aws-ec2: Support Cross-Region VPC Private Links

[The-Zona-Zoo]

Describe the feature

Support cross-region VPC Private Link connectivity as outlined in: https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-cross-region-connectivity-for-aws-privatelink/

Use Case

Currently, the only way I am aware of to use this newly announced feature is by manually setting up or modifying resources in the console.

Proposed Solution

This would likely require 2 changes:

1. When creating a VPC Endpoint Service, allow specifying supported regions, perhaps always including the endpoint service region by default:

new VpcEndpointService(scope, 'id', {
   ...otherProperties,
   supportedRegions: ['us-east-1', 'us-west-2', ...] // perhaps the service region should always be added even if it's not specified
});

2. When creating an Interface VPC Endpoint, allow specifying which region the endpoint service exists in:

new InterfaceVpcEndpoint(scope, 'id', {
   ...otherProperties,
   service: {
      ...otherServiceProperties,
      region: 'us-east-1' // defaults to the endpoint region if not specified (current behavior)
   }
});

Other Information

This request will almost certainly be blocked until CloudFormation support is added. I have submitted a related issue to the cloud formation roadmap.

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

latest

Environment details (OS name and version, etc.)

n/a

[khushail]

@The-Zona-Zoo thanks for submitting this feature request and filing issue with Cloudformation as well.

[dannysj]

Do we know when will this feature request be implemented?

[khushail]

@dannysj , since this feature depends on Cloudformation support, not really sure how much will it take from their side. Once the L1 construct is available, support can be provided from CDK side, speculating contribution from Community or team. So there is no ETA as of now.