ec2: support `PrefixList.fromLookup()`

[Tietew]

Describe the feature

AWS-managed prefix lists are listed in AWS documentation.
https://docs.aws.amazon.com/vpc/latest/userguide/working-with-aws-managed-prefix-lists.html

But PrefixListId differ per region and account.
We should copy&paste id from AWS console or CLI output.

Use Case

For example, this is useful that an ALB needs to allow HTTP(S) connections from CloudFront only.

const plCloudFront = ec2.PrefixList.fromLookup(this, 'CloudFrontPrefixList', {
  prefixListName: 'com.amazonaws.global.cloudfront.origin-facing',
});
alb.connections.allowFrom(ec2.Peer.perfixListId(plCloudFront.prefixListId), ec2.Peer.HTTPS);

Proposed Solution

CloudControl context provider may query prefix list from name.

PoC code:

ContextProvider.getValue(scope, {
  provider: cxschema.ContextProvider.CC_API_PROVIDER,
  props: {
    typeName: 'AWS::EC2::PrefixList',
    propertyMatch: {
      PrefixListName: 'com.amazonaws.global.cloudfront.origin-facing',
    },
    propertiesToReturn: ['PrefixListId'],
  },
})

By CLI:

$ aws cloudcontrol list-resources --type-name 'AWS::EC2::PrefixList' | jq '.ResourceDescriptions[]|select((.Properties|fromjson).PrefixListName=="com.amazonaws.global.cloudfront.origin-facing")'
{
  "Identifier": "pl-xxxxxxxx",
  "Properties": "{\"OwnerId\":\"AWS\",\"PrefixListId\":\"pl-xxxxxxxx\",...}"
}

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.180.0

Environment details (OS name and version, etc.)

N/A

[pahud]

Hello @Tietew,

Thank you for submitting this feature request. This is indeed a useful addition to the CDK EC2 module that would improve the developer experience when working with AWS-managed prefix lists.

Since you've indicated you may be able to implement this feature, we'd be happy to guide you through the process:

1. The implementation would need to:

   • Add a new fromLookup static method to the PrefixList class
   • Create appropriate interfaces for the lookup options
   • Implement the CloudControl context provider pattern similar to your proof of concept
   • Add appropriate tests

2. For inspiration, you might want to look at similar lookup implementations in the CDK codebase, such as:

   • Vpc.fromLookup()
   • HostedZone.fromLookup()

If you're interested in proceeding with a PR, please let us know, and we'll be happy to provide more specific guidance if needed.

Thanks again for your contribution to making the CDK better!

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.