Feature/dxgw 19 (#20)

- Direct Connect Gateway stacks, tests, documentation
- Simplification of some test cases and config parsing code

bin/vpc-builder.ts

@@ -5,7 +5,7 @@ import { Stack } from "aws-cdk-lib"
 
 (async () => {
   try {
-    const stackBuilder = new StackBuilderClass();
+    const stackBuilder = new StackBuilderClass({});
     const cdkApp = stackBuilder.stackMapper.app;
 
     const configFile = cdkApp.node.tryGetContext("config");
@@ -16,7 +16,7 @@ import { Stack } from "aws-cdk-lib"
     } else {
       // When no configuration context provided, we will warn but not fail.  This allows 'cdk bootstrap', 'cdk help'
       // to continue to work as expected.
-      const dummyStack = new Stack(cdkApp, 'dummyStack', {})
+      new Stack(cdkApp, 'dummyStack', {})
       console.warn(
           "\nNo configuration provided.  Use a configuration file from the 'config' directory using the '-c config=[filename]' argument\n"
       );

config/config-walkthrough.yaml

@@ -248,6 +248,23 @@ vpns:
     # it must exist with the same name in the transitGateways section.
     useTransit: central
 
+# OPTIONAL:  These define an EXISTING Direct Connect Gateway attached to an EXISTING Transit Gateway
+# The Transit Gateway must be the same one you define under `transitGateways`.
+# When creating the Transit Gateway using vpcBuilder:
+# 1) Deploy the transit Gateway without modelling the `dxgws:`.
+# 2) Attach Direct Connect Gateway to the Transit Gateway deployed in 1)
+# 3) Create a Transit Gateway Route Table and associate it with the Direct Connect Gateway
+# 4) Model the `dxgws:` section below with the Transit Gateway ID, Route Table ID, and Attachment ID from above
+# 5) Refer to the dxgw in `routesTo:` sections in you Transit Gateway Below
+dxgws:
+  toGroundDataCentersDx:
+    # REQUIRED: Existing Transit Gateway (see above if you're relying on vpcBuilder to create the TGW)
+    existingTgwId: tgw-12345
+    # REQUIRED: Existing Transit Gateway Attachment Identifier for the Direct Connect Gateway
+    existingDxGwTransitGatewayAttachId: tgw-attach-12345
+    # REQUIRED: Existing Transit Gateway Route Table associated with the Direct Connect Gateway
+    existingDxGwTransitGatewayRouteTableId: tgw-rtb-12345
+
 # OPTIONAL|DEPENDANT.  If any VPCs refer to, providers are defined, or VPNs are defined, this section is required.
 # this describes the transit gateways to create (NOTE: at-present we only support one per config file).
 transitGateways:
@@ -264,7 +281,7 @@ transitGateways:
     defaultRoutes:
         # REQUIRED: The name of the thing we're routing from.  This can be a VPC, or a Provider name.
       - vpcName: workload
-        # REQUIRED: The name of the thing we're routing toward.  This can be a VPC, VPN, or Provider name.
+        # REQUIRED: The name of the thing we're routing toward.  This can be a VPC, VPN, DxGw, or Provider name.
         routesTo: egressViaNat
         # OPTIONAL: If we're going to inspect the traffic.  This must be the name of a firewall provider.  Routes are adjusted automatically
         # to assure it passes through the inspection VPC before arriving at its routesTo and vice versa.
@@ -277,7 +294,7 @@ transitGateways:
     dynamicRoutes:
         # REQUIRED: The name of the thing we're routing from.  This can be a VPC, or a Provider name.
       - vpcName: workload
-        # REQUIRED: The name of the thing we're routing toward.  This can be a VPC, VPN, or Provider name.
+        # REQUIRED: The name of the thing we're routing toward.  This can be a VPC, VPN, DxGw, or Provider name.
         routesTo: workloadTwo
         # OPTIONAL: The name of the firewall provider to inspect traffic.  Routes adjust automatically.
         # NOTE: inspectedBy is not available for VPN connections with a dynamic route.  Use Static, or Default route instead.
@@ -288,7 +305,7 @@ transitGateways:
     staticRoutes:
         # REQUIRED: The name of the thing we're routing from.  This can be a VPC, or a Provider name.
       - vpcName: workload
-        # REQUIRED: The name of the thing we're routing toward.  This can be a VPC, VPN, or Provider name.
+        # REQUIRED: The name of the thing we're routing toward.  This can be a VPC, VPN, DxGw or Provider name.
         routesTo: toGroundDataCenterOne
         # REQUIRED: the CIDR address for the static route entry
         staticCidr: 192.168.168.0/24

lambda/findVpnTransitGatewayAttachId/index.ts

@@ -48,9 +48,8 @@ export const onEvent = async (event: CdkCustomResourceEvent) => {
   };
 
   if (event.RequestType == "Create" || event.RequestType == "Update") {
-    const transitGatewayAttachId = await findVpnTransitGatewayAttachId(
-      requestProps,
-    );
+    const transitGatewayAttachId =
+      await findVpnTransitGatewayAttachId(requestProps);
     console.info(`Retrieved identifier: ${transitGatewayAttachId}`);
     responseProps.Data = {
       transitGatewayAttachId: transitGatewayAttachId,

