From e85316e80323001d29ad2ec1ebbc949598104375 Mon Sep 17 00:00:00 2001
From: Sascha <rodekamp@amazon.de>
Date: Wed, 12 Jun 2024 13:16:54 +0200
Subject: [PATCH] fix(globalaccelerator-endpoints): add preserveClientIp option
 for network loadbalancer

### Issue # (if applicable)

### Reason for this change

preserveClientIp was missing for GlobalAccelerator Endpoints when using a network loadbalancer.

### Description of changes

* add missing network load balancer endpoint prop.

### Description of how you validated changes

Added integration tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](/~https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](/~https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 .../integ-globalaccelerator.template.json          | 12 ++++++++++++
 .../test/integ.globalaccelerator.ts                |  2 ++
 .../aws-globalaccelerator-endpoints/lib/nlb.ts     | 14 ++++++++++++++
 .../test/endpoints.test.ts                         |  2 ++
 .../aws-cdk-lib/aws-globalaccelerator/README.md    |  1 +
 5 files changed, 31 insertions(+)

diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.js.snapshot/integ-globalaccelerator.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.js.snapshot/integ-globalaccelerator.template.json
index 97e0224584be7..7ada1c18b5611 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.js.snapshot/integ-globalaccelerator.template.json
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.js.snapshot/integ-globalaccelerator.template.json
@@ -691,6 +691,18 @@
       }
      },
      {
+      "ClientIPPreservationEnabled": true,
+      "EndpointId": {
+       "Ref": "ALBAEE750D2"
+      }
+     },
+     {
+      "EndpointId": {
+       "Ref": "NLB55158F82"
+      }
+     },
+     {
+      "ClientIPPreservationEnabled": true,
       "EndpointId": {
        "Ref": "NLB55158F82"
       }
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.ts
index 39a808fcdcf84..8a5aadbc397d0 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.ts
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.ts
@@ -38,7 +38,9 @@ class GaStack extends Stack {
       listener,
       endpoints: [
         new endpoints.ApplicationLoadBalancerEndpoint(alb),
+        new endpoints.ApplicationLoadBalancerEndpoint(alb, { preserveClientIp: true }),
         new endpoints.NetworkLoadBalancerEndpoint(nlb),
+        new endpoints.NetworkLoadBalancerEndpoint(nlb, { preserveClientIp: true }),
         new endpoints.CfnEipEndpoint(eip),
         new endpoints.InstanceEndpoint(instances[0]),
         new endpoints.InstanceEndpoint(instances[1]),
diff --git a/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/lib/nlb.ts b/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/lib/nlb.ts
index a4c6b59328ffb..cc295bdbbbe98 100644
--- a/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/lib/nlb.ts
+++ b/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/lib/nlb.ts
@@ -14,6 +14,19 @@ export interface NetworkLoadBalancerEndpointProps {
    * @default 128
    */
   readonly weight?: number;
+
+  /**
+   * Forward the client IP address in an `X-Forwarded-For` header
+   *
+   * GlobalAccelerator will create Network Interfaces in your VPC in order
+   * to preserve the client IP address.
+   *
+   * Client IP address preservation is supported only in specific AWS Regions.
+   * See the GlobalAccelerator Developer Guide for a list.
+   *
+   * @default true if available
+   */
+  readonly preserveClientIp?: boolean;
 }
 
 /**
@@ -31,6 +44,7 @@ export class NetworkLoadBalancerEndpoint implements ga.IEndpoint {
     return {
       endpointId: this.loadBalancer.loadBalancerArn,
       weight: this.options.weight,
+      clientIpPreservationEnabled: this.options.preserveClientIp,
     } as ga.CfnEndpointGroup.EndpointConfigurationProperty;
   }
 }
\ No newline at end of file
diff --git a/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/test/endpoints.test.ts b/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/test/endpoints.test.ts
index d1c65e531b17c..9c29d02dfd2d7 100644
--- a/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/test/endpoints.test.ts
+++ b/packages/aws-cdk-lib/aws-globalaccelerator-endpoints/test/endpoints.test.ts
@@ -74,6 +74,7 @@ test('Network Load Balancer with all properties', () => {
     endpoints: [
       new endpoints.NetworkLoadBalancerEndpoint(nlb, {
         weight: 50,
+        preserveClientIp: true,
       }),
     ],
   });
@@ -84,6 +85,7 @@ test('Network Load Balancer with all properties', () => {
       {
         EndpointId: { Ref: 'NLB55158F82' },
         Weight: 50,
+        ClientIPPreservationEnabled: true,
       },
     ],
   });
diff --git a/packages/aws-cdk-lib/aws-globalaccelerator/README.md b/packages/aws-cdk-lib/aws-globalaccelerator/README.md
index 8630620939dea..fca5f4faf68dc 100644
--- a/packages/aws-cdk-lib/aws-globalaccelerator/README.md
+++ b/packages/aws-cdk-lib/aws-globalaccelerator/README.md
@@ -116,6 +116,7 @@ listener.addEndpointGroup('Group', {
   endpoints: [
     new ga_endpoints.NetworkLoadBalancerEndpoint(nlb, {
       weight: 128,
+      preserveClientIp: true, 
     }),
   ],
 });