Aws-cdk: Allow zero natGateways in VPC construct without requiring a subnetConfiguration

Created on 1 Nov 2019 · 4Comments · Source: aws/aws-cdk

If I want to have public and isolated subnets in my VPC, but no private subnets, I cannot use the default VPC construct to do so. I get an error:

Vpc testvpc = new Vpc(this, "testVPC", VpcProps.builder()
                .natGateways(0)
                .build());

Error: If you do not want NAT gateways (natGateways=0), make sure you don't configure any PRIVATE subnets in 'subnetConfiguration' (make them PUBLIC or ISOLATED instead)

To work around this issue, I have to specify a custom subnet configuration, 1 Public and 1 Isolated per subnet:

        Vpc testvpc = new Vpc(this, "testVPC", VpcProps.builder()
                .subnetConfiguration(
                        Arrays.asList(
                                SubnetConfiguration.builder()
                                        .subnetType(SubnetType.PUBLIC)
                                        .name("public")
                                        .build(),
                                SubnetConfiguration.builder(
                                        .subnetType(SubnetType.ISOLATED)
                                        .name("isolated").build()
                                ))
                .natGateways(0)
                .build());

I would like the default to be 1 Public, 1 Isolated when zero natGatways are specified.

Use Case

This is a nice-to-have, as there is a workaround.

Proposed Solution

This should just work:

Vpc testvpc = new Vpc(this, "testVPC", VpcProps.builder()
                .natGateways(0)
                .build());

Other

[ ] :wave: I may be able to implement this feature request
[ ] :warning: This feature might incur a breaking change

This is a :rocket: Feature Request

@aws-cdaws-ec2 efforsmall feature-request good first issue in-progress

Source

flemjame-at-amazon

👍6

Most helpful comment

Just to make sure I understand: This means no private subnet, no NAT Gateway and no NAT costs on the VPC, right? I think that's what I'm looking for.

deleugpn on 21 Nov 2019

👍3

All 4 comments

I see what you're saying, but I'm not sure this would be expected behavior for most people. I'm not opposed to the change though, if you can rustle up enough community support for this change.

It will be waiting for upvotes on this request.

rix0rrr on 8 Nov 2019

Just to make sure I understand: This means no private subnet, no NAT Gateway and no NAT costs on the VPC, right? I think that's what I'm looking for.

deleugpn on 21 Nov 2019

👍3

Just to make sure I understand: This means no private subnet, no NAT Gateway and no NAT costs on the VPC, right? I think that's what I'm looking for.

I intended it to be Public Subnets and Isolated Subnets. If you specify 1 NAT gateway but 6 AZs, you still get 6 Public/6 Private subnets, but there is only one NAT gateway in one of the Public subnets.

The intent is that, by specifying 0, you still get 6 Public/6 Private, but with 0 NAT Gateways, which effectively gives you 6 Public/6 Isolated

flemjame-at-amazon on 21 Nov 2019

Currently the behavior is:

You specify the subnet configuration, and the NAT gateway configuration follows (if you don't request PRIVATE subnets you don't get NAT gateways).

As far as I can tell, you want the behavior to be:

You specify the number of NAT gateways, and the subnet configuration follows (if you set #natGateways=0 then you don't get PRIVATE subnets).

The latter can only work if you DON'T provide any subnet configuration, in which it just leads to picking a different "default" configuration. I guess it's feasible, and I would accept it if someone submitted it as a PR.

rix0rrr on 26 Nov 2019

Was this page helpful?

0 / 5 - 0 ratings