search

AndrewGuenther / cdk-fck-nat

CDK constructs for the fck-nat service
MIT License
65 stars 10 forks source link

Getting "Pass the NatInstanceProvider to a Vpc before accessing 'securityGroup'" even though I'm trying what it says. #308

Closed ruckc closed 6 months ago

ruckc commented 7 months ago

With the below stack I get the throw new Error('Pass the NatInstanceProvider to a Vpc before accessing \'securityGroup\''); error. Not sure what I am doing wrong.

export class ExampleStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const natGatewayProvider = new FckNatInstanceProvider({
      instanceType: ec2.InstanceType.of(ec2.InstanceClass.T4G, ec2.InstanceSize.NANO),
    });

    const vpc = new ec2.Vpc(this, 'example-vpc', {
      natGatewayProvider,
      flowLogs: {
        vpcFlowLogs: {
          destination: ec2.FlowLogDestination.toCloudWatchLogs(),
          trafficType: ec2.FlowLogTrafficType.REJECT,
        }
      },
      ipAddresses: ec2.IpAddresses.cidr('10.0.0.0/16'),
      subnetConfiguration: [
        {
          cidrMask: 24,
          name: 'example-public',
          subnetType: ec2.SubnetType.PUBLIC,
        },
        {
          cidrMask: 24,
          name: 'example-private',
          subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
        },
      ],
    });

    natGatewayProvider.securityGroup.addIngressRule(ec2.Peer.ipv4(vpc.vpcCidrBlock), ec2.Port.allTraffic());

    const cluster = new ecs.Cluster(this, 'example-cluster', {
      containerInsights: true,
      vpc: vpc,
    });
  }
}
AndrewGuenther commented 7 months ago

Could you share what version of CDK you're using?

ruckc commented 7 months ago

The latest - 2.133.0

On Fri, Mar 22, 2024, 21:41 Andrew Guenther @.***> wrote:

Could you share what version of CDK you're using?

— Reply to this email directly, view it on GitHub https://github.com/AndrewGuenther/cdk-fck-nat/issues/308#issuecomment-2016290028, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAK4HYMRZCXDEHONG5IEHU3YZTMTLAVCNFSM6AAAAABFEFTQGSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJWGI4TAMBSHA . You are receiving this because you authored the thread.Message ID: @.***>

ruckc commented 7 months ago

Not sure why, but if I change the logic to this...

    for (const subnet of vpc.privateSubnets) {
      natGatewayProvider.securityGroup.addIngressRule(ec2.Peer.ipv4(subnet.ipv4CidrBlock), ec2.Port.allTraffic());
    }

I instead get this instead... which would mean it is "working" just not the example.

Error: Cannot retrieve value from context provider ami since account/region are not specified at the stack level. Configure "env" with an account and region when you define your stack.See https://docs.aws.amazon.com/cdk/latest/guide/environments.html for more details.
    at Function.getValue (/builds/user/example/node_modules/aws-cdk-lib/core/lib/context-provider.js:2:562)
    at LookupMachineImage.getImage (/builds/user/example/node_modules/aws-cdk-lib/aws-ec2/lib/machine-image/machine-image.js:1:16109)
    at new LaunchTemplate (/builds/user/example/node_modules/aws-cdk-lib/aws-ec2/lib/launch-template.js:1:4911)
    at FckNatInstanceProvider.configureNat (/builds/user/example/node_modules/cdk-fck-nat/src/index.ts:241:27)
    at Vpc.createNatGateways (/builds/user/example/node_modules/aws-cdk-lib/aws-ec2/lib/vpc.js:1:16591)
    at new Vpc (/builds/user/example/node_modules/aws-cdk-lib/aws-ec2/lib/vpc.js:1:14408)
    at new exampleStack (/builds/user/example/lib/example-stack.ts:21:17)
    at /builds/user/example/bin/example.ts:12:17
    at Object.<anonymous> (/builds/user/example/bin/example.ts:48:3)
    at Module._compile (node:internal/modules/cjs/loader:1376:14)
ihortelanoarc commented 7 months ago

I'm experiencing the same issue using aws-cdk-lib version 2.115.0

AndrewGuenther commented 7 months ago

@ruckc

Error: Cannot retrieve value from context provider ami since account/region are not specified at the stack level. Configure "env" with an account and region when you define your stack.See https://docs.aws.amazon.com/cdk/latest/guide/environments.html for more details.

That issue can be fixed by following those instructions in the docs.

I've been unable to replicate this issue with any recent version of cdk. If anyone could link me to a minimum reproducible example repository I'll take a closer look.

AndrewGuenther commented 6 months ago

Closing this. Feel free to re-open with a link to an example repository.

thehabbos007 commented 3 months ago

If it can help anyone, I had set natGateways: 0 before adding fck-nat in my VPC config, which threw the same error as the original report. Removing this fixed the issue