feat(ec2): allow private non-nat subnets#21699
Conversation
|
|
470449b to
48ac4a2
Compare
| * @deprecated use `PRIVATE_WITH_EGRESS` | ||
| */ | ||
| PRIVATE_WITH_NAT = 'Private', | ||
| PRIVATE_WITH_NAT = 'Deprecated_Private_NAT', |
There was a problem hiding this comment.
Does this have the potential to cause breaking changes for users?
There was a problem hiding this comment.
I do not believe it will and these constants have been through a rename cycle before in v1.
You can see an earlier PR which renamed it originally
#19320
This actually caused an issue with VPC resources being recreated which you can see was ultimately fixed in
#21140
I have added similar tests to what was done in that last pull requests to get the same behavior.
48ac4a2 to
96976d8
Compare
Pull request has been modified.
|
With the force push, I can't see what was changed in this revision. Please use merge commits instead. Can you provide a summary of what's been changed? |
|
Apologies; I rebased to the latest main branch and I dropped the unnecessary changes to the v1 deprecation list |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
hi, i was wondering if the logic for context lookup needs to be updated as well. it looks like we might want to check for transit gateways in addition to nat gateways to categorize it as a https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk/lib/context-providers/vpcs.ts#L72-L77 |
When I do Vpc.fromLookup in a VPC that has subnets with a default route to a TransitGateway the subnet is detected as `PRIVATE_ISOLATED` instead of `PRIVATE_WITH_EGRESS` This PR adds the detection of subnets with TGW routes as `PRIVATE_WITH_EGRESS` instead of `PRIVATE_ISOLATED`. This is potentially a breaking change depending on what is the expected behaviour. To me it seemed rather missed accidentally given that this [previous PR](#21699) mentions that `PRIVATE_WITH_EGRESS` was introduced also for Transit Gateways. Closes #25626 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Closes: #21697 and might close #21699
Not all private subnets need to have a NAT gateway for egress; an example would be when using Transit Gateway.
I have incorporated the idea expressed in #21189 to add a more generic
PRIVATE_WITH_EGRESSsubnet type.This PR is largely a rename and a small logic change in
determineNatGatewayCountAll Submissions:
Adding new Unconventional Dependencies:
New Features
yarn integto deploy the infrastructure and generate the snapshot (i.e.yarn integwithout--dry-run)?By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license