search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.57k stars 3.88k forks source link

aws-ec2: cannot synth Vpc with CIDR mask configuration #25757

Open ChrisLane opened 1 year ago

ChrisLane commented 1 year ago

Describe the bug

I cannot synth the following code:

const ec2 = require("aws-cdk-lib/aws-ec2");
const vpc = new ec2.Vpc(this, "my-vpc", {
  vpcName: "my-vpc",
  ipAddresses: ec2.IpAddresses.cidr("10.199.32.0/20"),
  natGateways: 1,
  subnetConfiguration: [
    {
      name: "public-subnet",
      subnetType: ec2.SubnetType.PUBLIC,
      cidrMask: 25
    },
    {
      name: `private-with-nat-subnet`,
      subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
      cidrMask: 22
    },
    {
      name: `private-isolated-subnet`,
      subnetType: ec2.SubnetType.PRIVATE_ISOLATED,
      cidrMask: 25
    }
  ]
});

Instead, I get the error 1 of /25 exceeds remaining space of 10.199.32.0/20.

Expected Behavior

I understand that the default config results in 3 AZs, meaning this configuration would have a total of 9 subnets.

As far as I'm aware, the above configuration should be able to produce a subnet layout similar to the following that fits within the given CIDR:

10.199.32.0/22    Private with NAT
10.199.36.0/22    Private with NAT
10.199.40.0/22    Private with NAT
10.199.44.0/25    Public
10.199.44.128/25  Public
10.199.45.0/25    Public
10.199.45.128/25  Private Isolated
10.199.46.0/25    Private Isolated
10.199.46.128/25  Private Isolated

Current Behavior

Instead of the synth succeeding, I get the error 1 of /25 exceeds remaining space of 10.199.32.0/20.

Reproduction Steps

Attempt to synth the example code.

Possible Solution

Perhaps there is a hidden network feature that is restricting the IP space available to me, otherwise I think I've miscalculated my subnets or this is a bug.

Additional Information/Context

No response

CDK CLI Version

2.81.0

Framework Version

No response

Node.js Version

20.2.0

OS

Arch Linux 6.3.4

Language

Typescript

Language Version

JavaScript

Other information

If I reduce the PRIVATE_WITH_EGRESS CIDR mask to /23, I can successfully synth the project but this provides me with considerably fewer IPs.

pahud commented 1 year ago

related to https://github.com/aws/aws-cdk/issues/25537

ChrisLane commented 1 year ago

I expected that the order that I define the subnets would not matter and that they would be placed in an order that works but this is not the case.

Changing the subnet order allows me to synth the configuration:

const ec2 = require("aws-cdk-lib/aws-ec2");
const vpc = new ec2.Vpc(this, "my-vpc", {
  vpcName: "my-vpc",
  ipAddresses: ec2.IpAddresses.cidr("10.199.32.0/20"),
  natGateways: 1,
  subnetConfiguration: [
      {
      name: `private-with-nat-subnet`,
      subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
      cidrMask: 22
    },
    {
      name: "public-subnet",
      subnetType: ec2.SubnetType.PUBLIC,
      cidrMask: 25
    },
    {
      name: `private-isolated-subnet`,
      subnetType: ec2.SubnetType.PRIVATE_ISOLATED,
      cidrMask: 25
    }
  ]
});
pahud commented 1 month ago

Yes your issue still relevant and workaround works for me.