-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add VPCe for all aws services #1010
Add VPCe for all aws services #1010
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1010 +/- ##
=========================================
Coverage 80.16% 80.16%
Complexity 2720 2720
=========================================
Files 370 370
Lines 13624 13624
Branches 938 938
=========================================
Hits 10922 10922
Misses 2131 2131
Partials 571 571
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
d90fa13
to
f7b89e1
Compare
Signed-off-by: Andre Kurait <[email protected]>
f7b89e1
to
a22728a
Compare
@@ -126,7 +166,10 @@ export class NetworkStack extends Stack { | |||
cidrMask: 24, | |||
}, | |||
], | |||
natGateways: 0, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What subnets get created with this? Previously was 2 public and 2 private. Would this now be only 2 isolated subnets?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also expected this to be more of a breaking change but the Jenkins job passed...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We still have 2 private and 2 public. The public are attached to an Internet Gateway that allows outside communication. The private do not have a NAT gateway so they are isolated within the VPC aside from the VPC Endpoints that connect into it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah I see, and wouldn't expect our Jenkins job to be affected since the elasticsearch ec2 CDK is creating the VPC
Description
Remove public communication from migration assistant services by removing VPC and declaring VPCe's for all services.
Issues Resolved
https://opensearch.atlassian.net/browse/MIGRATIONS-1969
Is this a backport? If so, please add backport PR # and/or commits #
Testing
Deployed and ran migration console commands in us-east-1 and us-gov-west-1
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.