formatting and tests

lib/bastion-host-forward.ts

@@ -11,7 +11,7 @@
    limitations under the License.
 */
 
-import { Fn} from 'aws-cdk-lib';
+import { Fn } from 'aws-cdk-lib';
 import {
   AmazonLinuxCpuType,
   AmazonLinuxGeneration,

test/generic-bastion-host-forward.test.ts

@@ -37,7 +37,7 @@ test('Bastion Host created for normal access', () => {
   template.hasResourceProperties('AWS::EC2::Instance', {
     UserData: {
       'Fn::Base64':
-        'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n  bind 0.0.0.0:6379\n  timeout connect 10s\n  timeout client 20m\n  timeout server 50m\n  mode tcp\n  server service 127.0.0.1:6379\n" > /etc/haproxy/haproxy.cfg\nservice haproxy restart\n--//',
+        'Content-Type: multipart/mixed; boundary="//"\nMIME-Version: 1.0\n--//\nContent-Type: text/cloud-config; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="cloud-config.txt"\n#cloud-config\ncloud_final_modules:\n- [scripts-user, always]\n--//\nContent-Type: text/x-shellscript; charset="us-ascii"\nMIME-Version: 1.0\nContent-Transfer-Encoding: 7bit\nContent-Disposition: attachment; filename="userdata.txt"\n#!/bin/bash\nmount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm\nyum install -y haproxy\necho "listen database\n  bind 0.0.0.0:6379\n  timeout connect 10s\n  timeout client 20m\n  timeout server 50m\n  mode tcp\n  server service 127.0.0.1:6379\n" > /etc/haproxy/haproxy.cfg\nservice haproxy restart\n--//',
     },
     Tags: [
       {
@@ -72,3 +72,23 @@ test('Bastion Host with own securityGroup', () => {
   assert.equal(securityGroup.securityGroupId, bastionHostSecurityGroup.securityGroupId);
   assert.equal(securityGroup.allowAllOutbound, bastionHostSecurityGroup.allowAllOutbound);
 });
+
+test('Bastion Host has encrypted EBS', () => {
+  const app = new App();
+  const stack = new Stack(app, 'TestStack');
+  const testVpc = new Vpc(stack, 'TestVpc');
+
+  // WHEN
+  new GenericBastionHostForward(stack, 'MyTestConstruct', {
+    vpc: testVpc,
+    address: '127.0.0.1',
+    port: '6379',
+  });
+
+  const template = Template.fromStack(stack);
+
+  // THEN
+  template.hasResourceProperties('AWS::EC2::Volume', {
+    Encrypted: true,
+  });
+});

tsconfig.json

@@ -7,9 +7,7 @@
     "declaration": true,
     "experimentalDecorators": true,
     "incremental": true,
-    "lib": [
-      "es2020"
-    ],
+    "lib": ["es2020"],
     "module": "CommonJS",
     "noEmitOnError": true,
     "noFallthroughCasesInSwitch": true,
@@ -28,12 +26,7 @@
     "composite": false,
     "tsBuildInfoFile": "tsconfig.tsbuildinfo"
   },
-  "include": [
-    "**/*.ts"
-  ],
-  "exclude": [
-    "node_modules",
-    ".types-compat"
-  ],
+  "include": ["**/*.ts"],
+  "exclude": ["node_modules", ".types-compat"],
   "_generated_by_jsii_": "Generated by jsii - safe to delete, and ideally should be in .gitignore"
-}
+}