From d82fe4dc8f4df69b6e8da6a6d1af94e44cfb6069 Mon Sep 17 00:00:00 2001
From: Sascha Janssen <sascha.rodekamp@gmail.com>
Date: Wed, 19 Jun 2024 00:11:30 +0200
Subject: [PATCH] =?UTF-8?q?fix(globalaccelerator-endpoints):=20add=20prese?=
 =?UTF-8?q?rveClientIp=20option=20for=20net=E2=80=A6=20(#30346)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

…work loadbalancer

### Issue # (if applicable)

### Reason for this change

preserveClientIp was missing for GlobalAccelerator Endpoints when using a network loadbalancer.

### Description of changes

* add missing network load balancer endpoint prop.

### Description of how you validated changes

Added unit tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
---
 .../integ-globalaccelerator.template.json          | 12 ++++++++++++
 .../test/integ.globalaccelerator.ts                |  2 ++
 .../aws-globalaccelerator-endpoints/lib/nlb.ts     | 14 ++++++++++++++
 .../test/endpoints.test.ts                         |  2 ++
 .../aws-cdk-lib/aws-globalaccelerator/README.md    |  1 +
 5 files changed, 31 insertions(+)

diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.js.snapshot/integ-globalaccelerator.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.js.snapshot/integ-globalaccelerator.template.json
index 353a75f0ef52b..1e0e4a30e936f 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.js.snapshot/integ-globalaccelerator.template.json
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.js.snapshot/integ-globalaccelerator.template.json
@@ -691,6 +691,18 @@
       }
      },
      {
+      "ClientIPPreservationEnabled": true,
+      "EndpointId": {
+       "Ref": "ALBAEE750D2"
+      }
+     },
+     {
+      "EndpointId": {
+       "Ref": "NLB55158F82"
+      }
+     },
+     {
+      "ClientIPPreservationEnabled": true,
       "EndpointId": {
        "Ref": "NLB55158F82"
       }
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.ts
index 39a808fcdcf84..8a5aadbc397d0 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.ts
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.ts
@@ -38,7 +38,9 @@ class GaStack extends Stack {
       listener,
       endpoints: [
         new endpoints.ApplicationLoadBalancerEndpoint(alb),
+        new endpoints.ApplicationLoadBalancerEndpoint(alb, { preserveClientIp: true }),
         new endpoints.NetworkLoadBalancerEndpoint(nlb),
+        new endpoints.NetworkLoadBalancerEndpoint(nlb, { preserveClientIp: true }),
         new endpoints.CfnEipEndpoint(eip),
         new endpoints.InstanceEndpoint(instances[0]),
         new endpoints.InstanceEndpoint(instances[1]),
diff --git a/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/lib/nlb.ts b/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/lib/nlb.ts
index a4c6b59328ffb..91c65112310be 100644
--- a/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/lib/nlb.ts
+++ b/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/lib/nlb.ts
@@ -14,6 +14,19 @@ export interface NetworkLoadBalancerEndpointProps {
    * @default 128
    */
   readonly weight?: number;
+
+  /**
+   * Forward the client IP address in an `X-Forwarded-For` header
+   *
+   * GlobalAccelerator will create Network Interfaces in your VPC in order
+   * to preserve the client IP address.
+   *
+   * Client IP address preservation is supported only in specific AWS Regions.
+   * See the GlobalAccelerator Developer Guide for a list.
+   *
+   * @default false
+   */
+  readonly preserveClientIp?: boolean;
 }
 
 /**
@@ -31,6 +44,7 @@ export class NetworkLoadBalancerEndpoint implements ga.IEndpoint {
     return {
       endpointId: this.loadBalancer.loadBalancerArn,
       weight: this.options.weight,
+      clientIpPreservationEnabled: this.options.preserveClientIp,
     } as ga.CfnEndpointGroup.EndpointConfigurationProperty;
   }
 }
\ No newline at end of file
diff --git a/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/test/endpoints.test.ts b/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/test/endpoints.test.ts
index d1c65e531b17c..9c29d02dfd2d7 100644
--- a/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/test/endpoints.test.ts
+++ b/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/test/endpoints.test.ts
@@ -74,6 +74,7 @@ test('Network Load Balancer with all properties', () => {
     endpoints: [
       new endpoints.NetworkLoadBalancerEndpoint(nlb, {
         weight: 50,
+        preserveClientIp: true,
       }),
     ],
   });
@@ -84,6 +85,7 @@ test('Network Load Balancer with all properties', () => {
       {
         EndpointId: { Ref: 'NLB55158F82' },
         Weight: 50,
+        ClientIPPreservationEnabled: true,
       },
     ],
   });
diff --git a/packages/aws-cdk-lib/aws-globalaccelerator/README.md b/packages/aws-cdk-lib/aws-globalaccelerator/README.md
index 8630620939dea..fca5f4faf68dc 100644
--- a/packages/aws-cdk-lib/aws-globalaccelerator/README.md
+++ b/packages/aws-cdk-lib/aws-globalaccelerator/README.md
@@ -116,6 +116,7 @@ listener.addEndpointGroup('Group', {
   endpoints: [
     new ga_endpoints.NetworkLoadBalancerEndpoint(nlb, {
       weight: 128,
+      preserveClientIp: true, 
     }),
   ],
 });