From 6e4529245cb9561d1c1e232102c44f40e04a6a35 Mon Sep 17 00:00:00 2001 From: Grace Luo <54298030+gracelu0@users.noreply.github.com> Date: Mon, 30 Dec 2024 10:59:37 -0800 Subject: [PATCH] =?UTF-8?q?Revert=20"fix(elasticloadbalancingv2):=20open,?= =?UTF-8?q?=20dual-stack-without-public-ipv4=20ALB=E2=80=A6"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 0731095f5a9e2f58ec113b4ae05894b95df89ea2. --- ...efaultTestDeployAssertFA6F90DD.assets.json | 2 +- ...-dualstack-without-public-ipv4.assets.json | 6 +-- ...ualstack-without-public-ipv4.template.json | 7 ---- .../cdk.out | 2 +- .../integ.json | 2 +- .../manifest.json | 4 +- .../tree.json | 11 +----- .../aws-elasticloadbalancingv2/README.md | 3 +- .../lib/alb/application-listener.ts | 3 +- .../test/alb/listener.test.ts | 37 ------------------- 10 files changed, 12 insertions(+), 65 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/AlbDualstackWithoutPublicIpv4DefaultTestDeployAssertFA6F90DD.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/AlbDualstackWithoutPublicIpv4DefaultTestDeployAssertFA6F90DD.assets.json index 3d5b95b9e8666..4a0f5e0c5e4b3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/AlbDualstackWithoutPublicIpv4DefaultTestDeployAssertFA6F90DD.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/AlbDualstackWithoutPublicIpv4DefaultTestDeployAssertFA6F90DD.assets.json @@ -1,5 +1,5 @@ { - "version": "38.0.1", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/aws-cdk-elbv2-integ-dualstack-without-public-ipv4.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/aws-cdk-elbv2-integ-dualstack-without-public-ipv4.assets.json index 14276309ba9ba..5091d2e660924 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/aws-cdk-elbv2-integ-dualstack-without-public-ipv4.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/aws-cdk-elbv2-integ-dualstack-without-public-ipv4.assets.json @@ -1,7 +1,7 @@ { - "version": "38.0.1", + "version": "36.0.0", "files": { - "0fac4619627ba59020023785c5d86d47abad0759e7add3aa2f150f8cbfcd7a9a": { + "688bf4caeb2845f3dc89826da60063b380e5d0fe7ab50a95f9ffc76451c42a77": { "source": { "path": "aws-cdk-elbv2-integ-dualstack-without-public-ipv4.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "0fac4619627ba59020023785c5d86d47abad0759e7add3aa2f150f8cbfcd7a9a.json", + "objectKey": "688bf4caeb2845f3dc89826da60063b380e5d0fe7ab50a95f9ffc76451c42a77.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/aws-cdk-elbv2-integ-dualstack-without-public-ipv4.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/aws-cdk-elbv2-integ-dualstack-without-public-ipv4.template.json index d430a9159e6c5..8882537e5df34 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/aws-cdk-elbv2-integ-dualstack-without-public-ipv4.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/aws-cdk-elbv2-integ-dualstack-without-public-ipv4.template.json @@ -530,13 +530,6 @@ "FromPort": 80, "IpProtocol": "tcp", "ToPort": 80 - }, - { - "CidrIpv6": "::/0", - "Description": "Allow from anyone on port 80", - "FromPort": 80, - "IpProtocol": "tcp", - "ToPort": 80 } ], "VpcId": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/cdk.out index c6e612584e352..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"38.0.1"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/integ.json index 975d3543a4156..4fd4fa6f896d6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "38.0.1", + "version": "36.0.0", "testCases": { "AlbDualstackWithoutPublicIpv4/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/manifest.json index 3c6852a3f2e04..87f61f9552ca1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "38.0.1", + "version": "36.0.0", "artifacts": { "aws-cdk-elbv2-integ-dualstack-without-public-ipv4.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0fac4619627ba59020023785c5d86d47abad0759e7add3aa2f150f8cbfcd7a9a.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/688bf4caeb2845f3dc89826da60063b380e5d0fe7ab50a95f9ffc76451c42a77.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/tree.json index f8537fa89d692..07d5c271d52c2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.dualstack-without-public-ipv4.js.snapshot/tree.json @@ -821,13 +821,6 @@ "fromPort": 80, "toPort": 80, "description": "Allow from anyone on port 80" - }, - { - "cidrIpv6": "::/0", - "ipProtocol": "tcp", - "fromPort": 80, - "toPort": 80, - "description": "Allow from anyone on port 80" } ], "vpcId": { @@ -1276,7 +1269,7 @@ "path": "AlbDualstackWithoutPublicIpv4/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.4.2" + "version": "10.3.0" } }, "DeployAssert": { @@ -1322,7 +1315,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.4.2" + "version": "10.3.0" } } }, diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md index 6e4ae54ad3534..f55effba63631 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/README.md @@ -298,14 +298,13 @@ const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', { }); ``` -By setting `DUAL_STACK_WITHOUT_PUBLIC_IPV4`, you can provision load balancers without public IPv4s: +By setting `DUAL_STACK_WITHOUT_PUBLIC_IPV4`, you can provision load balancers without public IPv4s ```ts declare const vpc: ec2.Vpc; const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', { vpc, - internetFacing: true, ipAddressType: elbv2.IpAddressType.DUAL_STACK_WITHOUT_PUBLIC_IPV4, }); ``` diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts index 35ba80472146b..07cfb949f3b83 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-listener.ts @@ -303,8 +303,7 @@ export class ApplicationListener extends BaseListener implements IApplicationLis if (props.open !== false) { this.connections.allowDefaultPortFrom(ec2.Peer.anyIpv4(), `Allow from anyone on port ${port}`); - if (this.loadBalancer.ipAddressType === IpAddressType.DUAL_STACK || - this.loadBalancer.ipAddressType === IpAddressType.DUAL_STACK_WITHOUT_PUBLIC_IPV4) { + if (this.loadBalancer.ipAddressType === IpAddressType.DUAL_STACK) { this.connections.allowDefaultPortFrom(ec2.Peer.anyIpv6(), `Allow from anyone on port ${port}`); } } diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts index 6f17cfc8a7979..1943a1945ac2a 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/listener.test.ts @@ -107,43 +107,6 @@ describe('tests', () => { }); }); - test('Listener default to open - IPv6 (dual stack without public IPV4)', () => { - // GIVEN - const stack = new cdk.Stack(); - const vpc = new ec2.Vpc(stack, 'Stack'); - const loadBalancer = new elbv2.ApplicationLoadBalancer(stack, 'LB', { - vpc, - internetFacing: true, - ipAddressType: elbv2.IpAddressType.DUAL_STACK_WITHOUT_PUBLIC_IPV4, - }); - - // WHEN - loadBalancer.addListener('MyListener', { - port: 80, - defaultTargetGroups: [new elbv2.ApplicationTargetGroup(stack, 'Group', { vpc, port: 80 })], - }); - - // THEN - Template.fromStack(stack).hasResourceProperties('AWS::EC2::SecurityGroup', { - SecurityGroupIngress: [ - { - Description: 'Allow from anyone on port 80', - CidrIp: '0.0.0.0/0', - FromPort: 80, - IpProtocol: 'tcp', - ToPort: 80, - }, - { - Description: 'Allow from anyone on port 80', - CidrIpv6: '::/0', - FromPort: 80, - IpProtocol: 'tcp', - ToPort: 80, - }, - ], - }); - }); - test('HTTPS listener requires certificate', () => { // GIVEN const stack = new cdk.Stack();