diff --git a/API.md b/API.md
index cf78b63..f9689a3 100644
--- a/API.md
+++ b/API.md
@@ -44,6 +44,7 @@ new plus_aws.ApplicationLoadBalancer(scope: Construct, id: string, props: Applic
| --- | --- |
| toString | Returns a string representation of this construct. |
| communicatesWith | *No description.* |
+| isTrafficForwarding | *No description.* |
| isWebApplication | *No description.* |
| isWebService | *No description.* |
| processes | *No description.* |
@@ -83,6 +84,12 @@ public communicatesWith(id: string, target: TechnicalAsset, options: Communicati
---
+##### `isTrafficForwarding`
+
+```typescript
+public isTrafficForwarding(): boolean
+```
+
##### `isWebApplication`
```typescript
@@ -182,7 +189,6 @@ Any object.
| owner | string | *No description.* |
| scope | Scope | *No description.* |
| tags | string[] | *No description.* |
-| trustBoundary | TrustBoundary | *No description.* |
| securityGroup | cdktg.plus_aws.SecurityGroup | *No description.* |
---
@@ -379,16 +385,6 @@ public readonly tags: string[];
---
-##### `trustBoundary`Optional
-
-```typescript
-public readonly trustBoundary: TrustBoundary;
-```
-
-- *Type:* TrustBoundary
-
----
-
##### `securityGroup`Required
```typescript
@@ -442,6 +438,7 @@ new plus.Browser(scope: Construct, id: string, props: BrowserProps)
| --- | --- |
| toString | Returns a string representation of this construct. |
| communicatesWith | *No description.* |
+| isTrafficForwarding | *No description.* |
| isWebApplication | *No description.* |
| isWebService | *No description.* |
| processes | *No description.* |
@@ -481,6 +478,12 @@ public communicatesWith(id: string, target: TechnicalAsset, options: Communicati
---
+##### `isTrafficForwarding`
+
+```typescript
+public isTrafficForwarding(): boolean
+```
+
##### `isWebApplication`
```typescript
@@ -580,7 +583,6 @@ Any object.
| owner | string | *No description.* |
| scope | Scope | *No description.* |
| tags | string[] | *No description.* |
-| trustBoundary | TrustBoundary | *No description.* |
---
@@ -776,16 +778,6 @@ public readonly tags: string[];
---
-##### `trustBoundary`Optional
-
-```typescript
-public readonly trustBoundary: TrustBoundary;
-```
-
-- *Type:* TrustBoundary
-
----
-
### Cloud
@@ -2581,6 +2573,7 @@ new TechnicalAsset(scope: Construct, id: string, props: TechnicalAssetProps)
| --- | --- |
| toString | Returns a string representation of this construct. |
| communicatesWith | *No description.* |
+| isTrafficForwarding | *No description.* |
| isWebApplication | *No description.* |
| isWebService | *No description.* |
| processes | *No description.* |
@@ -2620,6 +2613,12 @@ public communicatesWith(id: string, target: TechnicalAsset, options: Communicati
---
+##### `isTrafficForwarding`
+
+```typescript
+public isTrafficForwarding(): boolean
+```
+
##### `isWebApplication`
```typescript
@@ -2719,7 +2718,6 @@ Any object.
| owner | string | *No description.* |
| scope | Scope | *No description.* |
| tags | string[] | *No description.* |
-| trustBoundary | TrustBoundary | *No description.* |
---
@@ -2915,16 +2913,6 @@ public readonly tags: string[];
---
-##### `trustBoundary`Optional
-
-```typescript
-public readonly trustBoundary: TrustBoundary;
-```
-
-- *Type:* TrustBoundary
-
----
-
### TrustBoundary
@@ -3165,6 +3153,7 @@ new plus.Vault(scope: Construct, id: string, props: VaultProps)
| --- | --- |
| toString | Returns a string representation of this construct. |
| communicatesWith | *No description.* |
+| isTrafficForwarding | *No description.* |
| isWebApplication | *No description.* |
| isWebService | *No description.* |
| processes | *No description.* |
@@ -3205,6 +3194,12 @@ public communicatesWith(id: string, target: TechnicalAsset, options: Communicati
---
+##### `isTrafficForwarding`
+
+```typescript
+public isTrafficForwarding(): boolean
+```
+
##### `isWebApplication`
```typescript
@@ -3316,7 +3311,6 @@ Any object.
