search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.51k stars 3.85k forks source link

EC2/VPC: Configure order of subnet creation #31162

Open baumand-amazon opened 3 weeks ago

baumand-amazon commented 3 weeks ago

Describe the feature

Related to https://github.com/aws/aws-cdk/issues/5927 - but this is a smaller request to make the existing Vpc L2 construct more flexible and work in more situations.

The existing Vpc construct does not support adding AZs to a VPC without breaking, but it comes close. The SubnetConfiguration allows for a stable cidrMask to be specified, so that adding subnets doesn't impact the CIDRs of existing subnets. The below talks about the case when cidrMask is specified, because when it isn't adding new subnets without changing existing ones will never work.

The existing code loops on subnet cofiguration first then on AZ when creating subnets. For each configuration it adds subnets for each AZ. https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts#L1748 This means that when adding a new subnet configuration to an existing VPC, the new subnets are added at the end and therefore the update can be performed without changing all existing subnets. When adding an AZ however, subnets from the new AZ come before subnets from existing AZs and this throws off the CIDR allocations.

This could be addressed without breaking existing customers by adding a configuration parameter to the existing Vpc to specify whether to allocate subnets by configuration first or by AZ first. The default should be to allocate by configuration first so that it's backwards compatible, and users who want to keep the same configuration but add AZs will be able to change the option.

This would allow me to specify a Vpc like this and add AZs without replacing any existing subnets.

    var v = new Vpc(this, "MyVpc", {
      NEW_PARAM: byAz // the new param
      subnetConfiguration: [
        {
          cidrMask: 22,
          subnetType: SubnetType.PUBLIC,
          name: "Public"
        },
        {
          cidrMask: 22,
          subnetType: SubnetType.PRIVATE_WITH_EGRESS,
          name: "Private"
        },
      ],
        availabilityZones: this.availabilityZones.slice(0, N) // here N can be increased to add AZs
    })

Use Case

I have an existing VPC and I want to add AZs. I can't do this today because it will require replacement of all subnets, and this will fail even if it could be tolerated because the new subnets will have CIDRs that clash with existing ones.

Proposed Solution

Described above.

Other Information

No response

Acknowledgements

CDK version used

2.x

Environment details (OS name and version, etc.)

any

pahud commented 3 weeks ago

Thank you. As this would be part of https://github.com/aws/aws-cdk/issues/5927. Can you add your use cases and suggestions in the comment of https://github.com/aws/aws-cdk/issues/5927 for better visibility?

baumand-amazon commented 3 weeks ago

Sure, done! As #5927 seems like an issue with a larger scope and a lot more changes, I created this as a separate issue because it seems like something that could plausibly be implemented for the existing Vpc in a backwards compatible way and without needing as much work.