recreated from #16652

packages/@aws-cdk/aws-eks/.npmignore

@@ -25,4 +25,7 @@ tsconfig.json
 junit.xml
 test/
 !*.lit.ts
-jest.config.js
+jest.config.js
+
+# Don't include lambda node_modules. These are installed at build time.
+lib/cluster-resource-handler/node_modules

packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts

@@ -1,5 +1,6 @@
 /* eslint-disable no-console */
 
+// eslint-disable-next-line import/no-extraneous-dependencies
 import { IsCompleteResponse, OnEventResponse } from '@aws-cdk/custom-resources/lib/provider-framework/types';
 // eslint-disable-next-line import/no-extraneous-dependencies
 import * as aws from 'aws-sdk';
@@ -23,7 +24,7 @@ export class ClusterResourceHandler extends ResourceHandler {
     super(eks, event);
 
     this.newProps = parseProps(this.event.ResourceProperties);
-    this.oldProps = event.RequestType === 'Update' ? parseProps(event.OldResourceProperties) : { };
+    this.oldProps = event.RequestType === 'Update' ? parseProps(event.OldResourceProperties) : {};
   }
 
   // ------
@@ -271,16 +272,16 @@ export class ClusterResourceHandler extends ResourceHandler {
 
 function parseProps(props: any): aws.EKS.CreateClusterRequest {
 
-  const parsed = props?.Config ?? { };
+  const parsed = props?.Config ?? {};
 
   // this is weird but these boolean properties are passed by CFN as a string, and we need them to be booleanic for the SDK.
   // Otherwise it fails with 'Unexpected Parameter: params.resourcesVpcConfig.endpointPrivateAccess is expected to be a boolean'
 
-  if (typeof(parsed.resourcesVpcConfig?.endpointPrivateAccess) === 'string') {
+  if (typeof (parsed.resourcesVpcConfig?.endpointPrivateAccess) === 'string') {
     parsed.resourcesVpcConfig.endpointPrivateAccess = parsed.resourcesVpcConfig.endpointPrivateAccess === 'true';
   }
 
-  if (typeof(parsed.resourcesVpcConfig?.endpointPublicAccess) === 'string') {
+  if (typeof (parsed.resourcesVpcConfig?.endpointPublicAccess) === 'string') {
     parsed.resourcesVpcConfig.endpointPublicAccess = parsed.resourcesVpcConfig.endpointPublicAccess === 'true';
   }
 
@@ -303,13 +304,13 @@ function analyzeUpdate(oldProps: Partial<aws.EKS.CreateClusterRequest>, newProps
   console.log('old props: ', JSON.stringify(oldProps));
   console.log('new props: ', JSON.stringify(newProps));
 
-  const newVpcProps = newProps.resourcesVpcConfig || { };
-  const oldVpcProps = oldProps.resourcesVpcConfig || { };
+  const newVpcProps = newProps.resourcesVpcConfig || {};
+  const oldVpcProps = oldProps.resourcesVpcConfig || {};
 
   const oldPublicAccessCidrs = new Set(oldVpcProps.publicAccessCidrs ?? []);
   const newPublicAccessCidrs = new Set(newVpcProps.publicAccessCidrs ?? []);
-  const newEnc = newProps.encryptionConfig || { };
-  const oldEnc = oldProps.encryptionConfig || { };
+  const newEnc = newProps.encryptionConfig || {};
+  const oldEnc = oldProps.encryptionConfig || {};
 
   return {
     replaceName: newProps.name !== oldProps.name,
@@ -329,4 +330,4 @@ function analyzeUpdate(oldProps: Partial<aws.EKS.CreateClusterRequest>, newProps
 
 function setsEqual(first: Set<string>, second: Set<string>) {
   return first.size === second.size || [...first].every((e: string) => second.has(e));
-}
+}

packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/common.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line import/no-extraneous-dependencies
 import { IsCompleteResponse, OnEventResponse } from '@aws-cdk/custom-resources/lib/provider-framework/types';
 
 // eslint-disable-next-line import/no-extraneous-dependencies
@@ -37,6 +38,16 @@ export abstract class ResourceHandler {
       RoleArn: roleToAssume,
       RoleSessionName: `AWSCDK.EKSCluster.${this.requestType}.${this.requestId}`,
     });
+
+    const proxyAddress = this.httpProxyFromEnvironment();
+    if (proxyAddress) {
+      this.log(`Using proxy server: ${proxyAddress}`);
+      // eslint-disable-next-line @typescript-eslint/no-require-imports, import/no-extraneous-dependencies
+      const HttpProxyAgent: any = require('http-proxy-agent');
+      aws.config.update({
+        httpOptions: { agent: new HttpProxyAgent(proxyAddress) },
+      });
+    }
   }
 
   public onEvent() {
@@ -64,6 +75,16 @@ export abstract class ResourceHandler {
     console.log(JSON.stringify(x, undefined, 2));
   }
 
