Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-ec2): VPC construct - make Internet Gateway creation fully controllable #26270

Closed
1 of 2 tasks
Obirah opened this issue Jul 6, 2023 · 4 comments · Fixed by #26314
Closed
1 of 2 tasks

(aws-ec2): VPC construct - make Internet Gateway creation fully controllable #26270

Obirah opened this issue Jul 6, 2023 · 4 comments · Fixed by #26314
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md p2

Comments

@Obirah
Copy link

Obirah commented Jul 6, 2023
edited
Loading

Describe the feature

Currently the Vpc construct contains logic that determines whether to create an internet gateway here.

There should be a feature that allows to control the creation of the internet gateway explicitly.

Use Case

I'm deploying VPCs in an enterprise environment that requires to create the VPC only with private subnets of the CDK type PRIVATE_WITH_EGRESS because our subnets are connected to a transit gateway and hence are not to be considered PRIVATE_ISOLATED - this is important for dynamic lookups, e.g. for EKS.

My Vpc looks like this:

new Vpc(this, "vpc", {
    availabilityZones: this.props.availabilityZones,
    enableDnsHostnames: true,
    enableDnsSupport: true,
    flowLogs: { traffic: this.flowLogOptions },
    ipAddresses: this.ipAddresses,
    natGateways: 0,
    subnetConfiguration: this.subnetConfiguration,
    vpcName: `${this.props.name}`,
    vpnGateway: false,
});

The subnet configuration like that:

{
    name: this.props.name,
    subnetType: SubnetType.PRIVATE_WITH_EGRESS,
    cidrMask: this.vpcCidrMask + azSubnetNetmask,
    reserved: false,
}

This setup results in an unwanted internet gateway being created. Of course, there's a simple workaround that I use:

vpc.node.tryRemoveChild('IGW');
vpc.node.tryRemoveChild('VPCGW');

Proposed Solution

There should be a createInternetGateway flag in the VpcProps that explicitly allows me to disable the creation of an internet gateway that precedes over the above mentioned computation in order to provide a clean convention-over-configuration approach.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.85.0

Environment details (OS name and version, etc.)

any
@Obirah Obirah added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jul 6, 2023
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Jul 6, 2023
@Obirah Obirah changed the title aws-ec2: VPC construct - make Internet Gateway creation fully controllable (aws-ec2): VPC construct - make Internet Gateway creation fully controllable Jul 6, 2023
@peterwoodworth peterwoodworth added p2 effort/small Small work item – less than a day of effort needs-review good first issue Related to contributions. See CONTRIBUTING.md and removed needs-triage This issue or PR still needs to be triaged. labels Jul 6, 2023
@peterwoodworth
Copy link
Contributor

Thanks for the FR, makes sense 👍🏻

@pahud
Copy link
Contributor

pahud commented Jul 7, 2023

related to aws/aws-cdk-rfcs#507 and #5927

@peterwoodworth
Copy link
Contributor

Thanks, I was looking for that pahud

@lpizzinidev lpizzinidev mentioned this issue Jul 11, 2023
Merged
mergify bot added a commit to lpizzinidev/aws-cdk that referenced this issue Jul 12, 2023
@mergify
Merge branch 'main' into awsgh-26270
07dd0a6
@mergify mergify bot closed this as completed in #26314 Jul 12, 2023
mergify bot pushed a commit that referenced this issue Jul 12, 2023
@lpizzinidev
feat(ec2): make VPC internet gateway creation controllable (#26314)
cc4ce12 
The `createInternetGateway` allows disabling the creation of a default internet gateway for VPSs with non-isolated subnets.

Closes #26270.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

bmoffatt pushed a commit to bmoffatt/aws-cdk that referenced this issue Jul 29, 2023
@lpizzinidev @bmoffatt
feat(ec2): make VPC internet gateway creation controllable (aws#26314)
139f6d4 
The `createInternetGateway` allows disabling the creation of a default internet gateway for VPSs with non-isolated subnets.

Closes aws#26270.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions github-actions bot mentioned this issue Aug 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ec2): make VPC internet gateway creation controllable lpizzinidev/aws-cdk
3 participants
@pahud @Obirah @peterwoodworth