| owner | string | *No description.* |
| scope | Scope | *No description.* |
| tags | string[] | *No description.* |
-| trustBoundary | TrustBoundary | *No description.* |
| configurationSecrets | DataAsset | *No description.* |
| vaultStorage | TechnicalAsset | *No description.* |
@@ -3514,16 +3508,6 @@ public readonly tags: string[];
---
-##### `trustBoundary`Optional
-
-```typescript
-public readonly trustBoundary: TrustBoundary;
-```
-
-- *Type:* TrustBoundary
-
----
-
##### `configurationSecrets`Required
```typescript
diff --git a/src/plus-aws/application-load-balancer.ts b/src/plus-aws/application-load-balancer.ts
index 6f10214..cc015ab 100644
--- a/src/plus-aws/application-load-balancer.ts
+++ b/src/plus-aws/application-load-balancer.ts
@@ -45,7 +45,7 @@ export class ApplicationLoadBalancer extends TechnicalAsset {
customDevelopedParts: false,
});
- this.securityGroup =
+ this.securityGroup = this.trustBoundary =
props.securityGroup ?? new SecurityGroup(this, `${id} SG`);
this.securityGroup.addTechnicalAssets(this);
diff --git a/src/technical-asset.ts b/src/technical-asset.ts
index 172e429..5a8356b 100644
--- a/src/technical-asset.ts
+++ b/src/technical-asset.ts
@@ -45,10 +45,11 @@ export class TechnicalAsset extends Resource {
public readonly ciaTriad: CIATriad;
public readonly multiTenant: boolean;
public readonly redundant: boolean;
- public readonly trustBoundary?: TrustBoundary;
public readonly customDevelopedParts: boolean;
public readonly dataFormatsAccepted?: DataFormat[];
+ protected trustBoundary?: TrustBoundary;
+
private dataAssetsProcessed: Set;
private dataAssetsStored: Set;
private communications: Communication[];
@@ -119,6 +120,14 @@ export class TechnicalAsset extends Resource {
);
}
+ public isTrafficForwarding(): boolean {
+ return [
+ Technology.LOAD_BALANCER,
+ Technology.REVERSE_PROXY,
+ Technology.WAF,
+ ].includes(this.technology);
+ }
+
public communicatesWith(
id: string,
target: TechnicalAsset,
@@ -135,6 +144,13 @@ export class TechnicalAsset extends Resource {
return communication;
}
+ /**
+ * @internal
+ */
+ public get _trustBoundary() {
+ return this.trustBoundary;
+ }
+
/**
* @internal
*/
diff --git a/src/trust-boundary.ts b/src/trust-boundary.ts
index 80b1982..95faabe 100644
--- a/src/trust-boundary.ts
+++ b/src/trust-boundary.ts
@@ -33,9 +33,8 @@ export class TrustBoundary extends Resource {
public addTechnicalAssets(...assets: TechnicalAsset[]) {
assets.forEach((a) => {
- if (a.trustBoundary) {
- this.addTrustBoundary(a.trustBoundary);
- return;
+ if (a._trustBoundary) {
+ return this.addTrustBoundary(a._trustBoundary);
}
this.technicalAssetsInside.add(a.uuid);
diff --git a/test/plus-aws/application-load-balancer.test.ts b/test/plus-aws/application-load-balancer.test.ts
index 7667910..6e81c7c 100644
--- a/test/plus-aws/application-load-balancer.test.ts
+++ b/test/plus-aws/application-load-balancer.test.ts
@@ -35,7 +35,7 @@ test("synth application-load-balancer with default securit-group", () => {
const cloud = new Cloud(model, "AWS-Cloud");
- cloud.addTrustBoundary(alb.securityGroup);
+ cloud.addTechnicalAssets(alb);
project.synth();
});