diff --git a/packages/@aws-cdk/aws-neptune-alpha/README.md b/packages/@aws-cdk/aws-neptune-alpha/README.md index 94189c5d0dfb3..6ca7fe9def0d0 100644 --- a/packages/@aws-cdk/aws-neptune-alpha/README.md +++ b/packages/@aws-cdk/aws-neptune-alpha/README.md @@ -149,6 +149,31 @@ new neptune.DatabaseInstance(this, 'Instance', { }); ``` +## Publicly accessible + +You can make instances publicly accessible by setting the `publiclyAccessible` property to `true` on the cluster. +Note that iam authentication is required for this to be enabled: + +```ts +new neptune.DatabaseCluster(this, 'Cluster', { + vpc, + instanceType: neptune.InstanceType.R5_LARGE, + publiclyAccessible: true, + iamAuthentication: true, +}); +``` + +Alternatively, you can also make individual instances publicly accessible, by setting the respective property on +the instance: + +```ts fixture=with-cluster +new neptune.DatabaseInstance(this, 'Instance', { + cluster, + instanceType: neptune.InstanceType.R5_LARGE, + publiclyAccessible: true, +}); +``` + ## Port By default, Neptune uses port `8182`. You can override the default port by specifying the `port` property: diff --git a/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts b/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts index ae8886694a9bc..4a0f2c240d8d1 100644 --- a/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts +++ b/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts @@ -400,6 +400,18 @@ export interface DatabaseClusterProps { * @default 8182 */ readonly port?: number; + + /** + * If set to true, the database instances in this cluster will be publicly accessible. + * + * Note that iamAuthentication must be enabled. + * + * @see DatabaseInstanceProps.publiclyAccessible + * @see https://docs.aws.amazon.com/neptune/latest/userguide/neptune-public-endpoints.html + * + * @default - false + */ + readonly publiclyAccessible?: boolean; } /** @@ -746,6 +758,7 @@ export class DatabaseCluster extends DatabaseClusterBase implements IDatabaseClu dbInstanceClass: props.instanceType._instanceType, dbParameterGroupName: props.parameterGroup?.parameterGroupName, autoMinorVersionUpgrade: props.autoMinorVersionUpgrade === true, + publiclyAccessible: props.publiclyAccessible === true, }); // We must have a dependency on the NAT gateway provider here to create diff --git a/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts b/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts index 1dd62cc08a4d4..87d27c66deed1 100644 --- a/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts +++ b/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts @@ -412,6 +412,15 @@ export interface DatabaseInstanceProps { * @default undefined */ readonly autoMinorVersionUpgrade?: boolean; + + /** + * Indicates whether the DB instance is publicly accessible. + * + * Note that iamAuthentication must be enabled on the cluster. + * + * @default - false + */ + readonly publiclyAccessible?: boolean; } /** @@ -513,6 +522,7 @@ export class DatabaseInstance extends DatabaseInstanceBase implements IDatabaseI availabilityZone: props.availabilityZone, dbInstanceIdentifier: props.dbInstanceName, dbParameterGroupName: props.parameterGroup?.parameterGroupName, + publiclyAccessible: props.publiclyAccessible, }); this.cluster = props.cluster; diff --git a/packages/@aws-cdk/aws-neptune-alpha/test/cluster.test.ts b/packages/@aws-cdk/aws-neptune-alpha/test/cluster.test.ts index a840bec941593..0254a03c494ac 100644 --- a/packages/@aws-cdk/aws-neptune-alpha/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-neptune-alpha/test/cluster.test.ts @@ -675,6 +675,41 @@ describe('DatabaseCluster', () => { }); }); + test('publiclyAccessible is enabled when configured', () => { + // GIVEN + const stack = testStack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + // WHEN + new DatabaseCluster(stack, 'Cluster', { + vpc, + instanceType: InstanceType.R5_LARGE, + publiclyAccessible: true, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Neptune::DBInstance', { + PubliclyAccessible: true, + }); + }); + + test('publiclyAccessible is not enabled when not configured', () => { + // GIVEN + const stack = testStack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + // WHEN + new DatabaseCluster(stack, 'Cluster', { + vpc, + instanceType: InstanceType.R5_LARGE, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Neptune::DBInstance', { + PubliclyAccessible: false, + }); + }); + test('cloudwatchLogsExports is enabled when configured', () => { // GIVEN const stack = testStack(); diff --git a/packages/@aws-cdk/aws-neptune-alpha/test/instance.test.ts b/packages/@aws-cdk/aws-neptune-alpha/test/instance.test.ts index 9917c492567b5..485ead73671c2 100644 --- a/packages/@aws-cdk/aws-neptune-alpha/test/instance.test.ts +++ b/packages/@aws-cdk/aws-neptune-alpha/test/instance.test.ts @@ -125,6 +125,23 @@ describe('DatabaseInstance', () => { }); }); + test.each([true, false])('instance with publiclyAccessible', (publiclyAccessible) => { + // GIVEN + const stack = testStack(); + + // WHEN + new DatabaseInstance(stack, 'Instance', { + cluster: stack.cluster, + instanceType: InstanceType.R5_LARGE, + publiclyAccessible, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Neptune::DBInstance', { + PubliclyAccessible: publiclyAccessible, + }); + }); + test('instance type from CfnParameter', () => { // GIVEN const stack = testStack(); diff --git a/packages/@aws-cdk/aws-neptune-alpha/test/integ.instance-publicly-accessible.ts b/packages/@aws-cdk/aws-neptune-alpha/test/integ.instance-publicly-accessible.ts new file mode 100644 index 0000000000000..dc315313d038c --- /dev/null +++ b/packages/@aws-cdk/aws-neptune-alpha/test/integ.instance-publicly-accessible.ts @@ -0,0 +1,54 @@ +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as cdk from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import { DatabaseCluster, DatabaseInstance, InstanceType } from '../lib'; +import { ClusterParameterGroup, ParameterGroupFamily } from '../lib/parameter-group'; + +/* + * Test creating a cluster without specifying engine version. + * This defaults to engine version >= 1.4.0.0 and associated parameter group with family neptune1.4 + * + * Stack verification steps: + * * aws docdb describe-db-clusters --db-cluster-identifier + */ + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'PubliclyAccessibleInstanceStack'); + +const vpc = new ec2.Vpc(stack, 'VPC', { maxAzs: 2, natGateways: 1 }); + +const clusterParameterGroup = new ClusterParameterGroup(stack, 'Params', { + description: 'A nice parameter group', + family: ParameterGroupFamily.NEPTUNE_1_4, + parameters: { + neptune_enable_audit_log: '1', + neptune_query_timeout: '100000', + }, +}); + +const cluster = new DatabaseCluster(stack, 'Database', { + vpc, + instanceType: InstanceType.R5_LARGE, + clusterParameterGroup, + removalPolicy: cdk.RemovalPolicy.DESTROY, + iamAuthentication: true, +}); + +new DatabaseInstance(stack, 'EnabledInstance', { + cluster, + instanceType: InstanceType.R5_LARGE, + removalPolicy: cdk.RemovalPolicy.DESTROY, + publiclyAccessible: true, +}); + +new DatabaseInstance(stack, 'DisabledInstance', { + cluster, + instanceType: InstanceType.R5_LARGE, + removalPolicy: cdk.RemovalPolicy.DESTROY, + publiclyAccessible: false, +}); + +new integ.IntegTest(app, 'PubliclyAccessibleInstanceInteg', { + testCases: [stack], +});