feat(client-elastic-load-balancing-v2): This release enables configur…

…ing security groups for Network Load Balancers
aws · Aug 10, 2023 · 87ba343 · 87ba343
1 parent cda89d3
commit 87ba343
Show file tree

Hide file tree

Showing 9 changed files with 620 additions and 409 deletions.
diff --git a/clients/client-elastic-load-balancing-v2/src/commands/CreateLoadBalancerCommand.ts b/clients/client-elastic-load-balancing-v2/src/commands/CreateLoadBalancerCommand.ts
@@ -134,6 +134,7 @@ export interface CreateLoadBalancerCommandOutput extends CreateLoadBalancerOutpu
  * //       ],
  * //       IpAddressType: "ipv4" || "dualstack",
  * //       CustomerOwnedIpv4Pool: "STRING_VALUE",
+ * //       EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: "STRING_VALUE",
  * //     },
  * //   ],
  * // };

diff --git a/clients/client-elastic-load-balancing-v2/src/commands/DeregisterTargetsCommand.ts b/clients/client-elastic-load-balancing-v2/src/commands/DeregisterTargetsCommand.ts
@@ -42,6 +42,7 @@ export interface DeregisterTargetsCommandOutput extends DeregisterTargetsOutput,
  * @public
  * <p>Deregisters the specified targets from the specified target group. After the targets are
  *       deregistered, they no longer receive traffic from the load balancer.</p>
+ *          <p>Note: If the specified target does not exist, the action returns successfully.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-elastic-load-balancing-v2/src/commands/DescribeLoadBalancersCommand.ts b/clients/client-elastic-load-balancing-v2/src/commands/DescribeLoadBalancersCommand.ts
@@ -94,6 +94,7 @@ export interface DescribeLoadBalancersCommandOutput extends DescribeLoadBalancer
  * //       ],
  * //       IpAddressType: "ipv4" || "dualstack",
  * //       CustomerOwnedIpv4Pool: "STRING_VALUE",
+ * //       EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: "STRING_VALUE",
  * //     },
  * //   ],
  * //   NextMarker: "STRING_VALUE",

diff --git a/clients/client-elastic-load-balancing-v2/src/commands/SetSecurityGroupsCommand.ts b/clients/client-elastic-load-balancing-v2/src/commands/SetSecurityGroupsCommand.ts
@@ -40,10 +40,12 @@ export interface SetSecurityGroupsCommandOutput extends SetSecurityGroupsOutput,
 
 /**
  * @public
- * <p>Associates the specified security groups with the specified Application Load Balancer. The
- *       specified security groups override the previously associated security groups.</p>
- *          <p>You can't specify a security group for a Network Load Balancer or Gateway Load
- *       Balancer.</p>
+ * <p>Associates the specified security groups with the specified Application Load Balancer or
+ *       Network Load Balancer. The specified security groups override the previously associated
+ *       security groups.</p>
+ *          <p>You can't perform this operation on a Network Load Balancer unless you specified a
+ *       security group for the load balancer when you created it.</p>
+ *          <p>You can't associate a security group with a Gateway Load Balancer.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -55,13 +57,15 @@ export interface SetSecurityGroupsCommandOutput extends SetSecurityGroupsOutput,
  *   SecurityGroups: [ // SecurityGroups // required
  *     "STRING_VALUE",
  *   ],
+ *   EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: "on" || "off",
  * };
  * const command = new SetSecurityGroupsCommand(input);
  * const response = await client.send(command);
  * // { // SetSecurityGroupsOutput
  * //   SecurityGroupIds: [ // SecurityGroups
  * //     "STRING_VALUE",
  * //   ],
+ * //   EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: "on" || "off",
  * // };
  *
  * ```

diff --git a/clients/client-elastic-load-balancing-v2/src/endpoint/EndpointParameters.ts b/clients/client-elastic-load-balancing-v2/src/endpoint/EndpointParameters.ts
@@ -27,7 +27,7 @@ export const resolveClientEndpointParameters = <T>(
 };
 
 export interface EndpointParameters extends __EndpointParameters {
-  Region: string;
+  Region?: string;
   UseDualStack?: boolean;
   UseFIPS?: boolean;
   Endpoint?: string;

diff --git a/clients/client-elastic-load-balancing-v2/src/endpoint/ruleset.ts b/clients/client-elastic-load-balancing-v2/src/endpoint/ruleset.ts
