search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.33k stars 3.76k forks source link

vpc: when `natGateways` Inconsistent Route Table Configuration for Private Subnets in VPC with Multiple NAT Gateways #30643

Open waltervargas opened 4 days ago

waltervargas commented 4 days ago

Describe the bug

When creating a VPC with multiple NAT Gateways using the AWS CDK, the automatic route table configuration for private subnets does not consistently assign routes for internet access (0.0.0.0/0) to the corresponding NAT Gateways.

Expected Behavior

All private subnets should have a route (0.0.0.0/0) pointing to their corresponding NAT Gateway

Current Behavior

Only one of the private subnets had the correct route to the NAT Gateway. The other private subnets lacked this route, causing connectivity issues.

image

image

Reproduction Steps

Define a VPC with multiple private and public subnets. Configure the VPC to use multiple NAT Gateways (one per AZ) with property natGateways Deploy the stack. Here is the relevant CDK code used to create the VPC:

import * as cdk from 'aws-cdk-lib';
import { Vpc, SubnetType, IpAddresses } from 'aws-cdk-lib/aws-ec2';
import { Construct } from 'constructs';
import { ExtendedStackProps } from '../constants';

export class VPCStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props: ExtendedStackProps) {
    super(scope, id, props);

    new Vpc(this, props.envConfig.BackendVpc.name, {
      ipAddresses: IpAddresses.cidr(props.envConfig.BackendVpc.cidr),
      maxAzs: props.envConfig.BackendVpc.maxAzs,
      natGateways: props.envConfig.BackendVpc.natGateways,
      subnetConfiguration: [
        {
          cidrMask: props.envConfig.BackendVpc.publicSubnetMask,
          name: 'pab-public',
          subnetType: SubnetType.PUBLIC,
        },
        {
          cidrMask: props.envConfig.BackendVpc.privateSubnetMask,
          name: 'pab-private',
          subnetType: SubnetType.PRIVATE_WITH_EGRESS,
        },
      ],
    });
  }
}

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.144.0 (build 5fb15bc)

Framework Version

No response

Node.js Version

Node.js v20.14.0

OS

Linux avril 6.5.0-41-generic #41-Ubuntu SMP PREEMPT_DYNAMIC Mon May 20 15:55:15 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Language

TypeScript

Language Version

No response

Other information

No response

pahud commented 3 days ago

I can't see some values from your provided snippet but this works perfect for me.

    new ec2.Vpc(this, 'Vpc', {
      ipAddresses: ec2.IpAddresses.cidr('10.0.0.0/16'),
      maxAzs: 3,
      natGateways: 3,
      subnetConfiguration: [
        {
          cidrMask: 19,
          name: 'pab-public',
          subnetType: SubnetType.PUBLIC,
        },
        {
          cidrMask: 19,
          name: 'pab-private',
          subnetType: SubnetType.PRIVATE_WITH_EGRESS,
        },
      ],
    });

Can you verify if my provided sample good with you?

github-actions[bot] commented 1 day ago

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.