Open markymarkus opened 5 years ago
Bump. When creating inbound endpoints it would be nice to be able to get back the assigned IPs so they can be exported or used to update an SSM Parameter Store value
Any update on this? Given the rule associated with outbound endpoints requires target IP address it makes it impossible to chain creation of inbound/outbound/rule combination with CloudFormation.
Same issue for DnsServers
property of AWS::EC2::ClientVpnEndpoint
resource. Resolver Inbound IP Addresses can't be extracted from AWS::Route53Resolver::ResolverEndpoint
.
We have a usecase to create Inbound & outbound resolvers and then create the Rules. Since we are not able to get the ip-addresses, we cannot wire the whole flow in CDK
Is there any workaround to get the ip-address?
Used this workaround to solve this via AwsCustomResource
const privateSubnets = vpc
.selectSubnets({ subnetType: SubnetType.PRIVATE_WITH_EGRESS })
.subnetIds.map((subnetIdStr) => ({ subnetId: subnetIdStr }));
const inboundResolver = new route53resolver.CfnResolverEndpoint(
this,
"inboundResolver",
{
direction: "INBOUND",
name: `${route53ResolverName}-inbound`,
ipAddresses: privateSubnets,
resolverEndpointType: "IPV4",
securityGroupIds: [inboundResolverSecurityGroup.securityGroupId],
}
);
const inboundIpAddresses = this.getIpAddressesFromResolver(
inboundResolver,
"GetInboundResolverIpAddress",
privateSubnets.length
);
private getIpAddressesFromResolver(
resolver: route53resolver.CfnResolverEndpoint,
id: string,
ipsCount: number
) {
let ipAddresses: string[] = [];
const ipAddressesRes = new AwsCustomResource(this, id, {
onUpdate: {
service: "Route53Resolver",
action: "listResolverEndpointIpAddresses",
parameters: {
ResolverEndpointId: resolver.attrResolverEndpointId,
},
physicalResourceId: PhysicalResourceId.of(Date.now().toString()),
},
policy: AwsCustomResourcePolicy.fromSdkCalls({
resources: AwsCustomResourcePolicy.ANY_RESOURCE,
}),
});
for (let i = 0; i < ipsCount; i++) {
ipAddresses.push(
ipAddressesRes
.getResponseFieldReference(`IpAddresses.${i}.Ip`)
.toString()
);
}
return ipAddresses.join(",");
}
Title -> AWS::Route53Resolver::ResolverEndpoint GetAtt for resolver ip-addresses Scope of request -> Make the ip-addresses available via GetAtt on AWS::Route53Resolver::ResolverEndpoint resource. Expected behavior -> !GetAtt InboundResolver.IpAddress Test case recommendation (optional) -> Links to existing API doc (optional) -> Category tag (optional) -> Networking & Content Any additional context (optional)
Please add a new attribute to ResolverEndpoint for ip-addresses. When resolver endpoint is created to subnets, resolver selects available ip-address from a subnet. There is no way to get those selected ip-address from a resolver. At least for INBOUND endpoint it would be really helpful to get ip-addresses via GetAtt.