Closed chelma closed 1 year ago
It turns out it's not possible to set up a multi-CIDR VPC via CloudFormation/CDK; you can only do the initial CIDR block during creation and a separate API call is requires post-creation to add additional CIDR blocks. Therefore, the first AC was not performed.
However, I was able to confirm that add-vpc
now correctly handles multi-CIDR VPCs using manual testing (see the PR). It should be noted that there's a cap on the number of Traffic Mirror Filter rules (10) per Filter, which means without getting creative our User VPCs can only have 4 CIDR blocks associated with them (otherwise the CloudFormation deployment should fail).
Resolving task.
Description
Per discussion in PR https://github.com/arkime/aws-aio/pull/71, it turns out it's possible to have complex CIDRs composed of several disjoint ranges if you add additional ranges post-creation [1][2]. We should ensure that the mirror routing created by
add-vpc
can handle these compound ranges.Follow-up task to https://github.com/arkime/aws-aio/issues/66
[1] https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html [2] https://docs.aws.amazon.com/vpc/latest/userguide/modify-vpcs.html#add-ipv4-cidr
Acceptance Criteria