Background context / End goal:
I am trying to use cdk to create a target group that consists of the ip addresses that are associated with a vpc endpoint (for apigateway) as per this AWS blog.
Ideally, I would like to be able to just lookup the associated ips using just the fact that the vpce is for the service of apigateway OR potentially using the vpce id.
Problem
I cannot find a way to get the network interface ids & ip addresses for the vpc endpoint.
Attempts
- I tried to use the cdk InterfaceVpcEndpoint construct static method using the fromInterfaceVpcEndpointAttributes (filtering by service). It did return the desired vpce, but unfortunately it returns in the format of IInterfaceVpcEndpoint which does not have the vpceNetworkInterfaceIds attribute that the InterfaceVpcEndpoint construct has
- I was able to use AwsCustomResource (after consulting a stack overflow post that referenced this example) to look up the ip addresses for a given array of vpce network interface ids:
const vpceNetworkInterfaceIds = =['eniId1', 'eniId2'];
const getEniIps = new AwsCustomResource(scope, `GetEndpointIps`, {
onUpdate: {
service: "EC2",
action: "describeNetworkInterfaces",
parameters: {
NetworkInterfaceIds: vpceNetworkInterfaceIds
},
physicalResourceId: PhysicalResourceId.of(Date.now().toString())
},
policy: AwsCustomResourcePolicy.fromSdkCalls({
resources: AwsCustomResourcePolicy.ANY_RESOURCE
}),
});
const privateIpAddresses: string[] = [];
for(let i = 0; i< vpceNetworkInterfaceIds.length; i++){
const privateIpAddress: string = getNetworkInterfaceIpAddresses.getResponseField(`NetworkInterfaces.${i}.PrivateIpAddress`).toString();
privateIpAddresses.push(privateIpAddress);
}
return privateIpAddresses;
}
- I tried to make a similar sdk call (describeVpcEndpoints), but then I encountered issues retrieving the array of NetworkInterfaceIds.
const getNetworkInterfaceIpAddresses = new AwsCustomResource(scope, `GetVpceNetworkInterfaceIds`, {
onUpdate: {
service: "EC2",
action: "describeVpcEndpoints",
parameters: {
Filters: [
{
Name: "service-name",
Values: ["com.amazonaws.us-east-1.execute-api"]
}
]
},
physicalResourceId: PhysicalResourceId.of(Date.now().toString())
},
policy: AwsCustomResourcePolicy.fromSdkCalls({
resources: AwsCustomResourcePolicy.ANY_RESOURCE
}),
});
return getNetworkInterfaceIpAddresses.getResponseFieldReference(`VpcEndpoints.0.NetworkInterfaceIds`).toJSON();
I tried variations of using the Reference methods of toJson, toString, Token.asXXX but was not able to figure out how to get the array of values from this custom resource.
One of the errors that I got was "Vendor response doesn't contain VpcEndpoints.0.NetworkInterfaceIds key in object ....." but when I made the describeVpcEndpoints call via cli, I can definitely see that there is a VpcEndpoints.0.NetworkInterfaceIds value that should be populated.
Questions
- How can you get an array from the sdk call of a aws custom resource?
- How can you debug cdk aws custom resources that make sdk calls? Logging locally only yields the tokens which is not helpful.
- Is there a more straight forward way to get the vpceNetworkInterfaceIds of a given vpce?
- Is there a more straight forward way to get the ip addresses for a given vpce?
AWS OFFICIALUpdated 10 months ago
