aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var _a,_b;Object.defineProperty(exports,"__esModule",{value:!0}),exports.BaseLoadBalancer=exports.SourceNatIpv6Prefix=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var enums_1=()=>{var tmp=require("./enums");return enums_1=()=>tmp,tmp},util_1=()=>{var tmp=require("./util");return util_1=()=>tmp,tmp},ec2=()=>{var tmp=require("../../../aws-ec2");return ec2=()=>tmp,tmp},iam=()=>{var tmp=require("../../../aws-iam");return iam=()=>tmp,tmp},aws_iam_1=()=>{var tmp=require("../../../aws-iam");return aws_iam_1=()=>tmp,tmp},cxschema=()=>{var tmp=require("../../../cloud-assembly-schema");return cxschema=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},errors_1=()=>{var tmp=require("../../../core/lib/errors");return errors_1=()=>tmp,tmp},cxapi=()=>{var tmp=require("../../../cx-api");return cxapi=()=>tmp,tmp},region_info_1=()=>{var tmp=require("../../../region-info");return region_info_1=()=>tmp,tmp},elasticloadbalancingv2_generated_1=()=>{var tmp=require("../elasticloadbalancingv2.generated");return elasticloadbalancingv2_generated_1=()=>tmp,tmp};class SourceNatIpv6Prefix{static autoAssigned(){return new SourceNatIpv6Prefix("auto_assigned")}static fromIpv6Prefix(prefix){if(!prefix.includes("/"))throw new(errors_1()).UnscopedValidationError(`IPv6 prefix must include netmask (e.g. 2001:db8::/80), got ${prefix}`);const[_ipv6,netmask]=prefix.split("/");if(netmask!=="80")throw new(errors_1()).UnscopedValidationError(`IPv6 prefix must have a /80 netmask, got ${netmask}`);return new SourceNatIpv6Prefix(prefix)}constructor(prefix){this.prefix=prefix}}exports.SourceNatIpv6Prefix=SourceNatIpv6Prefix,_a=JSII_RTTI_SYMBOL_1,SourceNatIpv6Prefix[_a]={fqn:"aws-cdk-lib.aws_elasticloadbalancingv2.SourceNatIpv6Prefix",version:"2.202.0"};class BaseLoadBalancer extends core_1().Resource{static _queryContextProvider(scope,options){if(core_1().Token.isUnresolved(options.userOptions.loadBalancerArn)||Object.values(options.userOptions.loadBalancerTags??{}).some(core_1().Token.isUnresolved))throw new(errors_1()).ValidationError("All arguments to look up a load balancer must be concrete (no Tokens)",scope);let cxschemaTags;return options.userOptions.loadBalancerTags&&(cxschemaTags=(0,util_1().mapTagMapToCxschema)(options.userOptions.loadBalancerTags)),core_1().ContextProvider.getValue(scope,{provider:cxschema().ContextProvider.LOAD_BALANCER_PROVIDER,props:{loadBalancerArn:options.userOptions.loadBalancerArn,loadBalancerTags:cxschemaTags,loadBalancerType:options.loadBalancerType},dummyValue:{ipAddressType:cxapi().LoadBalancerIpAddressType.DUAL_STACK,loadBalancerArn:`arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/${options.loadBalancerType}/my-load-balancer/50dc6c495c0c9188`,loadBalancerCanonicalHostedZoneId:"Z3DZXE0EXAMPLE",loadBalancerDnsName:"my-load-balancer-1234567890.us-west-2.elb.amazonaws.com",securityGroupIds:["sg-1234"],vpcId:"vpc-12345"}}).value}constructor(scope,id,baseProps,additionalProps){super(scope,id,{physicalName:baseProps.loadBalancerName}),this.attributes={};try{jsiiDeprecationWarnings().aws_cdk_lib_aws_elasticloadbalancingv2_BaseLoadBalancerProps(baseProps)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,BaseLoadBalancer),error}const internetFacing=(0,util_1().ifUndefined)(baseProps.internetFacing,!1);if(baseProps.vpcSubnets&&additionalProps.subnetMappings)throw new(errors_1()).ValidationError("You can specify either `vpcSubnets` or `subnetMappings`, not both.",this);let subnetIds,subnetMappings=additionalProps.subnetMappings,internetConnectivityEstablishedSubnets;if(additionalProps.ipAddressType===enums_1().IpAddressType.DUAL_STACK_WITHOUT_PUBLIC_IPV4&&additionalProps.type!==cxschema().LoadBalancerType.APPLICATION)throw new(errors_1()).ValidationError(`'ipAddressType' DUAL_STACK_WITHOUT_PUBLIC_IPV4 can only be used with Application Load Balancer, got ${additionalProps.type}`,this);if(this.vpc=baseProps.vpc,subnetMappings){if(internetFacing){const mappedSubnetIds=subnetMappings.map(mapping=>mapping.subnet.subnetId);internetConnectivityEstablishedSubnets=baseProps.vpc.selectSubnets({subnetFilters:[ec2().SubnetFilter.byIds(mappedSubnetIds)]}).internetConnectivityEstablished}const{subnetMappings:_,...cfnProps}=additionalProps;additionalProps=cfnProps}else{const vpcSubnets=(0,util_1().ifUndefined)(baseProps.vpcSubnets,internetFacing?