Skip to content

Enable IPv6 support for SSM Client #4623

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 16, 2025
Merged

Enable IPv6 support for SSM Client #4623

merged 1 commit into from
May 16, 2025

Conversation

TheanLim
Copy link
Contributor

@TheanLim TheanLim commented May 5, 2025
edited
Loading

Summary

Enable SSM client to automatically use dualstack endpoints when running on IPv6-only instances.

Ref PR: #4580

Implementation details

  1. Client Configuration Updates
    i. Modified NewSSMClient to accept IPCompatibility parameter
    ii. Set useDualStackEndpoint based on IPv6 compatibility status
  2. Task Resources
    1. SSM client is mainly used by TaskResources such as FSxWindowsFileServer, SSMSecret, and CredentialSpecs.
    2. Added an ipCompatibility field to each task resource.
      1. Updated New* constructors to accept an additional ipCompatibility parameter. New* is invoked when there's a new incoming task that requires task resources.
      2. Initialize() is invoked when Agent restarts and reinitialize task resources. Updated such that the ipCompatibility field is populated.
      3. Config.InstanceIPCompatibility is the source of value. Updated call chains so that the ipCompatibility is passed down correctly

Testing

Setups done:

  • Set IPCompatibility to NewIPv6OnlyCompatibility
  • Pin the functional test suite to run on a dualstack subnet (agent is currently connecting to control plane via IPv4).
  • Update the SSM Client to use the SSM Pre-prod endpoint for testing purpose, as the dualstack endpoint is still a work in progress. Once the dual-stack endpoint functionality is production-ready, no additional changes will be required on top of this PR.
    • Create SSM Parameters needed by the functional test suite on the Pre-prod

Executed functional test suite on dualstack subnet. Verified all tests passed and pre-prod endpoint usage through docker container logs.

level=debug time=2025-05-15T17:43:10Z msg="Test: Configuring SSM custom endpoint"

New tests cover the changes: no

Description for the changelog

Enhancement: SSM Client resolves to dualstack endpoint on IPV6-only instances

Additional Information

Does this PR include breaking model changes? If so, Have you added transformation functions?

Does this PR include the addition of new environment variables in the README?

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@TheanLim TheanLim marked this pull request as ready for review May 15, 2025 18:37
@TheanLim TheanLim requested a review from a team as a code owner May 15, 2025 18:37
@TheanLim TheanLim changed the title [WIP] Enable IPv6 support for SSM Client Enable IPv6 support for SSM Client May 15, 2025
danehlim
danehlim reviewed May 16, 2025
View reviewed changes
agent/taskresource/fsxwindowsfileserver/fsxwindowsfileserver_windows_test.go
@@ -102,6 +107,7 @@ func TestInitialize(t *testing.T) {
assert.NotNil(t, fv.asmClientCreator)
assert.NotNil(t, fv.fsxClientCreator)
assert.NotNil(t, fv.statusToTransitions)
assert.NotNil(t, fv.ipCompatibility)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit (non-blocking): Could do a more specific check using assert.Equal here, given that config (or testConfig in this case) contains what we expect to be the source of truth for IP compatibility.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. Ignoring this for now as we implicitly check it in the ssmClientCreator.NewSSMClient input args

fv, _, ssmClientCreator, _, _, mockSSMClient, _, _ := setup(t)
...
ssmClientCreator.EXPECT().NewSSMClient(gomock.Any(), gomock.Any(), testConfig.InstanceIPCompatibility).Return(mockSSMClient, nil),

Thanks

@TheanLim TheanLim merged commit 284d18e into aws:dev May 16, 2025
40 checks passed
@danehlim danehlim mentioned this pull request May 20, 2025
Merged
timj-hh pushed a commit to timj-hh/amazon-ecs-agent that referenced this pull request Jul 19, 2025
@TheanLim @timj-hh
Enable IPv6 support for SSM Client (aws#4623)
1a74884
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sparrc sparrc sparrc approved these changes

@danehlim danehlim danehlim approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@TheanLim @sparrc @danehlim @amazon-ecs-bot