feat(ec2): allow private non-nat subnets #21699
Conversation
|
|
jmortlock
force-pushed
the
private-with-egress
branch
2 times, most recently
from
470449b
to
48ac4a2
Compare
| */ | ||
| PRIVATE_WITH_NAT = 'Private', | ||
| PRIVATE_WITH_NAT = 'Deprecated_Private_NAT', |
There was a problem hiding this comment.
Does this have the potential to cause breaking changes for users?
There was a problem hiding this comment.
I do not believe it will and these constants have been through a rename cycle before in v1.
You can see an earlier PR which renamed it originally
#19320
This actually caused an issue with VPC resources being recreated which you can see was ultimately fixed in
#21140
I have added similar tests to what was done in that last pull requests to get the same behavior.
TheRealAmazonKendra
changed the title
jmortlock
force-pushed
the
private-with-egress
branch
from
48ac4a2
to
96976d8
Compare
mergify
bot
dismissed
TheRealAmazonKendra’s stale review
Pull request has been modified.
|
With the force push, I can't see what was changed in this revision. Please use merge commits instead. Can you provide a summary of what's been changed? |
|
Apologies; I rebased to the latest main branch and I dropped the unnecessary changes to the v1 deprecation list |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
hi, i was wondering if the logic for context lookup needs to be updated as well. it looks like we might want to check for transit gateways in addition to nat gateways to categorize it as a https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk/lib/context-providers/vpcs.ts#L72-L77 |
When I do Vpc.fromLookup in a VPC that has subnets with a default route to a TransitGateway the subnet is detected as `PRIVATE_ISOLATED` instead of `PRIVATE_WITH_EGRESS` This PR adds the detection of subnets with TGW routes as `PRIVATE_WITH_EGRESS` instead of `PRIVATE_ISOLATED`. This is potentially a breaking change depending on what is the expected behaviour. To me it seemed rather missed accidentally given that this [previous PR](#21699) mentions that `PRIVATE_WITH_EGRESS` was introduced also for Transit Gateways. Closes #25626 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Closes: #21697 and might close #21699
Not all private subnets need to have a NAT gateway for egress; an example would be when using Transit Gateway.
I have incorporated the idea expressed in #21189 to add a more generic
PRIVATE_WITH_EGRESSsubnet type.This PR is largely a rename and a small logic change in
determineNatGatewayCountAll Submissions:
Adding new Unconventional Dependencies:
New Features
yarn integto deploy the infrastructure and generate the snapshot (i.e.yarn integwithout--dry-run)?By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license