{subnetType:ec2().SubnetType.PUBLIC}:{}),result=baseProps.vpc.selectSubnets(vpcSubnets);subnetIds=result.subnetIds,internetConnectivityEstablishedSubnets=result.internetConnectivityEstablished}const resource=new(elasticloadbalancingv2_generated_1()).CfnLoadBalancer(this,"Resource",{name:this.physicalName,subnets:subnetIds,subnetMappings:subnetMappings?.map(mapping=>({subnetId:mapping.subnet.subnetId,allocationId:mapping.allocationId,privateIPv4Address:mapping.privateIpv4Address,iPv6Address:mapping.ipv6Address,sourceNatIpv6Prefix:mapping.sourceNatIpv6Prefix?.prefix})),scheme:internetFacing?"internet-facing":"internal",loadBalancerAttributes:core_1().Lazy.any({produce:()=>(0,util_1().renderAttributes)(this.attributes)},{omitEmptyArray:!0}),minimumLoadBalancerCapacity:baseProps.minimumCapacityUnit?{capacityUnits:baseProps.minimumCapacityUnit}:void 0,...additionalProps});if(internetFacing&&internetConnectivityEstablishedSubnets&&resource.node.addDependency(internetConnectivityEstablishedSubnets),this.setAttribute("deletion_protection.enabled",baseProps.deletionProtection?"true":"false"),baseProps.crossZoneEnabled!==void 0&&this.setAttribute("load_balancing.cross_zone.enabled",baseProps.crossZoneEnabled===!0?"true":"false"),baseProps.denyAllIgwTraffic!==void 0)if(additionalProps.ipAddressType===enums_1().IpAddressType.DUAL_STACK)this.setAttribute("ipv6.deny_all_igw_traffic",baseProps.denyAllIgwTraffic.toString());else throw new(errors_1()).ValidationError(`'denyAllIgwTraffic' may only be set on load balancers with ${enums_1().IpAddressType.DUAL_STACK} addressing.`,this);this.loadBalancerCanonicalHostedZoneId=resource.attrCanonicalHostedZoneId,this.loadBalancerDnsName=resource.attrDnsName,this.loadBalancerFullName=resource.attrLoadBalancerFullName,this.loadBalancerName=resource.attrLoadBalancerName,this.loadBalancerArn=resource.ref,this.loadBalancerSecurityGroups=resource.attrSecurityGroups,this.node.addValidation({validate:this.validateLoadBalancer.bind(this)})}logAccessLogs(bucket,prefix){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_s3_IBucket(bucket)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.logAccessLogs),error}prefix=prefix||"",this.setAttribute("access_logs.s3.enabled","true"),this.setAttribute("access_logs.s3.bucket",bucket.bucketName.toString()),this.setAttribute("access_logs.s3.prefix",prefix);const logsDeliveryServicePrincipal=new(aws_iam_1()).ServicePrincipal("delivery.logs.amazonaws.com");bucket.addToResourcePolicy(new(aws_iam_1()).PolicyStatement({actions:["s3:PutObject"],principals:[this.resourcePolicyPrincipal()],resources:[bucket.arnForObjects(`${prefix?prefix+"/":""}AWSLogs/${core_1().Stack.of(this).account}/*`)]})),bucket.addToResourcePolicy(new(aws_iam_1()).PolicyStatement({actions:["s3:PutObject"],principals:[logsDeliveryServicePrincipal],resources:[bucket.arnForObjects(`${prefix?prefix+"/":""}AWSLogs/${this.env.account}/*`)],conditions:{StringEquals:{"s3:x-amz-acl":"bucket-owner-full-control"}}})),bucket.addToResourcePolicy(new(aws_iam_1()).PolicyStatement({actions:["s3:GetBucketAcl"],principals:[logsDeliveryServicePrincipal],resources:[bucket.bucketArn]}));const lb=this.node.defaultChild,bucketPolicy=bucket.policy?.node.defaultChild;lb&&bucketPolicy&&core_1().CfnResource.isCfnResource(lb)&&core_1().CfnResource.isCfnResource(bucketPolicy)&&lb.addDependency(bucketPolicy)}setAttribute(key,value){this.attributes[key]=value}removeAttribute(key){this.setAttribute(key,void 0)}resourcePolicyPrincipal(){const region=core_1().Stack.of(this).region;if(core_1().Token.isUnresolved(region))throw new(errors_1()).ValidationError("Region is required to enable ELBv2 access logging",this);const account=region_info_1().RegionInfo.get(region).elbv2Account;return account?new(iam()).AccountPrincipal(account):new(iam()).ServicePrincipal("logdelivery.elasticloadbalancing.amazonaws.com")}validateLoadBalancer(){const ret=new Array,loadBalancerName=this.physicalName;return!core_1().Token.isUnresolved(loadBalancerName)&&loadBalancerName!==void 0&&(loadBalancerName.length>32&&ret.push(`Load balancer name: "${loadBalancerName}" can have a maximum of 32 characters.`),loadBalancerName.startsWith("internal-")&&ret.push(`Load balancer name: "${loadBalancerName}" must not begin with "internal-".`),(loadBalancerName.startsWith("-")||loadBalancerName.endsWith("-"))&&ret.push(`Load balancer name: "${loadBalancerName}" must not begin or end with a hyphen.`),/^[0-9a-z-]+$/i.test(loadBalancerName)||ret.push(`Load balancer name: "${loadBalancerName}" must contain only alphanumeric characters or hyphens.`)),ret}}exports.BaseLoadBalancer=BaseLoadBalancer,_b=JSII_RTTI_SYMBOL_1,BaseLoadBalancer[_b]={fqn:"aws-cdk-lib.aws_elasticloadbalancingv2.BaseLoadBalancer",version:"2.202.0"};