feat(elasticloadbalancingv2): alb dualstack without public ipv4

[mazyu36]

Issue # (if applicable)

Closes #30256.

Reason for this change

ALB supported a new dual-stack ALB without public IPv4.

https://aws.amazon.com/jp/about-aws/whats-new/2024/05/application-load-balancer-ipv6-internet-clients/

Description of changes

Add IpAddressType.DUAL_STACK_WITHOUT_PUBLIC_IPV4

Description of how you validated changes

Add unit tests & integ tests

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[watany-dev]

To cdkteam, why not keep the IpAddressType.DUAL_STACK_WITHOUT_PUBLIC_IPV4 identifier but add the IpAddressType.IPV6 alias? This is essentially easy to understand.

[pahud]

do you have the link of the document about this restriction?

[mazyu36]

@pahud
Thank you for your comment.
That restriction is not mentioned in the documentation, but it is stated on the management console.

If the internal scheme is selected, the "Dual-stack without public IPv4" option disappears and cannot be configured.

[pahud]

Awesome!

[pahud]

DUAL_STACK_WITHOUT_PUBLIC_IPV4 supports ALB only, should we have a check that if the elbv2 with that ipAddressType is not ALB we should throw the error?

Should we add this in base-load-balancer.ts?

    // DUAL_STACK_WITHOUT_PUBLIC_IPV4 only available for ALB
    if (additionalProps.ipAddressType === IpAddressType.DUAL_STACK_WITHOUT_PUBLIC_IPV4 &&
      additionalProps.type !== cxschema.LoadBalancerType.APPLICATION) {
      throw new Error(`'ipAddressType' DUAL_STACK_WITHOUT_PUBLIC_IPV4 can only be used with ALB, got ${additionalProps.type}`);
    }

[pahud]

To cdkteam, why not keep the IpAddressType.DUAL_STACK_WITHOUT_PUBLIC_IPV4 identifier but add the IpAddressType.IPV6 alias? This is essentially easy to understand.

At this moment, CFN does not have ipv6 in its IpAddressType. I would avoid using that because it could mean something else when CFN adds that in the future.

[mazyu36]

DUAL_STACK_WITHOUT_PUBLIC_IPV4 supports ALB only, should we have a check that if the elbv2 with that ipAddressType is not ALB we should throw the error?

Should we add this in base-load-balancer.ts?

    // DUAL_STACK_WITHOUT_PUBLIC_IPV4 only available for ALB
    if (additionalProps.ipAddressType === IpAddressType.DUAL_STACK_WITHOUT_PUBLIC_IPV4 &&
      additionalProps.type !== cxschema.LoadBalancerType.APPLICATION) {
      throw new Error(`'ipAddressType' DUAL_STACK_WITHOUT_PUBLIC_IPV4 can only be used with ALB, got ${additionalProps.type}`);
    }

DUAL_STACK_WITHOUT_PUBLIC_IPV4 supports ALB only, should we have a check that if the elbv2 with that ipAddressType is not ALB we should throw the error?

Should we add this in base-load-balancer.ts?

    // DUAL_STACK_WITHOUT_PUBLIC_IPV4 only available for ALB
    if (additionalProps.ipAddressType === IpAddressType.DUAL_STACK_WITHOUT_PUBLIC_IPV4 &&
      additionalProps.type !== cxschema.LoadBalancerType.APPLICATION) {
      throw new Error(`'ipAddressType' DUAL_STACK_WITHOUT_PUBLIC_IPV4 can only be used with ALB, got ${additionalProps.type}`);
    }

@pahud
Thank you. I also thought it would be better to have validation.
I have added the validation and a unit test.

[urda]

Featured in the weekly roundup, adding this quickly will help teams drive lower costs.

[mazyu36]

@comcalvi
Thank you for the review!
I've updated.

[aws-cdk-automation]

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mazyu36]

@Mergifyio update

[mergify]

update

❌ Mergify doesn't have permission to update

For security reasons, Mergify can't update this pull request. Try updating locally.
GitHub response: refusing to allow a GitHub App to create or update workflow .github/workflows/github-merit-badger.yml without workflows permission

[mazyu36]

@Mergifyio refresh

[mergify]

refresh

✅ Pull request refreshed

[mazyu36]

@Mergifyio requeue

[mergify]

requeue

❌ Command disallowed due to command restrictions in the Mergify configuration.

• sender-permission>=write

[mazyu36]

@Mergifyio update

[mergify]

update

✅ Branch has been successfully updated

[mazyu36]

@Mergifyio refresh

[mergify]

refresh

✅ Pull request refreshed

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 7da04b1
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.