Skip to content

Commit b6957f5

Browse files
naveenkoppulanaveenkoppula
authored
fix(core): Fixing VPN Tunnel options for Static cgw routing (#751)
* Fixing VPN Tunnel options for Static cgw routing * Fixing tests
1 parent d9cfd07 commit b6957f5

File tree

3 files changed

+16
-12
lines changed

3 files changed

+16
-12
lines changed

src/deployments/cdk/src/deployments/firewall/cluster/outputs.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -45,17 +45,17 @@ export const FirewallPortOutputFinder = createStructuredOutputFinder(FirewallPor
4545
export const FirewallVpnTunnelOptions = t.interface({
4646
cgwTunnelInsideAddress1: t.string,
4747
cgwTunnelOutsideAddress1: t.string,
48-
cgwBgpAsn1: t.string,
48+
cgwBgpAsn1: optional(t.string),
4949
vpnTunnelInsideAddress1: t.string,
5050
vpnTunnelOutsideAddress1: t.string,
51-
vpnBgpAsn1: t.string,
51+
vpnBgpAsn1: optional(t.string),
5252
preSharedSecret1: t.string,
5353
cgwTunnelInsideAddress2: t.string,
5454
cgwTunnelOutsideAddress2: t.string,
55-
cgwBgpAsn2: t.string,
55+
cgwBgpAsn2: optional(t.string),
5656
vpnTunnelInsideAddress2: t.string,
5757
vpnTunnelOutsideAddress2: t.string,
58-
vpnBgpAsn2: t.string,
58+
vpnBgpAsn2: optional(t.string),
5959
preSharedSecret2: t.string,
6060
});
6161

src/deployments/cdk/src/deployments/firewall/cluster/step-2.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -145,17 +145,17 @@ async function createCustomerGateways(props: {
145145
vpnTunnelOptions = {
146146
cgwTunnelInsideAddress1: options.getAttString('CgwInsideIpAddress1'),
147147
cgwTunnelOutsideAddress1: options.getAttString('CgwOutsideIpAddress1'),
148-
cgwBgpAsn1: options.getAttString('CgwBgpAsn1'),
148+
cgwBgpAsn1: firewallCgwRouting === 'dynamic' ? options.getAttString('CgwBgpAsn1') : undefined,
149149
vpnTunnelInsideAddress1: options.getAttString('VpnInsideIpAddress1'),
150150
vpnTunnelOutsideAddress1: options.getAttString('VpnOutsideIpAddress1'),
151-
vpnBgpAsn1: options.getAttString('VpnBgpAsn1'),
151+
vpnBgpAsn1: firewallCgwRouting === 'dynamic' ? options.getAttString('VpnBgpAsn1') : undefined,
152152
preSharedSecret1: options.getAttString('PreSharedKey1'),
153153
cgwTunnelInsideAddress2: options.getAttString('CgwInsideIpAddress2'),
154154
cgwTunnelOutsideAddress2: options.getAttString('CgwOutsideIpAddress2'),
155-
cgwBgpAsn2: options.getAttString('CgwBgpAsn2'),
155+
cgwBgpAsn2: firewallCgwRouting === 'dynamic' ? options.getAttString('CgwBgpAsn2') : undefined,
156156
vpnTunnelInsideAddress2: options.getAttString('VpnInsideIpAddress2'),
157157
vpnTunnelOutsideAddress2: options.getAttString('VpnOutsideIpAddress2'),
158-
vpnBgpAsn2: options.getAttString('VpnBgpAsn2'),
158+
vpnBgpAsn2: firewallCgwRouting === 'dynamic' ? options.getAttString('VpnBgpAsn2') : undefined,
159159
preSharedSecret2: options.getAttString('PreSharedKey2'),
160160
};
161161

src/lib/cdk-constructs/src/firewall/instance.ts

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,16 +10,16 @@ import { CfnSleep } from '@aws-accelerator/custom-resource-cfn-sleep';
1010
export interface FirewallVpnTunnelOptions {
1111
cgwTunnelInsideAddress1: string;
1212
cgwTunnelOutsideAddress1: string;
13-
cgwBgpAsn1: string;
1413
vpnTunnelInsideAddress1: string;
1514
vpnTunnelOutsideAddress1: string;
16-
vpnBgpAsn1: string;
1715
preSharedSecret1: string;
1816
preSharedSecret2: string;
1917
vpnTunnelInsideAddress2: string;
2018
vpnTunnelOutsideAddress2: string;
2119
cgwTunnelInsideAddress2: string;
2220
cgwTunnelOutsideAddress2: string;
21+
cgwBgpAsn1?: string;
22+
vpnBgpAsn1?: string;
2323
}
2424

2525
export interface FirewallConfigurationProps {
@@ -171,10 +171,14 @@ export class FirewallInstance extends cdk.Construct {
171171
if (vpnTunnelOptions) {
172172
this.template.addReplacement(`\${${name}CgwTunnelOutsideAddress1}`, vpnTunnelOptions?.cgwTunnelOutsideAddress1);
173173
this.template.addReplacement(`\${${name}CgwTunnelInsideAddress1}`, vpnTunnelOptions?.cgwTunnelInsideAddress1);
174-
this.template.addReplacement(`\${${name}CgwBgpAsn1}`, vpnTunnelOptions?.cgwBgpAsn1);
174+
if (vpnTunnelOptions?.cgwBgpAsn1) {
175+
this.template.addReplacement(`\${${name}CgwBgpAsn1}`, vpnTunnelOptions?.cgwBgpAsn1);
176+
}
175177
this.template.addReplacement(`\${${name}VpnTunnelOutsideAddress1}`, vpnTunnelOptions?.vpnTunnelOutsideAddress1);
176178
this.template.addReplacement(`\${${name}VpnTunnelInsideAddress1}`, vpnTunnelOptions?.vpnTunnelInsideAddress1);
177-
this.template.addReplacement(`\${${name}VpnBgpAsn1}`, vpnTunnelOptions?.vpnBgpAsn1);
179+
if (vpnTunnelOptions?.vpnBgpAsn1) {
180+
this.template.addReplacement(`\${${name}VpnBgpAsn1}`, vpnTunnelOptions?.vpnBgpAsn1);
181+
}
178182
this.template.addReplacement(`\${${name}PreSharedSecret1}`, vpnTunnelOptions?.preSharedSecret1);
179183
this.template.addReplacement(`\${${name}CgwTunnelOutsideAddress2}`, vpnTunnelOptions?.cgwTunnelOutsideAddress2);
180184
this.template.addReplacement(`\${${name}CgwTunnelInsideAddress2}`, vpnTunnelOptions?.cgwTunnelInsideAddress2);

0 commit comments

Comments
 (0)