Creating an ASG with public subnets fails.

[vaneek]

Note: for support questions, please first reference our documentation, then use Stackoverflow. This repository's issues are intended for feature requests and bug reports.

• I'm submitting a ...

  • 🪲 bug report
  • 🚀 feature request
  • 📚 construct library gap
  • ☎️ security issue or vulnerability => Please see policy
  • ❓ support request => Please see note at the top of this template.

• What is the current behavior?
  If the current behavior is a 🪲bug🪲: Please provide the steps to reproduce

1. Creating an ASG using an imported VPC with only public subnets fails with the following error message,

jsii.errors.JSIIError: There are no 'Private' subnets in this VPC. Use a different VPC subnet selection.

Code to create stack,

class ASGStack(core.Stack):

    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        vpc = ec2.Vpc.from_lookup(self, "VPC", is_default=True)
        
        asg = autoscaling.AutoScalingGroup(
            self, "ASG",
            vpc=vpc,
            vpc_subnets=vpc.select_subnets(subnet_type=ec2.SubnetType.PUBLIC, one_per_az=True),
            instance_type=ec2.InstanceType.of(
                ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.LARGE
            ),
            machine_image=ec2.GenericLinuxImage({
                'eu-west-2': 'ami-1234,
                'eu-west-1': 'ami-5678,
            }),
        )

2. Using a VPC created by the same stack ASG construct only uses PRIVATE subnets even when explicitly selecting PUBLIC subnets.

class ASGStack(core.Stack):

    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)
        
        vpc = ec2.Vpc(self, "VPC")
        
        asg = autoscaling.AutoScalingGroup(
            self, "ASG",
            vpc=vpc,
            vpc_subnets=vpc.select_subnets(subnet_type=ec2.SubnetType.PUBLIC, one_per_az=True),
            instance_type=ec2.InstanceType.of(
                ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.LARGE
            ),
            machine_image=ec2.GenericLinuxImage({
                'eu-west-2': 'ami-1234,
                'eu-west-1': 'ami-5678,
            }),
        )

Snippet from generated cloudformation template,

        "VPCZoneIdentifier": [
          {
            "Ref": "VPCPrivateSubnet1Subnet8BCA10E0"
          },
          {
            "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A"
          },
          {
            "Ref": "VPCPrivateSubnet3Subnet3EDCD457"
          }
        ]

• What is the expected behavior (or behavior of feature suggested)?
  Subnet placement to use selected subnets.

• What is the motivation / use case for changing the behavior or adding this feature?

• Please tell us about your environment:

ℹ️ CDK Version: 1.1.0 (build 1a11e96)
ℹ️ AWS environment variables:

• AWS_CLOUDWATCH_HOME = /opt/aws/apitools/mon
• AWS_PATH = /opt/aws
• AWS_AUTO_SCALING_HOME = /opt/aws/apitools/as
• AWS_ELB_HOME = /opt/aws/apitools/elb
  ℹ️ No CDK environment variables

• Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, gitter, etc)

[vaneek]

Explicitely tagging a subnet in an imported VPC with aws-cdk:subnet-type as Public also does not work as in example 1. Falsely tagging as Private and using default subnet selection succeeds. It appears the logic has gotten off tracks somewhere as it is only possible to create an ASG with Private subnets.

[rix0rrr]

Can you check whether this has gotten fixed by #3784 ?

[SomayaB]

Can you check whether this has gotten fixed by #3784 ?

@vaneek

[rix0rrr]

If not there it will be fixed by #4668. Closing.