The IoT Static IP Endpoints Solution provides the capability to route all traffic through a set of static IP addresses to other AWS or Internet services
License: Apache License 2.0
Describe the bug
I am following the steps to build and deploy the solution using AWS cloudShell but it is not succeeding
error:
`CDK version 1.143.0
------ EXEC npm run build
[email protected] build /home/cloudshell-user/iot-static-ip-endpoints/source
tsc
lib/GreengrassVpnService.ts:90:7 - error TS2322: Type 'SolutionVpc' is not assignable to type 'IVpc'.
90 vpc: props.vpc,
~~~
node_modules/@aws-cdk/aws-ec2/lib/security-group.d.ts:184:14
184 readonly vpc: IVpc;
~~~
The expected type comes from property 'vpc' which is declared here on type 'SecurityGroupProps'
lib/GreengrassVpnService.ts:98:7 - error TS2322: Type 'SolutionVpc' is not assignable to type 'IVpc'.
98 vpc: props.vpc,
~~~
node_modules/@aws-cdk/aws-efs/lib/efs-file-system.d.ts:151:14
151 readonly vpc: ec2.IVpc;
~~~
The expected type comes from property 'vpc' which is declared here on type 'FileSystemProps'
lib/NLBEC2Service.ts:128:7 - error TS2739: Type 'SolutionVpc' is missing the following properties from type 'IVpc': vpcArn, addClientVpnEndpoint, applyRemovalPolicy
128 vpc: props.vpc
~~~
node_modules/@aws-cdk/aws-ec2/lib/security-group.d.ts:184:14
184 readonly vpc: IVpc;
~~~
The expected type comes from property 'vpc' which is declared here on type 'SecurityGroupProps'
lib/NLBEC2Service.ts:161:7 - error TS2322: Type 'SolutionVpc' is not assignable to type 'IVpc'.
161 vpc: props.vpc,
~~~
node_modules/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.d.ts:328:14
328 readonly vpc: ec2.IVpc;
~~~
The expected type comes from property 'vpc' which is declared here on type 'AutoScalingGroupProps'
lib/NLBGlobalAccelerator.ts:15:84 - error TS2305: Module '"@aws-cdk/aws-globalaccelerator"' has no exported member 'EndpointConfiguration'.
15 import { Accelerator, Listener, EndpointGroup, CfnAccelerator, ConnectionProtocol, EndpointConfiguration } from "@aws-cdk/aws-globalaccelerator"
~~~~~~~~~~~~~~~~~~~~~
lib/SolutionSubnet.ts:17:14 - error TS2420: Class 'SolutionSubnet' incorrectly implements interface 'ISubnet'.
Property 'applyRemovalPolicy' is missing in type 'SolutionSubnet' but required in type 'ISubnet'.
17 export class SolutionSubnet implements ISubnet {
~~~~~~~~~~~~~~
node_modules/@aws-cdk/core/lib/resource.d.ts:76:5
76 applyRemovalPolicy(policy: RemovalPolicy): void;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'applyRemovalPolicy' is declared here.
lib/SolutionVpc.ts:54:14 - error TS2420: Class 'SolutionVpc' incorrectly implements interface 'IVpc'.
Type 'SolutionVpc' is missing the following properties from type 'IVpc': vpcArn, addClientVpnEndpoint, applyRemovalPolicy
54 export class SolutionVpc extends Construct implements IVpc {
~~~~~~~~~~~
lib/SolutionVpc.ts:283:9 - error TS2741: Property 'applyRemovalPolicy' is missing in type 'SolutionSubnet' but required in type 'ISubnet'.
283 new SolutionSubnet(this.cfnPublicSubnets[0], this.publicRouteTable),
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
node_modules/@aws-cdk/core/lib/resource.d.ts:76:5
76 applyRemovalPolicy(policy: RemovalPolicy): void;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'applyRemovalPolicy' is declared here.
lib/SolutionVpc.ts:284:9 - error TS2322: Type 'SolutionSubnet' is not assignable to type 'ISubnet'.
284 new SolutionSubnet(this.cfnPublicSubnets[1], this.publicRouteTable)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/SolutionVpc.ts:292:9 - error TS2322: Type 'SolutionSubnet' is not assignable to type 'ISubnet'.
292 new SolutionSubnet(this.cfnPrivateSubnets[0], this.privateRouteTables[0]),
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/SolutionVpc.ts:293:9 - error TS2322: Type 'SolutionSubnet' is not assignable to type 'ISubnet'.
293 new SolutionSubnet(this.cfnPrivateSubnets[1], this.privateRouteTables[1])
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/SolutionVpc.ts:312:5 - error TS2741: Property 'applyRemovalPolicy' is missing in type '{ subnetId: any; availabilityZone: any; internetConnectivityEstablished: boolean; ipv4CidrBlock: string; readonly routeTable: IRouteTable; associateNetworkAcl(): void; readonly node: ConstructNode; readonly env: ResourceEnvironment; readonly stack: Stack; }' but required in type 'ISubnet'.