@@ -6,26 +6,27 @@ import { RuleSetObject } from "@smithy/types";
    or see "smithy.rules#endpointRuleSet"
    in codegen/sdk-codegen/aws-models/elastic-load-balancing-v2.json */
 
-const s="fn",
-t="argv",
-u="ref";
-const a=true,
-b=false,
-c="String",
-d="PartitionResult",
-e="tree",
-f="error",
-g="endpoint",
-h="getAttr",
-i={"required":true,"default":false,"type":"Boolean"},
-j={[u]:"Endpoint"},
-k={[s]:"booleanEquals",[t]:[{[u]:"UseFIPS"},true]},
-l={[s]:"booleanEquals",[t]:[{[u]:"UseDualStack"},true]},
-m={},
-n={[s]:"booleanEquals",[t]:[true,{[s]:h,[t]:[{[u]:d},"supportsFIPS"]}]},
-o={[u]:d},
-p={[s]:"booleanEquals",[t]:[true,{[s]:h,[t]:[o,"supportsDualStack"]}]},
+const s="required",
+t="fn",
+u="argv",
+v="ref";
+const a="isSet",
+b="tree",
+c="error",
+d="endpoint",
+e="PartitionResult",
+f="getAttr",
+g={[s]:false,"type":"String"},
+h={[s]:true,"default":false,"type":"Boolean"},
+i={[v]:"Endpoint"},
+j={[t]:"booleanEquals",[u]:[{[v]:"UseFIPS"},true]},
+k={[t]:"booleanEquals",[u]:[{[v]:"UseDualStack"},true]},
+l={},
+m={[t]:"booleanEquals",[u]:[true,{[t]:f,[u]:[{[v]:e},"supportsFIPS"]}]},
+n={[v]:e},
+o={[t]:"booleanEquals",[u]:[true,{[t]:f,[u]:[n,"supportsDualStack"]}]},
+p=[j],
 q=[k],
-r=[l];
-const _data={version:"1.0",parameters:{Region:{required:a,type:c},UseDualStack:i,UseFIPS:i,Endpoint:{required:b,type:c}},rules:[{conditions:[{[s]:"aws.partition",[t]:[{[u]:"Region"}],assign:d}],type:e,rules:[{conditions:[{[s]:"isSet",[t]:[j]}],type:e,rules:[{conditions:q,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:f},{type:e,rules:[{conditions:r,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:f},{endpoint:{url:j,properties:m,headers:m},type:g}]}]},{conditions:[k,l],type:e,rules:[{conditions:[n,p],type:e,rules:[{type:e,rules:[{endpoint:{url:"https://elasticloadbalancing-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:g}]}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:f}]},{conditions:q,type:e,rules:[{conditions:[n],type:e,rules:[{type:e,rules:[{conditions:[{[s]:"stringEquals",[t]:["aws-us-gov",{[s]:h,[t]:[o,"name"]}]}],endpoint:{url:"https://elasticloadbalancing.{Region}.amazonaws.com",properties:m,headers:m},type:g},{endpoint:{url:"https://elasticloadbalancing-fips.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:g}]}]},{error:"FIPS is enabled but this partition does not support FIPS",type:f}]},{conditions:r,type:e,rules:[{conditions:[p],type:e,rules:[{type:e,rules:[{endpoint:{url:"https://elasticloadbalancing.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:g}]}]},{error:"DualStack is enabled but this partition does not support DualStack",type:f}]},{type:e,rules:[{endpoint:{url:"https://elasticloadbalancing.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:g}]}]}]};
+r=[{[v]:"Region"}];
+const _data={version:"1.0",parameters:{Region:g,UseDualStack:h,UseFIPS:h,Endpoint:g},rules:[{conditions:[{[t]:a,[u]:[i]}],type:b,rules:[{conditions:p,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:c},{type:b,rules:[{conditions:q,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:c},{endpoint:{url:i,properties:l,headers:l},type:d}]}]},{type:b,rules:[{conditions:[{[t]:a,[u]:r}],type:b,rules:[{conditions:[{[t]:"aws.partition",[u]:r,assign:e}],type:b,rules:[{conditions:[j,k],type:b,rules:[{conditions:[m,o],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://elasticloadbalancing-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:d}]}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:c}]},{conditions:p,type:b,rules:[{conditions:[m],type:b,rules:[{type:b,rules:[{conditions:[{[t]:"stringEquals",[u]:["aws-us-gov",{[t]:f,[u]:[n,"name"]}]}],endpoint:{url:"https://elasticloadbalancing.{Region}.amazonaws.com",properties:l,headers:l},type:d},{endpoint:{url:"https://elasticloadbalancing-fips.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:d}]}]},{error:"FIPS is enabled but this partition does not support FIPS",type:c}]},{conditions:q,type:b,rules:[{conditions:[o],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://elasticloadbalancing.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:d}]}]},{error:"DualStack is enabled but this partition does not support DualStack",type:c}]},{type:b,rules:[{endpoint:{url:"https://elasticloadbalancing.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:d}]}]}]},{error:"Invalid Configuration: Missing Region",type:c}]}]};
