From 2aec1bc3e14b0de81fe15fd0ba76a1410f975557 Mon Sep 17 00:00:00 2001 From: DannyBlazejczak Date: Mon, 13 May 2024 17:03:41 +1000 Subject: [PATCH 1/2] fix: endpoint name issues for dkr.api and others --- lib/vpc-interface-endpoints-stack.ts | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/vpc-interface-endpoints-stack.ts b/lib/vpc-interface-endpoints-stack.ts index 265f834..e73aa20 100644 --- a/lib/vpc-interface-endpoints-stack.ts +++ b/lib/vpc-interface-endpoints-stack.ts @@ -75,8 +75,12 @@ export class VpcInterfaceEndpointsStack extends BuilderVpc { props.interfaceList.forEach((endpointName, index) => { // Our first three positions are com.amazonaws.{region}. We'll retain after that and sub our . for a - let endpointNameTemp = endpointName.split("."); - endpointNameTemp.splice(0, 3); - const endpointNameShort = endpointNameTemp.join("-"); + // endpoint for ecr.dkr was incorrectly named ecr-dkr + // "The Vpc Endpoint Service 'com.amazonaws.ap-southeast-2.ecr-dkr' does not exist (Service: Ec2, Status Code: 400" + // It is incorrect to assume that all endpoint service names use a dash, e.g. ecr.drk, ecr.api, airflow.api, airflow.env, airflow.ops, sagemaker.api, sagemaker.runtime-fips + // There are no fast rules here, take the input from the configuration instead. + const removed = endpointNameTemp.splice(0, 3); + const endpointNameShort = endpointName.replace(removed.join('.') + '.', ''); const endpoint = new ec2.InterfaceVpcEndpoint( this, @@ -102,7 +106,12 @@ export class VpcInterfaceEndpointsStack extends BuilderVpc { } // Create our private hosted zone where we have a private DNS name is available from our service - const endpointPrivateDnsName = this.lookupPrivateDnsName(endpointName); + // "Invalid request provided: Creation of hosted zone with a wildcard domain name is not supported. (Service: Route53, Status Code: 400" + // For the privateDnsName using 'ecr.dkr' resolved wrongly to '*.dkr.ecr.ap-southeast-2.amazonaws.com.' + // The tool discoverEndpoints was ran and did not update the privateDnsName for the endpoint, to remove the *. prefix + // which is invalid for DNS names. There are many endpoints with this issue. + // Hence removing the *. in front of the dns name here. + const endpointPrivateDnsName = this.lookupPrivateDnsName(endpointName).replace('*.', ''); // Confirm this endpoint is available in all the AZs our stack will be deployed to if(!this.serviceAvailableInAllAzs(endpointName)) { throw new Error(`Endpoint ${endpointName} is not available in all Availability Zones: ${this.availabilityZones.join(',')}`) From d3a0ea2704b10a11bb337c0a9038899ae2086d3c Mon Sep 17 00:00:00 2001 From: DannyBlazejczak Date: Tue, 14 May 2024 17:20:34 +1000 Subject: [PATCH 2/2] fix optional parameter --- lib/vpc-interface-endpoints-stack.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/vpc-interface-endpoints-stack.ts b/lib/vpc-interface-endpoints-stack.ts index e73aa20..73c6bcb 100644 --- a/lib/vpc-interface-endpoints-stack.ts +++ b/lib/vpc-interface-endpoints-stack.ts @@ -111,7 +111,7 @@ export class VpcInterfaceEndpointsStack extends BuilderVpc { // The tool discoverEndpoints was ran and did not update the privateDnsName for the endpoint, to remove the *. prefix // which is invalid for DNS names. There are many endpoints with this issue. // Hence removing the *. in front of the dns name here. - const endpointPrivateDnsName = this.lookupPrivateDnsName(endpointName).replace('*.', ''); + const endpointPrivateDnsName = this.lookupPrivateDnsName(endpointName)?.replace('*.', ''); // Confirm this endpoint is available in all the AZs our stack will be deployed to if(!this.serviceAvailableInAllAzs(endpointName)) { throw new Error(`Endpoint ${endpointName} is not available in all Availability Zones: ${this.availabilityZones.join(',')}`)