Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Subnet validation inhibits use of NAT instances #4876

Closed
ChrisLahaye opened this issue Nov 6, 2019 · 1 comment · Fixed by #4898
Closed

Subnet validation inhibits use of NAT instances #4876

ChrisLahaye opened this issue Nov 6, 2019 · 1 comment · Fixed by #4898
Assignees
@rix0rrr
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. p1

Comments

@ChrisLahaye
Copy link

Creating a VPC with public and private subnets results in an error when natGateways is zero. This inhibits the use of NAT instances (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html).

Reproduction Steps

    const vpc = new ec2.Vpc(this, 'VPC', {
      maxAzs: 2,
      natGateways: 0,
      subnetConfiguration: [
        {
          subnetType: ec2.SubnetType.PUBLIC,
          name: 'ingress',
          cidrMask: 24,
        },
        {
          cidrMask: 24,
          name: 'application',
          subnetType: ec2.SubnetType.PRIVATE,
        }],
    });

Error Log

If you do not want NAT gateways (natGateways=0), make sure you don't configure any PRIVATE subnets in 'subnetConfiguration' (make them PUBLIC or ISOLATED instead)

Other

Introduced by https://github.com/aws/aws-cdk/pull/4668/files#diff-9454c0a15b2246a5b9b2267f5266e3ebR1573

This is 🐛 Bug Report
@ChrisLahaye ChrisLahaye added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 6, 2019
@rix0rrr
Copy link
Contributor

rix0rrr commented Nov 7, 2019

As a work around, you should be able to make them ISOLATED from the PoV of the Vpc construct, and modify the routes manually afterwards.

But I'm on this.

@rix0rrr rix0rrr added p1 and removed needs-triage This issue or PR still needs to be triaged. labels Nov 7, 2019
rix0rrr added a commit that referenced this issue Nov 7, 2019
@rix0rrr
feat(ec2): add support for NAT instances
dc75541 
Add support for NAT instances (as opposed to NAT gateways)
on VPCs. Introduced the concept of a 'NAT provider', and provide
two implementations: one for gateways, one for instances.

To make it easier to pick the right AMI for the NAT instance,
add an AMI context provider, which will look up AMIs available to
the user.

Fixes #4876.
rix0rrr added a commit that referenced this issue Nov 7, 2019
@rix0rrr
feat(ec2): support NAT instances, AMI lookups
ba582ed 
Add support for NAT instances (as opposed to NAT gateways) on VPCs. This
change introduces the concept of a 'NAT provider', and provides two
implementations out of the box: one for gateways, one for instances.

Instances are not guarded against termination; a future implementation
should use ASGs to make sure there are always instances running.

To make it easier to pick the right AMI for the NAT instance,
add an AMI context provider, which will look up AMIs available to
the user.

Fixes #4876.
@rix0rrr rix0rrr mentioned this issue Nov 7, 2019
Merged
rix0rrr added a commit that referenced this issue Nov 11, 2019
@rix0rrr
feat(ec2): support NAT instances, AMI lookups (#4898)
dca9a24 
Add support for NAT instances (as opposed to NAT gateways) on VPCs. This
change introduces the concept of a 'NAT provider', and provides two
implementations out of the box: one for gateways, one for instances.

Instances are not guarded against termination; a future implementation
should use ASGs to make sure there are always instances running.

To make it easier to pick the right AMI for the NAT instance,
add an AMI context provider, which will look up AMIs available to
the user.

Fixes #4876.
@SomayaB SomayaB added @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud and removed package/vpc labels May 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rix0rrr rix0rrr

Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ec2): support NAT instances, AMI lookups aws/aws-cdk
3 participants
@rix0rrr @ChrisLahaye @SomayaB