chore!: remove GuPublicInternetAccessSecurityGroup (#548)

BREAKING CHANGE: `GuPublicInternetAccessSecurityGroup` has been removed, as AWS automatically creates a security group which is almost identical to this by default when creating an Application Load Balancer. If you previously created an instance of `GuPublicInternetAccessSecurityGroup` and you need to retain the same custom security group, pass the appropriate ingresses and description to `GuSecurityGroup` instead of using the `GuPublicInternetAccessSecurityGroup` helper.
guardian · May 19, 2021 · ab6301d · ab6301d
1 parent 9c68b13
commit ab6301d
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 42 deletions.
diff --git a/src/constructs/ec2/security-groups/base.test.ts b/src/constructs/ec2/security-groups/base.test.ts
@@ -3,7 +3,7 @@ import "../../../utils/test/jest";
 import { Peer, Port, Vpc } from "@aws-cdk/aws-ec2";
 import { Stack } from "@aws-cdk/core";
 import { simpleGuStackForTesting } from "../../../utils/test";
-import { GuHttpsEgressSecurityGroup, GuPublicInternetAccessSecurityGroup, GuSecurityGroup } from "./base";
+import { GuHttpsEgressSecurityGroup, GuSecurityGroup } from "./base";
 
 describe("The GuSecurityGroup class", () => {
   const vpc = Vpc.fromVpcAttributes(new Stack(), "VPC", {
@@ -104,36 +104,6 @@ describe("The GuSecurityGroup class", () => {
   });
 });
 
-describe("The GuPublicInternetAccessSecurityGroup class", () => {
-  const vpc = Vpc.fromVpcAttributes(new Stack(), "VPC", {
-    vpcId: "test",
-    availabilityZones: [""],
-    publicSubnetIds: [""],
-  });
-
-  it("adds global access on 443 by default", () => {
-    const stack = simpleGuStackForTesting();
-
-    new GuPublicInternetAccessSecurityGroup(stack, "InternetAccessGroup", {
-      vpc,
-      app: "testing",
-    });
-
-    expect(stack).toHaveResource("AWS::EC2::SecurityGroup", {
-      GroupDescription: "Allow all inbound traffic via HTTPS",
-      SecurityGroupIngress: [
-        {
-          CidrIp: "0.0.0.0/0",
-          Description: "Allow all inbound traffic via HTTPS",
-          FromPort: 443,
-          IpProtocol: "tcp",
-          ToPort: 443,
-        },
-      ],
-    });
-  });
-});
-
 describe("The GuHttpsEgressSecurityGroup class", () => {
   const vpc = Vpc.fromVpcAttributes(new Stack(), "VPC", {
     vpcId: "test",

diff --git a/src/constructs/ec2/security-groups/base.ts b/src/constructs/ec2/security-groups/base.ts
@@ -75,17 +75,6 @@ export class GuSecurityGroup extends GuBaseSecurityGroup {
   }
 }
 
-// TODO should this be a singleton?
-export class GuPublicInternetAccessSecurityGroup extends GuSecurityGroup {
-  constructor(scope: GuStack, id: string, props: GuSecurityGroupProps) {
-    super(scope, id, {
-      ...props,
-      ingresses: [{ range: Peer.anyIpv4(), port: 443, description: "Allow all inbound traffic via HTTPS" }],
-      description: "Allow all inbound traffic via HTTPS",
-    });
-  }
-}
-
 /**
  * Creates a security group which allows all outbound HTTPS traffic.
  */