Aws-cdk: Explain how to get subnets from imported VPC

Created on 14 Aug 2019 · 8Comments · Source: aws/aws-cdk

Note: for support questions, please first reference our documentation, then use Stackoverflow. This repository's issues are intended for feature requests and bug reports.

I'm submitting a ...
- [ ] :beetle: bug report
- [x] :rocket: feature request
- [ ] :books: construct library gap
- [ ] :phone: security issue or vulnerability => Please see policy
- [ ] :question: support request => Please see note at the top of this template.
What is the current behavior?
If the current behavior is a :beetle:bug:beetle:: Please provide the steps to reproduce
fromLookup imports a vpc fed with dummy values, how can I extract subnets out of it?
What is the expected behavior (or behavior of feature suggested)?
Please add a example/tutorial how to get subnets for a given VPC.
What is the motivation / use case for changing the behavior or adding this feature?
Sometimes I need to perform some action for every subnet. I don't have these values available before synthesize.
Please tell us about your environment:
- CDK CLI Version: 1.3.0
- Module Version: 1.3.0
- OS: [all]
- Language: [all]
Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, gitter, etc)

@aws-cdaws-ec2 bug efformedium p2

Source

lkoniecz

All 8 comments

Sometimes I need to perform some action for every subnet

Can you go into some more detail on what you need to do to every subnet?

rix0rrr on 20 Aug 2019

@rix0rrr

EKS does not fully support multi az deployments. If a pod requires a persistent volume - an EBS will be created in the same availibilty zone as the worker that was assigned the pod. If the pod gets destroyed and recreated in different az - the volume cannot be assigend to the pod. More on there: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumes.html

Possible solution is to to call eks.add_capacity for each subnet which will bind volumes and nodes to the same AZ.

lkoniecz on 20 Aug 2019

I have another use case, for an ALB, I have to supply the subnets it's going to have interfaces on, I'd have thought it would be something like:

new elb.ApplicationLoadBalancer(this, "loadBalancer", {
  // http2Enabled: false,
  internetFacing: true,
  idleTimeout: cdk.Duration.seconds(30),
  vpc: ec2.Vpc.fromLookup(this, 'vpcId',  {vpcId: 'vpc-99999999'}),
  vpcSubnets: {
    subnetName: cdk.Fn.importValue("VPC-Subnet-Pub-A")
    // subnetType: ec2.SubnetType.PUBLIC
  }
})

The VPC is already created long ago and I can get the subnets by importing "VPC-Subnet-Pub-A", "VPC-Subnet-Pub-B", "VPC-Subnet-Pub-C", but I can't figure out how to do this in CDK.

The vpcSubnets takes 'SubnetSelection', which consists of:

Where can I put subnet IDs? Unless the subnets/vpc were created using CDK, there doesn't appear to be a way to call them using either "subnetGroupName" or "subnetType"

shakerky on 9 Oct 2019

👍1

And if I leave vpcSubnets undefined it returns:

[Error at /CdkElbAsgStack] Not all subnets in VPC have the same AZs: ap-southeast-2a,ap-southeast-2a,ap-southeast-2b,ap-southeast-2b,ap-southeast-2c,ap-southeast-2c vs ap-southeast-2a,ap-southeast-2b,ap-southeast-2c

Which is a pretty useless message.

shakerky on 9 Oct 2019

You could potentially use vpc.fromVpcAttributes to create the subnet types referenced above:

The docs say:
"Import an existing VPC from by querying the AWS environment this stack is deployed to.

This function only needs to be used to use VPCs not defined in your CDK application"

Which is great until this two lines down:

"Calling this method will lead to a lookup when the CDK CLI is executed. You can therefore not use any values that will only be available at CloudFormation execution time (i.e., Tokens)."

So we can't import anything and have to have a fixed set of VpcIds in our app.

shakerky on 9 Oct 2019

👍1

Hi
Is there anything new in relation to this matter?
I'm really having issues with aws-cdk whentrying to use subset of private networks.
Just to explain my situation:

I have 6 private subnets (3 for backend layer, and 3 for data layer) which have been crated long time ago (we did not implemented isolated ones due to restrictions in our network design)

I have 2 arrays "Array ", one with the BackEnd subnets and the other one with the DATA subnets, but I'm not finding the way to use any of both in the ec2 instance definition.

Which one is the status of this bug?
Does anyone know a proper way overload PUBLIC; PRIVATE and ISOLATED with the networks I define they are ? and not the ones recognized from AWS? that might solve the issue not ?

scpg on 14 Jul 2020

👍1

@scpg I have a similar situation and I cannot use PRIVATE subnets properly (yes with correct tagging). I've tried to set the defaultCapacity to 0 and then perform an update but did get any success.

include on 29 Nov 2020

I have found this issue by Googling. Our infrastructure uses an existing VPC into which I deploy my Fargate tasks.

I had an issue deploying because my subnets were not present. So I added them into my Vpc.fromVpcAttributes() call, by importing them from the other stack.

Now I have an issue that they're exported as comma lists, and I cannot split() them in CDK, for the reason (I think) mentioned by @shakerky that it's just a '${Token[TOKEN.56]}' so can't be split.

So now I am a bit stuck.