[aws-route53] Cannot create InterfaceVpcEndpointTarget from imported InterfaceVpcEndpoint #10432
Comments
jordansafer
added
bug
jordansafer
changed the title
jordansafer
changed the title
|
The security group import doesn't appear to be related. This happens even with a newly created security group: new InterfaceVpcEndpointTarget(InterfaceVpcEndpoint.fromInterfaceVpcEndpointAttributes(this, "vpc-endpoint",
InterfaceVpcEndpointAttributes.builder()
.port(443)
.vpcEndpointId("vpc-0123012301230123")
.securityGroups(Arrays.asList(new SecurityGroup(this, "sg-01230123012", SecurityGroupProps.builder()
.vpc(vpc)
.build())))
.build())); |
|
What's the status on this? Is it actively being worked on? |
|
I'm having this same issue when trying to create A record for AWS Transfer vpc endpoint. InterfaceVpcEndpoint is imported using vpcEndpointId fetched via custom resource but when trying to create InterfaceVpcEndpointTarget required by Route 53 RecordTarget it fails with Environment
|
|
Any update on this issue? This would really helpful if it gets resolved |
|
+1 This bug prevented us from using a cleaner method to reference interface endpoints created by other services in our AWS account. |
|
+1 |
|
Is there any plan to fix this? This is causing our team to manually create an ARecord since we can't use the reference. |
|
+1 |
…an imported endpoint (#21523) The `InterfaceVpcEndpointTarget` currently accepts an imported endpoint `IInterfaceVpcEndpoint`, but the actual implementation requires access to the `CfnVPCEndpoint` resource which is only available from the `InterfaceVpcEndpoint`. This appears as breaking, but I don't think it should be considered as breaking since you can currently _only_ pass a `InterfaceVpcEndpoint`. I thought about adding support for `IInterfaceVpcEndpoint`, but that would require updating the `fromxxx` method to take the route53 zone and the DNS name for the endpoint. If you need to know those values to use this construct then you might as well just create a normal Route53 record. closes #10432 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
…an imported endpoint (aws#21523) The `InterfaceVpcEndpointTarget` currently accepts an imported endpoint `IInterfaceVpcEndpoint`, but the actual implementation requires access to the `CfnVPCEndpoint` resource which is only available from the `InterfaceVpcEndpoint`. This appears as breaking, but I don't think it should be considered as breaking since you can currently _only_ pass a `InterfaceVpcEndpoint`. I thought about adding support for `IInterfaceVpcEndpoint`, but that would require updating the `fromxxx` method to take the route53 zone and the DNS name for the endpoint. If you need to know those values to use this construct then you might as well just create a normal Route53 record. closes aws#10432 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
I just hit this issue and I don't believe the issue is actually resolved. Above merger request does not fix the real issue which is that using Using Did anyone come up with any nice workarounds? |
|
meet the same issue with @grbinho . I'm trying to create Route 53 ARecord for Existing VPC Endpoint from CDK. But CDK don't allow me to do so. Did anyone come up with any solutions ? |
|
Hi @TaiDinh Below, you can find our workaround. import * as cr from 'aws-cdk-lib/custom-resources'
import * as route53 from 'aws-cdk-lib/aws-route53'
// and others you might need
const serverDescription = new cr.AwsCustomResource(wrapper, 'ServerDescription', {
onCreate: {
action: 'describeServer',
service: 'Transfer',
parameters: {
ServerId: this.sftpTransferFamilyServer.attrServerId,
},
physicalResourceId: cr.PhysicalResourceId.of(this.sftpTransferFamilyServer.attrServerId),
},
policy: cr.AwsCustomResourcePolicy.fromSdkCalls({ resources: [this.sftpTransferFamilyServer.attrArn] }),
