feat: aws IP Ranges in routing

src/index.ts

@@ -1,4 +1,3 @@
-/* eslint @typescript-eslint/no-require-imports: "off" */
 import * as fs from 'fs';
 import * as path from 'path';
 import { Resource, RemovalPolicy, Duration, Tags, Annotations } from 'aws-cdk-lib';
@@ -89,6 +88,12 @@ export interface RouteProps {
    * @default - false
    */
   readonly excludeIPv6?: boolean;
+
+  /** mandatory for AWS regions */
+  readonly awsProps?:{
+    awsRegion:string;
+    awsService:string;
+  };
 }
 
 /**
@@ -287,6 +292,37 @@ export class SimpleNAT extends Resource {
     return this;
   }
 
+  /**
+   * Add AWS to route table
+   */
+  public withAwsRoutes(props?: RouteProps): SimpleNAT {
+    const awsMeta = fetch('https://ip-ranges.amazonaws.com/ip-ranges.json').json();
+    const excludeIPv6 = props?.excludeIPv6 ?? false;
+    const ipv4fliteredPrefixList = awsMeta.prefixes.filter((value: { region: string | undefined; service: string | undefined })=>{
+      if (props?.awsProps?.awsRegion==value.region&&
+        props?.awsProps?.awsService==value.service) {return true;} else { return false;}
+    });
+    for (const cidr of ipv4fliteredPrefixList) {
+      for (const [routeId, subnets] of this._routeMappingSubnets) {
+        if (cidr.ip_prefix) {this._configureSubnet(routeId, subnets, cidr.ip_prefix);}
+      }
+    }
+    if (!excludeIPv6) {
+      const ipv6fliteredPrefixList = awsMeta.ipv6_prefixes.filter((value: { region: string | undefined; service: string | undefined })=>{
+        if (props?.awsProps?.awsRegion==value.region&&
+        props?.awsProps?.awsService==value.service) {return true;} else { return false;}
+      });
+
+      for (const cidr of ipv6fliteredPrefixList) {
+        for (const [routeId, subnets] of this._routeMappingSubnets) {
+          if (cidr.ipv6_prefix) {this._configureSubnet(routeId, subnets, undefined, cidr.ipv6_prefix);}
+          //if (cidr.ipv6Prefix && !excludeIPv6) {this._configureSubnet(routeId, subnets, undefined, cidr.ipv6Prefix);}
+        }
+      }
+    }
+    return this;
+  }
+
   /**
    * Add Cloudflare IPs to route table
    *

test/snat.test.ts

@@ -270,6 +270,53 @@ describe('Simple NAT construct', () => {
     })).toStrictEqual({});
   });
 
+
+  test('create NAT instances for aws routes excluding IPv6 address', () => {
+
+    const stack = new Stack();
+    const vpc = new Vpc(stack, 'VPC-2');
+
+    new SimpleNAT(stack, 'nat', {
+      vpc,
+    }).withAwsRoutes({
+      excludeIPv6: true,
+      awsProps: {
+        awsRegion: 'ap-south-1',
+        awsService: 'AMAZON',
+      },
+    });
+
+    const awsMeta: {
+      syncToken: string;
+      createDate: string;
+      prefixes: [
+        {
+          ip_prefix:string;
+          region:string;
+          service:string;
+          network_border_group:string;
+        }
+      ];
+      ipv6_prefixes: [
+        {
+          ipv6_prefix:string;
+          region:string;
+          service:string;
+          network_border_group:string;
+        }
+      ];
+
+    } = fetch('https://ip-ranges.amazonaws.com/ip-ranges.json').json();
+    const ipV6 = awsMeta.ipv6_prefixes.filter(prefix => prefix.ipv6_prefix );
+    expect(ipV6.length).toBeGreaterThan(0);
+
+    expect(Template.fromStack(stack).findResources('AWS::EC2::Route', {
+      Properties: {
+        DestinationIpv6CidrBlock: Match.anyValue(),
+      },
+    })).toStrictEqual({});
+  });
+
   test('create NAT instances for cloudflare routes', () => {
 
     const stack = new Stack();