[AWS] Resource creation for VM

[seankimkdy]

Resolves #453. Some unique things/limitations about AWS

Faking AWS Server for Unit Testing
Unlike GCP and Azure, faking an HTTP server did not work. I used middlewares instead which is a bit of a different concept. fakeDeserializeMiddleware should look a lot like getFakeServerHandler in GCP or Azure.

Using Namespaces for Resource Cleanup during Integration Test
AWS does not have resource groups in the sense that Azure does, nor does it have a nice isolation mechanism like GCP project does. There's no clean way to delete resources by a group, so I had to write a custom deletion by hand in TeardownAwsTesting. This is also why namespace has to be unique as there can be many different tests going on in the same account for AWS.

VPC Quota Limit
There's currently a limit of default 5 VPCs per region in AWS. This will not do as we tend to have more >5 ongoing PRs. We should ask for an service quota increase.

[github-actions]

Unit Test Results

321 tests  +5   321 ✅ +5   4s ⏱️ +2s
 50 suites +1     0 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 7f081c1. ± Comparison against base commit ddba24e.

This pull request removes 2 and adds 7 tests. Note that renamed tests count towards both.

github.com/paraglider-project/paraglider/pkg/ibm ‑ TestCreateResourceExistingVPCSubnet
github.com/paraglider-project/paraglider/pkg/ibm ‑ TestCreateResourceNewVPC

github.com/paraglider-project/paraglider/pkg/aws ‑ TestCreateResource
github.com/paraglider-project/paraglider/pkg/aws ‑ TestCreateResource/ExistingNetwork
github.com/paraglider-project/paraglider/pkg/aws ‑ TestCreateResource/FromScratch
github.com/paraglider-project/paraglider/pkg/aws ‑ TestCreateResource/WrongAvailabilityZone
github.com/paraglider-project/paraglider/pkg/ibm ‑ TestCreateResourceEndpointGatewayNewVPC
github.com/paraglider-project/paraglider/pkg/ibm ‑ TestCreateResourceInstanceExistingVPCSubnet
github.com/paraglider-project/paraglider/pkg/ibm ‑ TestCreateResourceInstanceNewVPC

♻️ This comment has been updated with latest results.

[github-actions]

For the detailed report, please go to Checks tab, click Build and Test, and then download unit_test_coverage artifact at the bottom of build page.

• Your PR branch coverage: 51.8 %
• main branch coverage: 0 %
• diff coverage: 51.8 %

The coverage result does not include the functional test results.

[smcclure20]

Thank you for figuring this all out! Looks great with a few notes!

[smcclure20]

Would it be easier to just put a deny-all rule at a higher priority than these defaults? That's what we do in Azure.

[seankimkdy]

I don't think AWS has deny rules for security groups. From https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html#security-group-rule-characteristics

You can specify allow rules, but not deny rules.

There are network ACLs (which have both allow and deny) but I believe they apply over an entire subnet? Let me know if I'm wrong about that though cus I'm not 100% sure.

[github-actions]

For the detailed report, please go to Checks tab, click Build and Test, and then download unit_test_coverage artifact at the bottom of build page.

• Your PR branch coverage: 51.8 %
• main branch coverage: 0 %
• diff coverage: 51.8 %

The coverage result does not include the functional test results.

[smcclure20]

Approved with the note that we should fix how AZs are handled when creating a VPC in a region. Per discussion with @seankimkdy, we should provision a subnet in each AZ on VPC creation by splitting the VPC address space into N equal chunks.