lib/abstract-builderdxgw.ts

@@ -0,0 +1,73 @@
+import * as cdk from "aws-cdk-lib";
+import { Construct } from "constructs";
+import {
+  IBuilderTgwStaticRoutes,
+  IBuilderDxGw,
+  IBuilderDxGwProps,
+  ITgwAttachType,
+  ITgwPropagateRouteAttachmentName,
+  ssmParameterImport,
+  ITgw,
+  ITgwRouteTable,
+  ITgwAttachment,
+} from "./types";
+import * as ssm from "aws-cdk-lib/aws-ssm";
+
+export abstract class BuilderDxGw extends cdk.Stack implements IBuilderDxGw {
+  name: string;
+  globalPrefix: string;
+  // Always attached to a Transit Gateway
+  withTgw: true;
+  // Always false since this isn't VPC Based
+  tgwCreateTgwSubnets: false;
+  tgwAttachType: ITgwAttachType = "dxgw"
+  tgw: ITgw;
+  tgwRouteTable: ITgwRouteTable;
+  tgwRouteTableSsm: ssmParameterImport;
+  tgwAttachment: ITgwAttachment;
+  tgwAttachmentSsm: ssmParameterImport;
+  tgwPropagateRouteAttachmentNames: Array<ITgwPropagateRouteAttachmentName> =
+    [];
+  // Blackhole CIDRs not applicable for an imported DxGw
+  readonly tgwBlackHoleCidrs: [];
+  tgwStaticRoutes: Array<IBuilderTgwStaticRoutes> = [];
+  tgwDefaultRouteAttachmentName: ITgwPropagateRouteAttachmentName;
+  props: IBuilderDxGwProps;
+
+  protected constructor(scope: Construct, id: string, props: IBuilderDxGwProps) {
+    super(scope, id, props);
+    this.props = props;
+    this.globalPrefix = props.globalPrefix.toLowerCase();
+  }
+
+  // We only support imports, but this method is common to all stacks so needs to be present
+  saveTgwRouteInformation() {
+  }
+
+  async init() {}
+
+  createSsmParameters() {
+    const prefix =
+      `${this.props.ssmParameterPrefix}/networking/${this.globalPrefix}/dxgw/${this.name}`.toLowerCase();
+
+    this.tgwRouteTableSsm = {
+      name: `${prefix}/tgwRouteId`,
+    };
+    new ssm.StringParameter(this, `ssmDxGwTgwRouteTableSsm`, {
+      parameterName: `${prefix}/tgwRouteId`,
+      stringValue: this.tgwRouteTable.ref,
+    });
+
+    this.tgwAttachmentSsm = {
+      name: `${prefix}/tgwAttachId`,
+    };
+    new ssm.StringParameter(this, `ssmDxGwTgwAttachIdSsm`, {
+      parameterName: `${prefix}/tgwAttachId`,
+      stringValue: this.tgwAttachment.attrId,
+    });
+  }
+
+  // We only support imports, but this method is common to all stacks so needs to be present
+  attachToTGW() {
+  }
+}

lib/cdk-export-presistence-stack.ts

@@ -1,10 +1,10 @@
 import * as cdk from "aws-cdk-lib";
 import { Construct } from "constructs";
 import { BuilderVpc } from "./abstract-buildervpc";
-import { IBuilderVpc, IBuilderVpn } from "./types";
+import {IBuilderDxGw, IBuilderVpc, IBuilderVpn} from "./types";
 
 export interface ICdkExportPersistenceProps extends cdk.StackProps {
-  persistExports: Array<IBuilderVpc | IBuilderVpn>;
+  persistExports: Array<IBuilderVpc | IBuilderVpn | IBuilderDxGw>;
 }
 
 export class CdkExportPersistenceStack extends cdk.Stack {

lib/config/config-schema.json

@@ -57,6 +57,32 @@
             ],
             "type": "object"
         },
+        "IConfigDxGw": {
+            "additionalProperties": false,
+            "properties": {
+                "existingDxGwTransitGatewayAttachId": {
+                    "type": "string"
+                },
+                "existingDxGwTransitGatewayRouteTableId": {
+                    "type": "string"
+                },
+                "existingTgwId": {
+                    "type": "string"
+                }
+            },
+            "required": [
+                "existingDxGwTransitGatewayAttachId",
+                "existingDxGwTransitGatewayRouteTableId",
+                "existingTgwId"
+            ],
+            "type": "object"
+        },
+        "IConfigDxGws": {
+            "additionalProperties": {
+                "$ref": "#/definitions/IConfigDxGw"
+            },
+            "type": "object"
+        },
         "IConfigGlobal": {
             "additionalProperties": false,
             "properties": {
@@ -576,6 +602,9 @@
         "dns": {
             "$ref": "#/definitions/IConfigDns"
         },
+        "dxgws": {
+            "$ref": "#/definitions/IConfigDxGws"
+        },
         "global": {
             "$ref": "#/definitions/IConfigGlobal"
         },

lib/config/config-types.ts

@@ -113,6 +113,20 @@ export interface IConfigVpns {
   [key: string]: IConfigVpn;
 }
 
+/*
+ ****** Direct Connect Gateways:
+ */
+
+export interface IConfigDxGw {
+  existingTgwId: string;
+  existingDxGwTransitGatewayAttachId: string;
+  existingDxGwTransitGatewayRouteTableId: string;
+}
+
+export interface IConfigDxGws {
+  [key: string]: IConfigDxGw;
+}
+
 /*
  ****** dns:
  */
@@ -215,6 +229,7 @@ export interface IConfig {
   providers?: IConfigProviders;
   vpcs: IConfigVpcs;
   vpns?: IConfigVpns;
+  dxgws?: IConfigDxGws;
   dns?: IConfigDns;
   transitGateways?: IConfigTgws;
 }