Created
February 1, 2025 21:58
-
-
Save bericp1/eb0ce72079161f45f4867a9e3ab02bd9 to your computer and use it in GitHub Desktop.
As of 2025-02-01 CDK does not provide a way to get the managed prefix lists which VPC Lattice automatically creates in the account after you create your first `CfnServiceNetworkVpcAssociation`. This custom resource looks them up for use in e.g. Peers on security groups in other constructs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import { Construct } from 'constructs'; | |
| import * as customResources from 'aws-cdk-lib/custom-resources'; | |
| import * as vpclattice from 'aws-cdk-lib/aws-vpclattice'; | |
| export interface VPCLatticePrefixListsProps { | |
| region: string; | |
| serviceNetworkVpcAssociation: vpclattice.CfnServiceNetworkVpcAssociation; | |
| } | |
| export class VPCLatticePrefixLists extends Construct { | |
| public readonly prefixListIds: string[]; | |
| constructor(scope: Construct, id: string, props: VPCLatticePrefixListsProps) { | |
| super(scope, id); | |
| const { region, serviceNetworkVpcAssociation } = props; | |
| this.node.addDependency(serviceNetworkVpcAssociation); | |
| const vpcLatticePrefixListCall = new customResources.AwsCustomResource(this, 'GetVpcLatticePrefixListIDs', { | |
| resourceType: 'Custom::GetVpcLatticePrefixListIDs', | |
| onUpdate: { | |
| region, | |
| service: 'EC2', | |
| action: 'describeManagedPrefixLists', | |
| parameters: { | |
| Filters: [ | |
| { | |
| Name: 'prefix-list-name', | |
| Values: [`com.amazonaws.${region}.vpc-lattice`, `com.amazonaws.${region}.ipv6.vpc-lattice`], | |
| }, | |
| ], | |
| }, | |
| physicalResourceId: customResources.PhysicalResourceId.of('GetVpcLatticePrefixListIDsFunction') | |
| }, | |
| policy: customResources.AwsCustomResourcePolicy.fromSdkCalls({ | |
| resources: customResources.AwsCustomResourcePolicy.ANY_RESOURCE | |
| }) | |
| }); | |
| this.prefixListIds = [ | |
| vpcLatticePrefixListCall.getResponseField('PrefixLists.0.PrefixListId'), | |
| vpcLatticePrefixListCall.getResponseField('PrefixLists.1.PrefixListId'), | |
| ]; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Note that if you don't care to ensure that at least one
CfnServiceNetworkVpcAssociationalready exists in the account before this runs, you can remove theserviceNetworkVpcAssociationprop. Providing that though allows you to guarantee that this resource doesn't run until the VPC association is created since these prefix lists don't exist until one is created.