Open danilobuerger opened 1 month ago
@danilobuerger , thanks for reporting this. I am able to repro this with default VPC with public subnets.
I see this is mentioned in the CDK EC2 Docs and Amazon Docs as well which is a required for creating EgressOnlyInternetGateway -
An egress only internet gateway will be created for PRIVATE_WITH_EGRESS subnets, and IPv6 routes will be added for IGWs and EIGWs.
The PR that caused this change- https://github.com/aws/aws-cdk/blob/3f930279513b0f168333c6f6038b8ad81b99b7e1/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts#L1644-L1647
You can also remove the gateway using vpc.node.tryRemoveChild('EIGW6')
Describe the bug
When creating a Dual Stack VPC, an EgressOnlyInternetGateway is created even if there are no private subnets. This comes from a vaulty condition, in
vpc.ts
:https://github.com/aws/aws-cdk/blob/3f930279513b0f168333c6f6038b8ad81b99b7e1/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts#L1644-L1647
this.privateSubnets
check will also evaluate to true on empty arrays.Expected Behavior
No EgressOnlyInternetGateway is created without private subnets
Current Behavior
EgressOnlyInternetGateway is created without private subnets
Reproduction Steps
Possible Solution
Check the length:
Additional Information/Context
No response
CDK CLI Version
2.150.0 (build 3f93027)
Framework Version
No response
Node.js Version
v22.5.1
OS
MacOS
Language
TypeScript
Language Version
No response
Other information
No response