312 return {
~~~~~~~~
313 subnetId: ifNat(pri.subnetId, pub.subnetId),
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
...
331 }
~~~~~~~
332 }
~~~~~
node_modules/@aws-cdk/core/lib/resource.d.ts:76:5
76 applyRemovalPolicy(policy: RemovalPolicy): void;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'applyRemovalPolicy' is declared here.
test/SolutionSubnet.spec.ts:42:9 - error TS2571: Object is of type 'unknown'.
42 if (err.message !== "Not implemented") {
~~~
test/SolutionSubnet.spec.ts:55:9 - error TS2571: Object is of type 'unknown'.
55 if (err.message !== "Not implemented") {
~~~
test/SolutionVpc.spec.ts:200:9 - error TS2571: Object is of type 'unknown'.
200 if (err.message !== "not implemented") {
~~~
test/SolutionVpc.spec.ts:208:9 - error TS2571: Object is of type 'unknown'.
208 if (err.message !== "not implemented") {
~~~
test/SolutionVpc.spec.ts:216:9 - error TS2571: Object is of type 'unknown'.
216 if (err.message !== "not implemented") {
~~~
test/SolutionVpc.spec.ts:224:9 - error TS2571: Object is of type 'unknown'.
224 if (err.message !== "not implemented") {
~~~
test/SolutionVpc.spec.ts:232:9 - error TS2571: Object is of type 'unknown'.
232 if (err.message !== "not implemented") {
~~~
test/SolutionVpc.spec.ts:254:9 - error TS2571: Object is of type 'unknown'.
254 if (err.message !== "not implemented") {
~~~
test/SolutionVpc.spec.ts:262:9 - error TS2571: Object is of type 'unknown'.
262 if (err.message !== "not implemented") {
~~~
test/SolutionVpc.spec.ts:270:9 - error TS2571: Object is of type 'unknown'.
270 if (err.message !== "vpc.isolatedSubnets Not Implemented") {
~~~
test/SolutionVpc.spec.ts:278:9 - error TS2571: Object is of type 'unknown'.
278 if (err.message !== "vpc.vpnGatewayId Not Implemented") {
~~~
test/SolutionVpc.spec.ts:286:9 - error TS2571: Object is of type 'unknown'.
286 if (err.message !== "vpc.internetConnectivityEstablished Not Implemented") {
~~~
test/SolutionVpc.spec.ts:294:9 - error TS2571: Object is of type 'unknown'.
294 if (err.message !== "vpc.env Not Implemented") {
~~~
test/SolutionVpc.spec.ts:302:9 - error TS2571: Object is of type 'unknown'.
302 if (err.message !== "vpc.enableVpnGateway Not Implemented") {
~~~
test/SolutionVpc.spec.ts:310:9 - error TS2571: Object is of type 'unknown'.
310 if (err.message !== "vpc.addVpnConnection Not Implemented") {
~~~
test/SolutionVpc.spec.ts:318:9 - error TS2571: Object is of type 'unknown'.
318 if (err.message !== "vpc.addGatewayEndpoint Not Implemented") {
~~~
test/SolutionVpc.spec.ts:326:9 - error TS2571: Object is of type 'unknown'.
326 if (err.message !== "vpc.addInterfaceEndpoint Not Implemented") {
~~~
test/SolutionVpc.spec.ts:334:9 - error TS2571: Object is of type 'unknown'.
334 if (err.message !== "vpc.addFlowLog Not Implemented") {
~~~
Found 30 errors.
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] build: tsc
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] build script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/cloudshell-user/.npm/_logs/2022-02-08T17_23_07_794Z-debug.log
Aborted - rc=1`
Is your feature request related to a problem? Please describe.
The solution works, but in it's current form allows the IoT Gateway to access any internet based hosts, so thinking of potential security exposures it grants open access from inside the customer network well beyond the connectivity required for IoT operation
Describe the feature you'd like
I would like a prescribed solution that limits the connectivity through the VPN to only the AWS services required to operate an AWS IoT solution. Specifically preventing access (via the VPN) for the IoT device/Core to potentially malicious hosts on the internet. In an ideal world the any solution should not introduce further overhead in needing to scale infrastructure from a customer perspective.
Additional context
Add any other context or screenshots about the feature request here.
Firstly, I am not reporting a bug.
I could build and install the solution, but I don't understand how I can use this. I don't find any documentation for using static ip setup for IoT.
Describe the bug
The link to the documentation in the "Getting Started" section of readme.md gives a 404
To Reproduce
Click the link
Expected behavior
Should point to https://docs.aws.amazon.com/solutions/latest/iot-static-ip-endpoints/overview.html
Please complete the following information about the solution:
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
