|
|
||
| constructor(scope: network.HyperledgerFabricNetwork, id: string, props?: HyperledgerFabricClientProps) { | ||
| super(scope, id); | ||
|
|
||
| // Collect metadata on the stack | ||
| const region = cdk.Stack.of(this).region; | ||
|
|
||
| // Populate instance variables from input properties, using defaults if values not provided | ||
| if (typeof props === 'undefined') props = {}; | ||
| this.vpc = props.vpc ?? new ec2.Vpc(this, 'ClientVpc', { subnetConfiguration: [{ name: 'Private', subnetType: ec2.SubnetType.PRIVATE_ISOLATED }] }); | ||
| const vpcEndpointServiceName = scope.vpcEndpointServiceName.replace(`com.amazonaws.${region}.`, ''); | ||
|
|
||
| // Add VPC FlowLogs with the default setting of trafficType:ALL and destination: CloudWatch Logs | ||
| this.vpc.addFlowLog('FlowLog'); | ||
|
|
||
| // Add a VPC endpoint to access the Managed Blockchain | ||
| const vpcService = new ec2.InterfaceVpcEndpointService( vpcEndpointServiceName ); | ||
| this.vpcEndpoint = this.vpc.addInterfaceEndpoint('LedgerEndpoint', { service: vpcService, open: false }); | ||
|
|
||
| // Add VPC endpoint to access the Secrets Manager | ||
| this.secretsManagerVpcEndpoint = this.vpc.addInterfaceEndpoint('SecretsManagerEndpoint', { service: ec2.InterfaceVpcEndpointAwsService.SECRETS_MANAGER }); | ||
|
|
||
| } | ||
|
|
||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
| // SPDX-License-Identifier: MIT-0 | ||
|
|
||
| import * as cdk from 'aws-cdk-lib'; | ||
| import * as assertions from 'aws-cdk-lib/assertions'; | ||
| import * as ec2 from 'aws-cdk-lib/aws-ec2'; | ||
|
|
||
| import * as hyperledger from '../src'; | ||
|
|
||
|
|
||
| const DEFAULT_ENV = { env: { region: 'us-east-1' } }; | ||
|
|
||
| const TOKEN_REGEXP = /^\$\{Token\[TOKEN\.[0-9]+\]\}$/; | ||
|
|
||
| describe('HyperledgerFabricClient', () => { | ||
|
|
||
| test('Create a client network with default properties', () => { | ||
| const app = new cdk.App(); | ||
| const stack = new cdk.Stack(app, 'TestStack', DEFAULT_ENV); | ||
| const network = new hyperledger.HyperledgerFabricNetwork(stack, 'TestHyperledgerFabricNetwork', { | ||
| networkName: 'TestNetwork', | ||
| memberName: 'TestMember', | ||
| }); | ||
|
|
||
| const template = assertions.Template.fromStack(stack); | ||
| template.resourceCountIs('AWS::EC2::VPC', 1); | ||
| template.hasResource('AWS::EC2::VPC', { | ||
| Properties: { | ||
| CidrBlock: '10.0.0.0/16', | ||
| EnableDnsHostnames: true, | ||
| EnableDnsSupport: true, | ||
| }, | ||
| }); | ||
| template.resourceCountIs('AWS::EC2::FlowLog', 1); | ||
| template.resourceCountIs('AWS::Logs::LogGroup', 1); | ||
| template.resourceCountIs('AWS::EC2::VPCEndpoint', 2); | ||
|
|
||
| expect(network.client.vpc.vpcId).toMatch(TOKEN_REGEXP); | ||
| expect(network.client.vpcEndpoint.vpcEndpointId).toMatch(TOKEN_REGEXP); | ||
| expect(network.client.secretsManagerVpcEndpoint.vpcEndpointId).toMatch(TOKEN_REGEXP); | ||
| }); | ||
|
|
||
| test('Create endpoints on existing a client network ', () => { | ||
| const app = new cdk.App(); | ||
| const stack = new cdk.Stack(app, 'TestStack', DEFAULT_ENV); | ||
| const vpc = new ec2.Vpc(stack, 'ClientVpc', { | ||
| cidr: '40.0.0.0/16', | ||
| subnetConfiguration: [{ name: 'Private', subnetType: ec2.SubnetType.PRIVATE_ISOLATED }], | ||
| }); | ||
| const network = new hyperledger.HyperledgerFabricNetwork(stack, 'TestHyperledgerFabricNetwork', { | ||
| networkName: 'TestNetwork', | ||
| memberName: 'TestMember', | ||
| client: { | ||
| vpc: vpc, | ||
| }, | ||
| }); | ||
| const template = assertions.Template.fromStack(stack); | ||
| template.resourceCountIs('AWS::EC2::VPC', 1); | ||
| template.hasResource('AWS::EC2::VPC', { | ||
| Properties: { | ||
| CidrBlock: '40.0.0.0/16', | ||
| EnableDnsHostnames: true, | ||
| EnableDnsSupport: true, | ||
| }, | ||
| }); | ||
| template.resourceCountIs('AWS::EC2::FlowLog', 1); | ||
| template.resourceCountIs('AWS::Logs::LogGroup', 1); | ||
| template.resourceCountIs('AWS::EC2::VPCEndpoint', 2); | ||
|
|
||
| expect(network.client.vpc.vpcId).toMatch(TOKEN_REGEXP); | ||
| expect(network.client.vpcEndpoint.vpcEndpointId).toMatch(TOKEN_REGEXP); | ||
| expect(network.client.secretsManagerVpcEndpoint.vpcEndpointId).toMatch(TOKEN_REGEXP); | ||
| }); | ||
|
|
||
| }); |