aws: limit dual-stack to allowed regions (#587)

brharrington · web-flow · commit 8b1028a1242f · 2023-09-13T14:16:30.000-05:00
Add config with the set of regions where dual-stack endpoints
are actually available. This needs to be done in addition to
checking if the various services actually support it.
diff --git a/iep-spring-aws2/src/main/java/com/netflix/iep/aws2/AwsClientFactory.java b/iep-spring-aws2/src/main/java/com/netflix/iep/aws2/AwsClientFactory.java
@@ -373,12 +373,13 @@ public <T> T newInstance(String name, Class<T> cls, String accountId, Optional<R
     try {
       Config cfg = getConfig(name, cls);
       Config clientConfig = cfg.getConfig("client");
+      Region selectedRegion = region.orElseGet(() -> chooseRegion(name, cls));
       SdkHttpService service = createSyncHttpService(clientConfig);
       Method builderMethod = cls.getMethod("builder");
       AwsClientBuilder<?, ?> builder = ((AwsClientBuilder<?, ?>) builderMethod.invoke(null))
           .credentialsProvider(createCredentialsProvider(cfg.getConfig("credentials"), accountId, service))
-          .region(region.orElseGet(() -> chooseRegion(name, cls)))
-          .dualstackEnabled(cfg.getBoolean("dualstack"))
+          .region(selectedRegion)
+          .dualstackEnabled(shouldUseDualstack(cfg, selectedRegion))
           .overrideConfiguration(createClientConfig(clientConfig));
       AttributeMap attributeMap = getSdkHttpConfigurationOptions(clientConfig);
 
@@ -397,6 +398,11 @@ public <T> T newInstance(String name, Class<T> cls, String accountId, Optional<R
     }
   }
 
+  private boolean shouldUseDualstack(Config cfg, Region region) {
+    return cfg.getBoolean("dualstack")
+        && cfg.getStringList("dualstack-regions").contains(region.id());
+  }
+
   /**
    * Get a shared instance of an AWS client of the specified type. The name of the config
    * block will be based on the package for the class name. For example, if requesting an
diff --git a/iep-spring-aws2/src/main/resources/reference.conf b/iep-spring-aws2/src/main/resources/reference.conf
@@ -43,6 +43,18 @@ netflix.iep.aws {
     // Should dualstack be enabled for the client?
     // https://docs.aws.amazon.com/vpc/latest/userguide/aws-ipv6-support.html
     dualstack = false
+
+    // Unfortunately, AWS doesn't have consistent support for dualstack across all
+    // regions. Add list of supported regions.
+    // https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Using_Endpoints.html#ipv6
+    dualstack-regions = [
+      "ap-south-1",
+      "eu-west-1",
+      "sa-east-1",
+      "us-east-1",
+      "us-east-2",
+      "us-west-2"
+    ]
   }
 
   // Overrides for services that support IPv6 to use dualstack
