AWS::Route53Resolver::ResolverEndpoint GetAtt for resolver ip-addresses

[markymarkus]

Title -> AWS::Route53Resolver::ResolverEndpoint GetAtt for resolver ip-addresses
Scope of request -> Make the ip-addresses available via GetAtt on AWS::Route53Resolver::ResolverEndpoint resource.
Expected behavior -> !GetAtt InboundResolver.IpAddress
Test case recommendation (optional) ->
Links to existing API doc (optional) ->
Category tag (optional) -> Networking & Content
Any additional context (optional)

Please add a new attribute to ResolverEndpoint for ip-addresses. When resolver endpoint is created to subnets, resolver selects available ip-address from a subnet. There is no way to get those selected ip-address from a resolver. At least for INBOUND endpoint it would be really helpful to get ip-addresses via GetAtt.

[PatMyron]

#68 (comment)

[chrisdag]

Bump. When creating inbound endpoints it would be nice to be able to get back the assigned IPs so they can be exported or used to update an SSM Parameter Store value

[acesir]

Any update on this? Given the rule associated with outbound endpoints requires target IP address it makes it impossible to chain creation of inbound/outbound/rule combination with CloudFormation.

[Izaya-San]

Same issue for DnsServers property of AWS::EC2::ClientVpnEndpoint resource. Resolver Inbound IP Addresses can't be extracted from AWS::Route53Resolver::ResolverEndpoint.

[gtskaushik]

We have a usecase to create Inbound & outbound resolvers and then create the Rules. Since we are not able to get the ip-addresses, we cannot wire the whole flow in CDK

[gtskaushik]

Is there any workaround to get the ip-address?

[gtskaushik]

Used this workaround to solve this via AwsCustomResource

const privateSubnets = vpc
      .selectSubnets({ subnetType: SubnetType.PRIVATE_WITH_EGRESS })
      .subnetIds.map((subnetIdStr) => ({ subnetId: subnetIdStr }));
    const inboundResolver = new route53resolver.CfnResolverEndpoint(
      this,
      "inboundResolver",
      {
        direction: "INBOUND",
        name: `${route53ResolverName}-inbound`,
        ipAddresses: privateSubnets,
        resolverEndpointType: "IPV4",
        securityGroupIds: [inboundResolverSecurityGroup.securityGroupId],
      }
    );
    const inboundIpAddresses = this.getIpAddressesFromResolver(
      inboundResolver,
      "GetInboundResolverIpAddress",
      privateSubnets.length
    );

private getIpAddressesFromResolver(
    resolver: route53resolver.CfnResolverEndpoint,
    id: string,
    ipsCount: number
  ) {
    let ipAddresses: string[] = [];
    const ipAddressesRes = new AwsCustomResource(this, id, {
      onUpdate: {
        service: "Route53Resolver",
        action: "listResolverEndpointIpAddresses",
        parameters: {
          ResolverEndpointId: resolver.attrResolverEndpointId,
        },
        physicalResourceId: PhysicalResourceId.of(Date.now().toString()),
      },
      policy: AwsCustomResourcePolicy.fromSdkCalls({
        resources: AwsCustomResourcePolicy.ANY_RESOURCE,
      }),
    });
    for (let i = 0; i < ipsCount; i++) {
      ipAddresses.push(
        ipAddressesRes
          .getResponseFieldReference(`IpAddresses.${i}.Ip`)
          .toString()
      );
    }

    return ipAddresses.join(",");
  }