+  private httpProxyFromEnvironment(): string | undefined {
+    if (process.env.http_proxy) {
+      return process.env.http_proxy;
+    }
+    if (process.env.HTTP_PROXY) {
+      return process.env.HTTP_PROXY;
+    }
+    return undefined;
+  }
+
   protected abstract async onCreate(): Promise<OnEventResponse>;
   protected abstract async onDelete(): Promise<OnEventResponse | void>;
   protected abstract async onUpdate(): Promise<(OnEventResponse & EksUpdateId) | void>;

packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/index.ts

@@ -1,5 +1,5 @@
 /* eslint-disable no-console */
-
+// eslint-disable-next-line import/no-extraneous-dependencies
 import { IsCompleteResponse } from '@aws-cdk/custom-resources/lib/provider-framework/types';
 // eslint-disable-next-line import/no-extraneous-dependencies
 import * as aws from 'aws-sdk';
@@ -57,4 +57,4 @@ function createResourceHandler(event: AWSLambda.CloudFormationCustomResourceEven
     default:
       throw new Error(`Unsupported resource type "${event.ResourceType}`);
   }
-}
+}

packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/package.json

@@ -0,0 +1,10 @@
+{
+  "name": "cluster-resource-handler",
+  "private": true,
+  "version": "1.0.0",
+  "main": "index.js",
+  "license": "Apache-2.0",
+  "devDependencies": {
+    "http-proxy-agent": "5.0.0"
+  }
+}

packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/yarn.lock

@@ -0,0 +1,36 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+"@tootallnate/once@2":
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/@tootallnate/once/-/once-2.0.0.tgz#f544a148d3ab35801c1f633a7441fd87c2e484bf"
+  integrity sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A==
+
+agent-base@6:
+  version "6.0.2"
+  resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-6.0.2.tgz#49fff58577cfee3f37176feab4c22e00f86d7f77"
+  integrity sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==
+  dependencies:
+    debug "4"
+
+debug@4:
+  version "4.3.2"
+  resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.2.tgz#f0a49c18ac8779e31d4a0c6029dfb76873c7428b"
+  integrity sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw==
+  dependencies:
+    ms "2.1.2"
+
+[email protected]:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/http-proxy-agent/-/http-proxy-agent-5.0.0.tgz#5129800203520d434f142bc78ff3c170800f2b43"
+  integrity sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w==
+  dependencies:
+    "@tootallnate/once" "2"
+    agent-base "6"
+    debug "4"
+
+[email protected]:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"
+  integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==

packages/@aws-cdk/aws-eks/lib/cluster-resource-provider.ts

@@ -2,6 +2,7 @@ import * as path from 'path';
 import * as ec2 from '@aws-cdk/aws-ec2';
 import * as iam from '@aws-cdk/aws-iam';
 import * as lambda from '@aws-cdk/aws-lambda';
+import { NodejsFunction } from '@aws-cdk/aws-lambda-nodejs';
 import { Duration, NestedStack, Stack } from '@aws-cdk/core';
 import * as cr from '@aws-cdk/custom-resources';
 import { Construct } from 'constructs';
@@ -58,12 +59,17 @@ export class ClusterResourceProvider extends NestedStack {
   private constructor(scope: Construct, id: string, props: ClusterResourceProviderProps) {
     super(scope as CoreConstruct, id);
 
