PatMyron
commented
4 years ago Open markymarkus opened 5 years ago
PatMyron
commented
4 years ago 
chrisdag
commented
3 years ago Bump. When creating inbound endpoints it would be nice to be able to get back the assigned IPs so they can be exported or used to update an SSM Parameter Store value
acesir
commented
2 years ago Any update on this? Given the rule associated with outbound endpoints requires target IP address it makes it impossible to chain creation of inbound/outbound/rule combination with CloudFormation.
Izaya-San
commented
1 year ago Same issue for DnsServers property of AWS::EC2::ClientVpnEndpoint resource. Resolver Inbound IP Addresses can't be extracted from AWS::Route53Resolver::ResolverEndpoint.
gtskaushik
commented
1 year ago We have a usecase to create Inbound & outbound resolvers and then create the Rules. Since we are not able to get the ip-addresses, we cannot wire the whole flow in CDK
gtskaushik
commented
1 year ago Is there any workaround to get the ip-address?
gtskaushik
commented
1 year ago Used this workaround to solve this via AwsCustomResource
const privateSubnets = vpc
.selectSubnets({ subnetType: SubnetType.PRIVATE_WITH_EGRESS })
.subnetIds.map((subnetIdStr) => ({ subnetId: subnetIdStr }));
const inboundResolver = new route53resolver.CfnResolverEndpoint(
this,
"inboundResolver",
{
direction: "INBOUND",
name: `${route53ResolverName}-inbound`,
ipAddresses: privateSubnets,
resolverEndpointType: "IPV4",
securityGroupIds: [inboundResolverSecurityGroup.securityGroupId],
}
);
const inboundIpAddresses = this.getIpAddressesFromResolver(
inboundResolver,
"GetInboundResolverIpAddress",
privateSubnets.length
);
private getIpAddressesFromResolver(
resolver: route53resolver.CfnResolverEndpoint,
id: string,
ipsCount: number
) {
let ipAddresses: string[] = [];
const ipAddressesRes = new AwsCustomResource(this, id, {
onUpdate: {
service: "Route53Resolver",
action: "listResolverEndpointIpAddresses",
parameters: {
ResolverEndpointId: resolver.attrResolverEndpointId,
},
physicalResourceId: PhysicalResourceId.of(Date.now().toString()),
},
policy: AwsCustomResourcePolicy.fromSdkCalls({
resources: AwsCustomResourcePolicy.ANY_RESOURCE,
}),
});
for (let i = 0; i < ipsCount; i++) {
ipAddresses.push(
ipAddressesRes
.getResponseFieldReference(`IpAddresses.${i}.Ip`)
.toString()
);
}
return ipAddresses.join(",");
}
Title -> AWS::Route53Resolver::ResolverEndpoint GetAtt for resolver ip-addresses Scope of request -> Make the ip-addresses available via GetAtt on AWS::Route53Resolver::ResolverEndpoint resource. Expected behavior -> !GetAtt InboundResolver.IpAddress Test case recommendation (optional) -> Links to existing API doc (optional) -> Category tag (optional) -> Networking & Content Any additional context (optional)
Please add a new attribute to ResolverEndpoint for ip-addresses. When resolver endpoint is created to subnets, resolver selects available ip-address from a subnet. There is no way to get those selected ip-address from a resolver. At least for INBOUND endpoint it would be really helpful to get ip-addresses via GetAtt.