 export const ruleSet: RuleSetObject = _data;
diff --git a/clients/client-elastic-load-balancing-v2/src/models/models_0.ts b/clients/client-elastic-load-balancing-v2/src/models/models_0.ts
@@ -1453,7 +1453,8 @@ export interface CreateLoadBalancerInput {
 
   /**
    * @public
-   * <p>[Application Load Balancers] The IDs of the security groups for the load balancer.</p>
+   * <p>[Application Load Balancers and Network Load Balancers] The IDs of the security groups for
+   *       the load balancer.</p>
    */
   SecurityGroups?: string[];
 
@@ -1629,6 +1630,13 @@ export interface LoadBalancer {
    * <p>[Application Load Balancers on Outposts] The ID of the customer-owned address pool.</p>
    */
   CustomerOwnedIpv4Pool?: string;
+
+  /**
+   * @public
+   * <p>Indicates whether to evaluate inbound security group rules for traffic sent to a
+   *       Network Load Balancer through Amazon Web Services PrivateLink.</p>
+   */
+  EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic?: string;
 }
 
 /**
@@ -1971,6 +1979,8 @@ export interface SourceIpConditionConfig {
  *         <code>source-ip</code>. Each rule can also optionally include one or more of each of the
  *       following conditions: <code>http-header</code> and <code>query-string</code>. Note that the
  *       value for a condition cannot be empty.</p>
+ *          <p>For more information, see <a href="https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html">Quotas for your
+ *         Application Load Balancers</a>.</p>
  */
 export interface RuleCondition {
   /**
@@ -2510,8 +2520,8 @@ export interface TargetGroup {
 
   /**
    * @public
-   * <p>The port on which the targets are listening. Not used if the target is a Lambda
-   *       function.</p>
+   * <p>The port on which the targets are listening. This parameter is not used if the target is
+   *       a Lambda function.</p>
    */
   Port?: number;
 
@@ -2583,8 +2593,8 @@ export interface TargetGroup {
 
   /**
    * @public
-   * <p>The Amazon Resource Names (ARN) of the load balancers that route traffic to this target
-   *       group.</p>
+   * <p>The Amazon Resource Name (ARN) of the load balancer that routes traffic to this target
+   *       group. You can use each target group with only one load balancer.</p>
    */
   LoadBalancerArns?: string[];
 
@@ -2729,8 +2739,8 @@ export interface TargetDescription {
    * @public
    * <p>The port on which the target is listening. If the target group protocol is GENEVE, the
    *       supported port is 6081. If the target type is <code>alb</code>, the targeted Application Load
-   *       Balancer must have at least one listener whose port matches the target group port. Not used if
-   *       the target is a Lambda function.</p>
+   *       Balancer must have at least one listener whose port matches the target group port. This
+   *       parameter is not used if the target is a Lambda function.</p>
    */
   Port?: number;
 
@@ -2824,6 +2834,27 @@ export interface DescribeAccountLimitsInput {
  * @public
  * <p>Information about an Elastic Load Balancing resource limit for your Amazon Web Services
  *       account.</p>
+ *          <p>For more information, see the following:</p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <a href="https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html">Quotas for your
+ *             Application Load Balancers</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a href="https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-limits.html">Quotas for your
+ *             Network Load Balancers</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a href="https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/quotas-limits.html">Quotas for your Gateway
+ *             Load Balancers</a>
+ *                </p>
+ *             </li>
+ *          </ul>
  */
 export interface Limit {
   /**
@@ -4248,9 +4279,8 @@ export interface SetIpAddressTypeInput {
   /**
    * @public
    * <p>The IP address type. The possible values are <code>ipv4</code> (for IPv4 addresses) and
-   *         <code>dualstack</code> (for IPv4 and IPv6 addresses).