-    const onEvent = new lambda.Function(this, 'OnEventHandler', {
-      code: lambda.Code.fromAsset(HANDLER_DIR),
+    // Using NodejsFunction so that NPM dependencies (http-proxy-agent) are installed at synth time.
+    const onEvent = new NodejsFunction(this, 'OnEventHandler', {
+      entry: path.join(HANDLER_DIR, 'index.ts'),
+      bundling: {
+        nodeModules: ['http-proxy-agent'],
+        externalModules: ['aws-sdk'],
+      },
       description: 'onEvent handler for EKS cluster resource provider',
       runtime: HANDLER_RUNTIME,
       environment: props.environment,
-      handler: 'index.onEvent',
+      handler: 'onEvent',
       timeout: Duration.minutes(1),
       vpc: props.subnets ? props.vpc : undefined,
       vpcSubnets: props.subnets ? { subnets: props.subnets } : undefined,
@@ -96,4 +102,4 @@ export class ClusterResourceProvider extends NestedStack {
    * The custom resource service token for this provider.
    */
   public get serviceToken() { return this.provider.serviceToken; }
-}
+}

packages/@aws-cdk/aws-eks/package.json

@@ -80,6 +80,7 @@
     "cdk-build-tools": "0.0.0",
     "cdk-integ-tools": "0.0.0",
     "cfn2ts": "0.0.0",
+    "esbuild": "0.13.2",
     "jest": "^26.6.3",
     "pkglint": "0.0.0",
     "sinon": "^9.2.4",
@@ -93,6 +94,7 @@
     "@aws-cdk/aws-iam": "0.0.0",
     "@aws-cdk/aws-kms": "0.0.0",
     "@aws-cdk/aws-lambda": "0.0.0",
+    "@aws-cdk/aws-lambda-nodejs": "0.0.0",
     "@aws-cdk/aws-ssm": "0.0.0",
     "@aws-cdk/core": "0.0.0",
     "@aws-cdk/custom-resources": "0.0.0",
@@ -111,6 +113,7 @@
     "@aws-cdk/aws-iam": "0.0.0",
     "@aws-cdk/aws-kms": "0.0.0",
     "@aws-cdk/aws-lambda": "0.0.0",
+    "@aws-cdk/aws-lambda-nodejs": "0.0.0",
     "@aws-cdk/aws-ssm": "0.0.0",
     "@aws-cdk/core": "0.0.0",
     "@aws-cdk/custom-resources": "0.0.0",

packages/@aws-cdk/aws-eks/test/cluster.test.ts

@@ -35,7 +35,12 @@ describe('cluster', () => {
     const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.ClusterResourceProvider') as cdk.NestedStack;
 
     const template = SynthUtils.toCloudFormation(nested);
-    expect(template.Resources.OnEventHandler42BEBAE0.Properties.Environment).toEqual({ Variables: { foo: 'bar' } });
+    expect(template.Resources.OnEventHandler42BEBAE0.Properties.Environment).toEqual({
+      Variables: {
+        AWS_NODEJS_CONNECTION_REUSE_ENABLED: '1',
+        foo: 'bar',
+      },
+    });
 
 
   });
@@ -651,7 +656,7 @@ describe('cluster', () => {
     const { stack } = testFixtureNoVpc();
 
     // WHEN
-    new eks.Cluster(stack, 'cluster', { version: CLUSTER_VERSION, prune: false }) ;
+    new eks.Cluster(stack, 'cluster', { version: CLUSTER_VERSION, prune: false });
 
     // THEN
     expect(stack).toHaveResource('AWS::EC2::VPC');
@@ -2469,7 +2474,7 @@ describe('cluster', () => {
         version: CLUSTER_VERSION,
         prune: false,
         endpointAccess:
-        eks.EndpointAccess.PRIVATE,
+          eks.EndpointAccess.PRIVATE,
         vpcSubnets: [{
           subnets: [ec2.PrivateSubnet.fromSubnetAttributes(stack, 'Private1', {
             subnetId: 'subnet1',
@@ -2568,14 +2573,14 @@ describe('cluster', () => {
       const subnetConfiguration: ec2.SubnetConfiguration[] = [];
 
       for (let i = 0; i < 20; i++) {
-        subnetConfiguration.push( {
+        subnetConfiguration.push({
           subnetType: ec2.SubnetType.PRIVATE,
           name: `Private${i}`,
         },
         );
       }
 
-      subnetConfiguration.push( {
+      subnetConfiguration.push({
         subnetType: ec2.SubnetType.PUBLIC,
         name: 'Public1',
       });
@@ -2619,14 +2624,14 @@ describe('cluster', () => {
       const subnetConfiguration: ec2.SubnetConfiguration[] = [];
 
       for (let i = 0; i < 20; i++) {
-        subnetConfiguration.push( {
+        subnetConfiguration.push({
           subnetType: ec2.SubnetType.PRIVATE,
           name: `Private${i}`,
         },
         );
       }
 
-      subnetConfiguration.push( {
+      subnetConfiguration.push({
         subnetType: ec2.SubnetType.PUBLIC,
         name: 'Public1',
       });