feat(ec2): ESP and AH IPsec protocols for Security Groups (#13471)

hollanddd · web-flow · commit f5a6647bbe18 · 2021-03-09T12:37:05.000Z
First contribution. I've gone through the checklist and think i've managed to hit all the requirements. I'd like to contribute more and I'm taking it slow so let me know how I can improve my PRs Closes #13403 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/@aws-cdk/aws-ec2/lib/port.ts b/packages/@aws-cdk/aws-ec2/lib/port.ts
@@ -9,6 +9,8 @@ export enum Protocol {
   UDP = 'udp',
   ICMP = 'icmp',
   ICMPV6 = '58',
+  ESP = 'esp',
+  AH = 'ah',
 }
 
 /**
@@ -171,6 +173,30 @@ export class Port {
     });
   }
 
+  /**
+   * A single ESP port
+   */
+  public static esp(): Port {
+    return new Port({
+      protocol: Protocol.ESP,
+      fromPort: 50,
+      toPort: 50,
+      stringRepresentation: 'ESP 50',
+    });
+  }
+
+  /**
+   * A single AH port
+   */
+  public static ah(): Port {
+    return new Port({
+      protocol: Protocol.AH,
+      fromPort: 51,
+      toPort: 51,
+      stringRepresentation: 'AH 51',
+    });
+  }
+
   /**
    * Whether the rule containing this port range can be inlined into a securitygroup or not.
    */
diff --git a/packages/@aws-cdk/aws-ec2/package.json b/packages/@aws-cdk/aws-ec2/package.json
@@ -315,6 +315,8 @@
       "docs-public-apis:@aws-cdk/aws-ec2.Protocol.UDP",
       "docs-public-apis:@aws-cdk/aws-ec2.Protocol.ICMP",
       "docs-public-apis:@aws-cdk/aws-ec2.Protocol.ICMPV6",
+      "docs-public-apis:@aws-cdk/aws-ec2.Protocol.ESP",
+      "docs-public-apis:@aws-cdk/aws-ec2.Protocol.AH",
       "docs-public-apis:@aws-cdk/aws-ec2.WindowsVersion.WINDOWS_SERVER_2008_SP2_ENGLISH_64BIT_SQL_2008_SP4_EXPRESS",
       "docs-public-apis:@aws-cdk/aws-ec2.WindowsVersion.WINDOWS_SERVER_2012_R2_RTM_CHINESE_SIMPLIFIED_64BIT_BASE",
       "docs-public-apis:@aws-cdk/aws-ec2.WindowsVersion.WINDOWS_SERVER_2012_R2_RTM_CHINESE_TRADITIONAL_64BIT_BASE",
diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpc.expected.json
@@ -567,6 +567,20 @@
             "FromPort": 800,
             "IpProtocol": "udp",
             "ToPort": 801
+          },
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "from 0.0.0.0/0:ESP 50",
+            "FromPort": 50,
+            "IpProtocol": "esp",
+            "ToPort": 50
+          },
+          {
+            "CidrIp": "0.0.0.0/0",
+            "Description": "from 0.0.0.0/0:AH 51",
+            "FromPort": 51,
+            "IpProtocol": "ah",
+            "ToPort": 51
           }
         ],
         "VpcId": {
@@ -575,4 +589,4 @@
       }
     }
   }
-}
+}
diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc.ts b/packages/@aws-cdk/aws-ec2/test/integ.vpc.ts
@@ -16,6 +16,8 @@ const rules = [
   ec2.Port.allUdp(),
   ec2.Port.udp(123),
   ec2.Port.udpRange(800, 801),
+  ec2.Port.esp(),
+  ec2.Port.ah(),
 ];
 
 for (const rule of rules) {