-   *        You can’t specify
-   *         <code>dualstack</code> for a load balancer with a UDP or TCP_UDP listener.</p>
+   *         <code>dualstack</code> (for IPv4 and IPv6 addresses).  You can’t specify <code>dualstack</code> for a load balancer
+   *       with a UDP or TCP_UDP listener.</p>
    */
   IpAddressType: IpAddressType | string | undefined;
 }
@@ -4306,6 +4336,21 @@ export interface SetRulePrioritiesOutput {
   Rules?: Rule[];
 }
 
+/**
+ * @public
+ * @enum
+ */
+export const EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum = {
+  off: "off",
+  on: "on",
+} as const;
+
+/**
+ * @public
+ */
+export type EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum =
+  (typeof EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum)[keyof typeof EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum];
+
 /**
  * @public
  */
@@ -4321,6 +4366,15 @@ export interface SetSecurityGroupsInput {
    * <p>The IDs of the security groups.</p>
    */
   SecurityGroups: string[] | undefined;
+
+  /**
+   * @public
+   * <p>Indicates whether to evaluate inbound security group rules for traffic sent to a
+   *       Network Load Balancer through Amazon Web Services PrivateLink. The default is <code>on</code>.</p>
+   */
+  EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic?:
+    | EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum
+    | string;
 }
 
 /**
@@ -4332,6 +4386,15 @@ export interface SetSecurityGroupsOutput {
    * <p>The IDs of the security groups associated with the load balancer.</p>
    */
   SecurityGroupIds?: string[];
+
+  /**
+   * @public
+   * <p>Indicates whether to evaluate inbound security group rules for traffic sent to a
+   *       Network Load Balancer through Amazon Web Services PrivateLink.</p>
+   */
+  EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic?:
+    | EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum
+    | string;
 }
 
 /**
@@ -4380,8 +4443,7 @@ export interface SetSubnetsInput {
    * <p>[Network Load Balancers] The type of IP addresses used by the subnets for your load
    *       balancer. The possible values are <code>ipv4</code> (for IPv4 addresses) and
    *         <code>dualstack</code> (for IPv4 and IPv6 addresses). You can’t specify
-   *         <code>dualstack</code> for a load balancer with a UDP or TCP_UDP listener.
-   *       .</p>
+   *         <code>dualstack</code> for a load balancer with a UDP or TCP_UDP listener.</p>
    */
   IpAddressType?: IpAddressType | string;
 }

diff --git a/clients/client-elastic-load-balancing-v2/src/protocols/Aws_query.ts b/clients/client-elastic-load-balancing-v2/src/protocols/Aws_query.ts
@@ -4922,6 +4922,10 @@ const se_SetSecurityGroupsInput = (input: SetSecurityGroupsInput, context: __Ser
       entries[loc] = value;
     });
   }
+  if (input.EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic != null) {
+    entries["EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic"] =
+      input.EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic;
+  }
   return entries;
 };
 
@@ -6223,6 +6227,11 @@ const de_LoadBalancer = (output: any, context: __SerdeContext): LoadBalancer =>
   if (output["CustomerOwnedIpv4Pool"] !== undefined) {
     contents.CustomerOwnedIpv4Pool = __expectString(output["CustomerOwnedIpv4Pool"]);
   }
+  if (output["EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic"] !== undefined) {
+    contents.EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic = __expectString(
+      output["EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic"]
+    );
+  }
   return contents;
 };
 
@@ -6693,6 +6702,11 @@ const de_SetSecurityGroupsOutput = (output: any, context: __SerdeContext): SetSe
       context
     );
   }
+  if (output["EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic"] !== undefined) {
+    contents.EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic = __expectString(
+      output["EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic"]
+    );
+  }
   return contents;
 };
-Original file line number
+Diff line change
@@ Expand Up @@
      * //       ],
      * //       IpAddressType: "ipv4" || "dualstack",
      * //       CustomerOwnedIpv4Pool: "STRING_VALUE",
+     * //       EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: "STRING_VALUE",
      * //     },
      * //   ],
      * // };
@@ Expand Down @@