})
const vpcEndpointId = serverDescription.getResponseField('Server.EndpointDetails.VpcEndpointId')
const vpcEndpointDescription = new cr.AwsCustomResource(wrapper, 'VpcEndpointDescription', {
onCreate: {
action: 'describeVpcEndpoints',
service: 'EC2',
parameters: {
Filters: [
{ Name: 'vpc-endpoint-id', Values: [vpcEndpointId] },
{ Name: 'vpc-endpoint-type', Values: ['Interface'] },
],
},
physicalResourceId: cr.PhysicalResourceId.of(vpcEndpointId),
},
policy: cr.AwsCustomResourcePolicy.fromStatements([
new iam.PolicyStatement({
actions: ['ec2:DescribeVpcEndpoints'],
resources: ['*'],
}),
]),
})
const vpcEndpointDnsName = vpcEndpointDescription.getResponseField('VpcEndpoints.0.DnsEntries.0.DnsName')
const vpcEndpointHostedZoneId = vpcEndpointDescription.getResponseField(
'VpcEndpoints.0.DnsEntries.0.HostedZoneId'
)
const hostedZone = props.vpcEndpointProps.hostedZone
new route53.ARecord(this, 'AliasRecord', {
recordName: props.vpcEndpointProps.dnsName,
zone: hostedZone,
target: route53.RecordTarget.fromAlias({
bind() {
return {
dnsName: vpcEndpointDnsName,
hostedZoneId: vpcEndpointHostedZoneId,
}
},
}),
}) |
Reproduction Steps
val VPC_ENDPOINT_ID = "vpc-0123012301230123"
val SECURITY_GROUP = "sg-0123012301230123"
val vpcEndpoint = InterfaceVpcEndpoint.fromInterfaceVpcEndpointAttributes(this, "vpc-endpoint",
InterfaceVpcEndpointAttributes.builder()
.vpcEndpointId(VPC_ENDPOINT_ID)
.port(443)
.securityGroups(
listOf(SecurityGroup.fromSecurityGroupId(this, "security-group", SECURITY_GROUP)))
.build())
InterfaceVpcEndpointTarget(vpcEndpoint)
What did you expect to happen?
I expected to get a Target to attach a CNAME to.
What actually happened?
This exception was thrown:
Exception in thread "main" software.amazon.jsii.JsiiException: No child with id: 'Resource'
Error: No child with id: 'Resource'
at Node.findChild (/private/var/folders/8b/0yrdf6_15b34kxc_76zdy6yj1c3v1n/T/jsii
-kernel-5L9bZQ/node_modules/constructs/lib/construct.js:86:19)
at ConstructNode.findChild (/private/var/folders/8b/0yrdf6_15b34kxc_76zdy6yj1c3v
1n/T/jsii-kernel-5L9bZQ/node_modules/@aws-cdk/core/lib/construct-compat.js:230:45)
at new InterfaceVpcEndpointTarget (/private/var/folders/8b/0yrdf6_15b34kxc_76zdy
6yj1c3v1n/T/jsii-kernel-5L9bZQ/node_modules/@aws-cdk/aws-route53-targets/lib/interfa
ce-vpc-endpoint-target.js:10:53)
at /private/var/folders/8b/0yrdf6_15b34kxc_76zdy6yj1c3v1n/T/jsii-java-runtime184
1546699463348999/jsii-runtime.js:7932:49
at Kernel._wrapSandboxCode (/private/var/folders/8b/0yrdf6_15b34kxc_76zdy6yj1c3v
1n/T/jsii-java-runtime1841546699463348999/jsii-runtime.js:8408:19)
at Kernel._create (/private/var/folders/8b/0yrdf6_15b34kxc_76zdy6yj1c3v1n/T/jsii
-java-runtime1841546699463348999/jsii-runtime.js:7932:26)
at Kernel.create (/private/var/folders/8b/0yrdf6_15b34kxc_76zdy6yj1c3v1n/T/jsii-
java-runtime1841546699463348999/jsii-runtime.js:7676:21)
at KernelHost.processRequest (/private/var/folders/8b/0yrdf6_15b34kxc_76zdy6yj1c
3v1n/T/jsii-java-runtime1841546699463348999/jsii-runtime.js:7456:28)
at KernelHost.run (/private/var/folders/8b/0yrdf6_15b34kxc_76zdy6yj1c3v1n/T/jsii
-java-runtime1841546699463348999/jsii-runtime.js:7394:14)
at Immediate._onImmediate (/private/var/folders/8b/0yrdf6_15b34kxc_76zdy6yj1c3v1
n/T/jsii-java-runtime1841546699463348999/jsii-runtime.js:7397:37)
at processImmediate (internal/timers.js:439:21)
at software.amazon.jsii.JsiiRuntime.processErrorResponse(JsiiRuntime.java:11
9)
at software.amazon.jsii.JsiiRuntime.requestResponse(JsiiRuntime.java:91)
at software.amazon.jsii.JsiiClient.createObject(JsiiClient.java:88)
at software.amazon.jsii.JsiiEngine.createNewObject(JsiiEngine.java:526)
at software.amazon.awscdk.services.route53.targets.InterfaceVpcEndpointTarge
t.(InterfaceVpcEndpointTarget.java:25)
Environment
Other
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: