diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts index d873cb30fc59a..1b343b7383d8e 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts @@ -849,11 +849,32 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ 'servicecatalog', 'sms', 'sqs', 'states', 'sts', 'sync-states', 'synthetics', 'transcribe', 'transcribestreaming', 'transfer', 'workspaces', 'xray'], 'eusc-de-east-1': ['ecr.dkr', 'ecr.api', 'execute-api', 'securityhub'], + 'us-iso-east-1': ['application-autoscaling', 'athena', 'autoscaling', 'comprehend', 'diode-messaging', + 'diode-messaging-proxy', 'ebs', 'ec2', 'ecr.api', 'ecr.dkr', 'elasticfilesystem', 'elasticfilesystem-fips', + 'execute-api', 'sagemaker.api', 'sagemaker.runtime', 'sns', 'sqs', 'textract', 'textract-fips', 'transcribe', + 'workspaces'], + 'us-iso-west-1': ['autoscaling', 'ebs', 'ec2', 'ecr.api', 'ecr.dkr', 'elasticfilesystem', 'elasticfilesystem-fips', + 'execute-api', 'monitoring', 'sns', 'sqs', 'workspaces'], + 'us-isob-east-1': ['application-autoscaling', 'autoscaling', 'diode-messaging', 'diode-messaging-proxy', 'ebs', + 'ec2', 'ecr.api', 'ecr.dkr', 'elasticfilesystem', 'elasticfilesystem-fips', 'execute-api', 'sagemaker.api', + 'sagemaker.runtime', 'sns', 'sqs', 'workspaces'], + 'us-isob-west-1': ['ecr.api', 'ecr.dkr', 'elasticfilesystem-fips', 'execute-api'], + 'us-isof-south-1': ['ebs', 'ecr.api', 'ecr.dkr', 'execute-api'], + 'us-isof-east-1': ['ebs', 'ecr.api', 'ecr.dkr', 'execute-api'], }; if (VPC_ENDPOINT_SERVICE_EXCEPTIONS[region]?.includes(name)) { switch (region) { case 'eusc-de-east-1': return 'eu.amazonaws'; + case 'us-iso-east-1': + case 'us-iso-west-1': + return 'gov.ic.c2s'; + case 'us-isob-east-1': + case 'us-isob-west-1': + return 'gov.sgov.sc2s'; + case 'us-isof-south-1': + case 'us-isof-east-1': + return 'gov.ic.hci.csp'; case 'cn-north-1': case 'cn-northwest-1': return 'cn.com.amazonaws'; diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts index 2f3d227912a81..7a39c8e1dd19c 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts @@ -891,6 +891,120 @@ describe('vpc endpoint', () => { }); }); + test.each([ + ['us-iso-east-1', 'gov.ic.c2s'], + ['us-iso-west-1', 'gov.ic.c2s'], + ])('test vpc interface endpoint with %s prefix can be created correctly in %s', (region: string, prefix: string) => { + // GIVEN + const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region } }); + const vpc = new Vpc(stack, 'VPC'); + + // WHEN + vpc.addInterfaceEndpoint('ECR Endpoint', { + service: InterfaceVpcEndpointAwsService.ECR, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpoint', { + ServiceName: `${prefix}.${region}.ecr.api`, + }); + }); + + test.each([ + ['us-iso-east-1'], + ['us-iso-west-1'], + ])('test vpc interface endpoint without gov.ic.c2s prefix can be created correctly in %s', (region: string) => { + // GIVEN + const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region } }); + const vpc = new Vpc(stack, 'VPC'); + + // WHEN + vpc.addInterfaceEndpoint('ECS Endpoint', { + service: InterfaceVpcEndpointAwsService.ECS, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpoint', { + ServiceName: `com.amazonaws.${region}.ecs`, + }); + }); + + test.each([ + ['us-isob-east-1', 'gov.sgov.sc2s'], + ['us-isob-west-1', 'gov.sgov.sc2s'], + ])('test vpc interface endpoint with %s prefix can be created correctly in %s', (region: string, prefix: string) => { + // GIVEN + const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region } }); + const vpc = new Vpc(stack, 'VPC'); + + // WHEN + vpc.addInterfaceEndpoint('ECR Endpoint', { + service: InterfaceVpcEndpointAwsService.ECR, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpoint', { + ServiceName: `${prefix}.${region}.ecr.api`, + }); + }); + + test.each([ + ['us-isob-east-1'], + ['us-isob-west-1'], + ])('test vpc interface endpoint without gov.sgov.sc2s prefix can be created correctly in %s', (region: string) => { + // GIVEN + const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region } }); + const vpc = new Vpc(stack, 'VPC'); + + // WHEN + vpc.addInterfaceEndpoint('ECS Endpoint', { + service: InterfaceVpcEndpointAwsService.ECS, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpoint', { + ServiceName: `com.amazonaws.${region}.ecs`, + }); + }); + + test.each([ + ['us-isof-south-1', 'gov.ic.hci.csp'], + ['us-isof-east-1', 'gov.ic.hci.csp'], + ])('test vpc interface endpoint with %s prefix can be created correctly in %s', (region: string, prefix: string) => { + // GIVEN + const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region } }); + const vpc = new Vpc(stack, 'VPC'); + + // WHEN + vpc.addInterfaceEndpoint('ECR Endpoint', { + service: InterfaceVpcEndpointAwsService.ECR, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpoint', { + ServiceName: `${prefix}.${region}.ecr.api`, + }); + }); + + test.each([ + ['us-isof-south-1'], + ['us-isof-east-1'], + ])('test vpc interface endpoint without gov.ic.hci.csp prefix can be created correctly in %s', (region: string) => { + // GIVEN + const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region } }); + const vpc = new Vpc(stack, 'VPC'); + + // WHEN + vpc.addInterfaceEndpoint('ECS Endpoint', { + service: InterfaceVpcEndpointAwsService.ECS, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpoint', { + ServiceName: `com.amazonaws.${region}.ecs`, + }); + }); + test('test codeartifact vpc interface endpoint in us-west-2', () => { // GIVEN const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region: 'us-west-2' } });