By using cdk, I can not create docdb cluster within VPC that is not default
I am using the python api, first none of the docdb.CfnDBCluster or docdb.CfnDBInstance takes VPC as parameter and I also tried db_subnet_group_name or vpc_security_group_ids or both(with subnet group and security groups set to the VPC I want). None of them works, it keeps creating the document db cluster in default VPC

Reproduction Steps

Here is the code I use

but the code below refuse to take self.vpc I provide

docdb_subnet_group = docdb.CfnDBSubnetGroup(self,
                                                    "DocDBSubnetss",
                                                    db_subnet_group_description="Subnet group for DocumentDB",
                                                    subnet_ids=list(map(lambda x: x.subnet_id,
                                                                        self.vpc.private_subnets)))

        sg = aws_ec2.SecurityGroup(self, "DocSG", vpc=self.vpc, allow_all_outbound=True, description="DocumentDB")

        mongodb_cluster = docdb.CfnDBCluster(self,
                                             "test-mongodb-{}".format(tier),
                                             db_cluster_identifier="mongodb",
                                             master_username=MONGODB['username'],
                                             master_user_password=MONGODB['password'],
                                             availability_zones=self.vpc.availability_zones,
                                             db_subnet_group_name=docdb_subnet_group.db_subnet_group_name,
                                             vpc_security_group_ids=[sg.security_group_id],
                                             )
        mongodb_instance = docdb.CfnDBInstance(self, "test-mongodb-instance-{}".format(tier),
                                               db_cluster_identifier=mongodb_cluster.db_cluster_identifier,
                                               availability_zone=self.vpc.availability_zones[0],
                                               db_instance_class="db.r5.large",
                                               )

Error Log

Actually if I set the security group to a different VPC I got error
The DB instance and EC2 security group are in different VPCs. The DB instance is in vpc-2db73055 and the EC2 security group is in vpc-0e4ab59de8da10c38 (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 022482a5-47e8-4e60-856a-1ae443f59eb9)

Environment

• CLI Version :
• Framework Version:
• OS :
• Language :

Other

By using cdk, I can not create docdb cluster within VPC that is not default
I am using the python api, first none of the docdb.CfnDBCluster or docdb.CfnDBInstance takes VPC as parameter and I also tried db_subnet_group_name or vpc_security_group_ids or both(with subnet group and security groups set to the VPC I want). None of them works, it keeps creating the document db cluster in default VPC

This is :bug: Bug Report

Hey @siyuanh ,

perhaps the problem is this part?

        docdb_subnet_group = docdb.CfnDBSubnetGroup(
            self, "DocDBSubnets",
            db_subnet_group_description="Subnet group for DocumentDB",
            subnet_ids=list(map(lambda x: x.subnet_id,
                vpc.private_subnets)),
        )

Does the VPC have private subnets?

Can you show your template that's the result of running cdk synth on the above code?

Hey @siyuanh ,

perhaps the problem is this part?

        docdb_subnet_group = docdb.CfnDBSubnetGroup(
            self, "DocDBSubnets",
            db_subnet_group_description="Subnet group for DocumentDB",
            subnet_ids=list(map(lambda x: x.subnet_id,
                vpc.private_subnets)),
        )

Does the VPC have private subnets?

Can you show your template that's the result of running cdk synth on the above code?

Yes the VPC have privates subnets

As you can see the subnet group is successfully created pointing to another VPC but the document cluster I create still pointing to the default VPC

Can you show your template that's the result of running cdk synth on the above code?

Okay the problem is solved, but I think it needs to be well documented
The problem is when I create the subnet group I need to explicitly give a name like this

        docdb_subnet_group = docdb.CfnDBSubnetGroup(
            self, "DocDBSubnets",
            db_subnet_group_description="Subnet group for DocumentDB",
            db_subnet_group_name='fix_is_here',    # must have a name here instead of the default name\
            subnet_ids=list(map(lambda x: x.subnet_id,
                vpc.private_subnets)),
        )

Ok, glad you got it resolved @siyuanh ! We'll have to make sure to take this into account when writing a Construct Library for DocumentDB.

Can I resolve the issue?

Closing this issue since it seems to be resolved. Feel free to reopen.

I got caught by this too. Seems like subnetGroupName should be a required prop.

Same here. I don't know what the underlying issue is, but dbSubnetGroupName is effectively a required prop for creation. Spent a couple hours trying to figure this out before finding this issue.