fix(globalaccelerator-endpoints): add preserveClientIp option for net… (#30346)

…work loadbalancer

### Issue # (if applicable)

### Reason for this change

preserveClientIp was missing for GlobalAccelerator Endpoints when using a network loadbalancer.

### Description of changes

* add missing network load balancer endpoint prop.

### Description of how you validated changes

Added unit tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

Author: SaschaJanssen

packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.js.snapshot/integ-globalaccelerator.template.json

@@ -691,6 +691,18 @@
       }
      },
      {
+      "ClientIPPreservationEnabled": true,
+      "EndpointId": {
+       "Ref": "ALBAEE750D2"
+      }
+     },
+     {
+      "EndpointId": {
+       "Ref": "NLB55158F82"
+      }
+     },
+     {
+      "ClientIPPreservationEnabled": true,
       "EndpointId": {
        "Ref": "NLB55158F82"
       }

packages/@aws-cdk-testing/framework-integ/test/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.ts

@@ -38,7 +38,9 @@ class GaStack extends Stack {
       listener,
       endpoints: [
         new endpoints.ApplicationLoadBalancerEndpoint(alb),
+        new endpoints.ApplicationLoadBalancerEndpoint(alb, { preserveClientIp: true }),
         new endpoints.NetworkLoadBalancerEndpoint(nlb),
+        new endpoints.NetworkLoadBalancerEndpoint(nlb, { preserveClientIp: true }),
         new endpoints.CfnEipEndpoint(eip),
         new endpoints.InstanceEndpoint(instances[0]),
         new endpoints.InstanceEndpoint(instances[1]),

packages/aws-cdk-lib/aws-globalaccelerator-endpoints/lib/nlb.ts

@@ -14,6 +14,19 @@ export interface NetworkLoadBalancerEndpointProps {
    * @default 128
    */
   readonly weight?: number;
+
+  /**
+   * Forward the client IP address in an `X-Forwarded-For` header
+   *
+   * GlobalAccelerator will create Network Interfaces in your VPC in order
+   * to preserve the client IP address.
+   *
+   * Client IP address preservation is supported only in specific AWS Regions.
+   * See the GlobalAccelerator Developer Guide for a list.
+   *
+   * @default false
+   */
+  readonly preserveClientIp?: boolean;
 }
 
 /**
@@ -31,6 +44,7 @@ export class NetworkLoadBalancerEndpoint implements ga.IEndpoint {
     return {
       endpointId: this.loadBalancer.loadBalancerArn,
       weight: this.options.weight,
+      clientIpPreservationEnabled: this.options.preserveClientIp,
     } as ga.CfnEndpointGroup.EndpointConfigurationProperty;
   }
 }

packages/aws-cdk-lib/aws-globalaccelerator-endpoints/test/endpoints.test.ts

@@ -74,6 +74,7 @@ test('Network Load Balancer with all properties', () => {
     endpoints: [
       new endpoints.NetworkLoadBalancerEndpoint(nlb, {
         weight: 50,
+        preserveClientIp: true,
       }),
     ],
   });
@@ -84,6 +85,7 @@ test('Network Load Balancer with all properties', () => {
       {
         EndpointId: { Ref: 'NLB55158F82' },
         Weight: 50,
+        ClientIPPreservationEnabled: true,
       },
     ],
   });

packages/aws-cdk-lib/aws-globalaccelerator/README.md

@@ -116,6 +116,7 @@ listener.addEndpointGroup('Group', {
   endpoints: [
     new ga_endpoints.NetworkLoadBalancerEndpoint(nlb, {
       weight: 128,
+      preserveClientIp: true, 
     }),
   ],
 });