Skip to content

feat(ec2): rename SubnetTypes to improve clarity with EC2 conventions#16348

Merged
mergify[bot] merged 3 commits intomasterfrom
njlynch/rename_subnet_types
Sep 3, 2021
Merged

feat(ec2): rename SubnetTypes to improve clarity with EC2 conventions#16348
mergify[bot] merged 3 commits intomasterfrom
njlynch/rename_subnet_types

Conversation

@njlynch
Copy link
Copy Markdown
Contributor

@njlynch njlynch commented Sep 2, 2021

Early on in the CDK history, a decision was made to delineate between subnets
with Internet access (i.e., those with a NAT) and those without. The convention
chosen at that time was to label the subnets as PRIVATE and ISOLATED,
respectively. The intent was to make it clear that subnets without a NAT were
completely isolated from the broader Internet (unless connected through another
subnet).

However, this introduction of a new subnet type that does not match EC2
documentation and naming conventions can cause confusion. Most critically, a
user may select a PRIVATE subnet without realizing that it automatically
requires one (or more) NAT gateways. As NAT gateways are not free, this can
lead to unintended charges.

To realign to the EC2 terminology -- while retaining the existing logic
surrounding SubnetTypes -- the existing types of PRIVATE and ISOLATED are
being renamed to PRIVATE_WITH_NAT and PRIVATE_ISOLATED, respectively.

fixes #15929

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@njlynch
feat(ec2): rename SubnetTypes to improve clarity with EC2 conventions
5568291 
Early on in the CDK history, a decision was made to delineate between subnets
with Internet access (i.e., those with a NAT) and those without. The convention
chosen at that time was to label the subnets as `PRIVATE` and `ISOLATED`,
respectively. The intent was to make it clear that subnets without a NAT were
completely isolated from the broader Internet (unless connected through another
subnet).

However, this introduction of a new subnet type that does not match EC2
documentation and naming conventions can cause confusion. Most critically, a
user may select a `PRIVATE` subnet without realizing that it automatically
requires one (or more) NAT gateways. As NAT gateways are not free, this can
lead to unintended charges.

To realign to the EC2 terminology -- while retaining the existing logic
surrounding SubnetTypes -- the existing types of `PRIVATE` and `ISOLATED` are
being renamed to `PRIVATE_WITH_NAT` and `PRIVATE_ISOLATED`, respectively.

fixes #15929
@njlynch njlynch requested a review from a team September 2, 2021 16:04
@njlynch njlynch self-assigned this Sep 2, 2021
@gitpod-io
Copy link
Copy Markdown

gitpod-io bot commented Sep 2, 2021

@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Sep 2, 2021
eladb
eladb approved these changes Sep 3, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@eladb eladb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor

@eladb eladb added the pr/do-not-merge This PR should not be merged at this time. label Sep 3, 2021
@njlynch
README suggestion
f414a79 
Co-authored-by: Elad Ben-Israel <benisrae@amazon.com>
@njlynch njlynch removed the pr/do-not-merge This PR should not be merged at this time. label Sep 3, 2021
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Sep 3, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

aws-cdk-automation commented Sep 3, 2021

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: 826e4e3
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 2023004 into master Sep 3, 2021
@mergify mergify bot deleted the njlynch/rename_subnet_types branch September 3, 2021 10:01
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Sep 3, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this pull request Sep 6, 2021
@njlynch @TikiTDO
feat(ec2): rename SubnetTypes to improve clarity with EC2 conventions (
46bc6e1 
…aws#16348)

Early on in the CDK history, a decision was made to delineate between subnets
with Internet access (i.e., those with a NAT) and those without. The convention
chosen at that time was to label the subnets as `PRIVATE` and `ISOLATED`,
respectively. The intent was to make it clear that subnets without a NAT were
completely isolated from the broader Internet (unless connected through another
subnet).

However, this introduction of a new subnet type that does not match EC2
documentation and naming conventions can cause confusion. Most critically, a
user may select a `PRIVATE` subnet without realizing that it automatically
requires one (or more) NAT gateways. As NAT gateways are not free, this can
lead to unintended charges.

To realign to the EC2 terminology -- while retaining the existing logic
surrounding SubnetTypes -- the existing types of `PRIVATE` and `ISOLATED` are
being renamed to `PRIVATE_WITH_NAT` and `PRIVATE_ISOLATED`, respectively.

fixes aws#15929


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
david-doyle-as24 pushed a commit to david-doyle-as24/aws-cdk that referenced this pull request Sep 7, 2021
@njlynch @david-doyle-as24
feat(ec2): rename SubnetTypes to improve clarity with EC2 conventions (
9044e6a 
…aws#16348)

Early on in the CDK history, a decision was made to delineate between subnets
with Internet access (i.e., those with a NAT) and those without. The convention
chosen at that time was to label the subnets as `PRIVATE` and `ISOLATED`,
respectively. The intent was to make it clear that subnets without a NAT were
completely isolated from the broader Internet (unless connected through another
subnet).

However, this introduction of a new subnet type that does not match EC2
documentation and naming conventions can cause confusion. Most critically, a
user may select a `PRIVATE` subnet without realizing that it automatically
requires one (or more) NAT gateways. As NAT gateways are not free, this can
lead to unintended charges.

To realign to the EC2 terminology -- while retaining the existing logic
surrounding SubnetTypes -- the existing types of `PRIVATE` and `ISOLATED` are
being renamed to `PRIVATE_WITH_NAT` and `PRIVATE_ISOLATED`, respectively.

fixes aws#15929


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@peterwoodworth peterwoodworth mentioned this pull request Oct 18, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@eladb eladb eladb approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@njlynch njlynch

Labels

contribution/core This is a PR that came from AWS.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

(aws-ec2): Why are NAT gateways required for private subnets?

3 participants

@njlynch @aws-cdk-automation @eladb