Skip to content

Commit

Permalink
Toward #1373: respect auto-allocated subnets in vpcEndpoints
Browse files Browse the repository at this point in the history
  • Loading branch information
@t0yv0
t0yv0 committed Sep 4, 2024
1 parent 567f99b commit 1400f8c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion awsx/ec2/vpc.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ export class Vpc extends schema.Vpc<VpcData> {
privateDnsEnabled: spec.privateDnsEnabled,
routeTableIds: spec.routeTableIds,

This comment has been minimized.

Sign in to view

Copy link
@t0yv0

t0yv0 Sep 5, 2024

Author Member

Possibly routeTableIds need to be edited too.
securityGroupIds: spec.securityGroupIds,
subnetIds: spec.subnetIds,
subnetIds: subnets.map(s => s.id),

This comment has been minimized.

Sign in to view

Copy link
@t0yv0

t0yv0 Sep 5, 2024

Author Member

Per @flostadler : VPC endpoints permit access to AWS services.

Test idea:

  • remove the public route (do not provision IG and public subnets)
  • push something to an ECR
  • add an EC2 instance to the VPC
  • pull a container from an ECR to that instance

This comment has been minimized.

Sign in to view

Copy link
@t0yv0

t0yv0 Sep 5, 2024

Author Member

EC2 isntance would need the rights to reach out to ECR in the instance profile.
tags: spec.tags,
vpcEndpointType: spec.vpcEndpointType,
vpcId: vpc.id,
Expand Down

0 comments on commit 1400f8c

Please sign in to comment.