How to import existing VPC

[nikhilbhoj]

Hi,

Can any one guide, how to import existing VPC like we can do in terraform using data using ec2.VpcNetwork() construct ?

const vpc = new ec2.VpcNetwork(this, 'VPC');

Thanks, Nikhil

[eladb]

You can use the VPCNetwork.import static method to obtain a VpcNetworkRef. In most cases, this should be the target type when specifying a VPC across the AWS Construct Library (let us know if you run into a case where it's not).

Bear in mind that VPC has a pretty large surface area, so you will need to specify quite a lot of information in order to import an existing VPC.

const externalVpc = VpcNetwork.import(this, 'ExternalVpc', {
  vpcId: 'vpc-bd5656d4',
  availabilityZones: [ 'us-east1a', 'us-east-1b' ],
  publicSubnetIds: [ 'subnet-1111aaaa', 'subnet-2222bbbb' ],
  privateSubnetIds: [ 'subnet-8368fbce', 'subnet-8368abcc' ],
});

And now:

new ec2.AutoScalingGroup(stack, 'ASG', {
    vpc: externalVpc,
    // ...
});

I wonder if it might make sense to provide an environmental context provider that will allow you to read VPC information from the associated account and import it. It shouldn't be hard to implement, so you could just specify the VPC ID and it will save all the other details from cdk.json. @RomainMuller @rix0rrr what do you think?

[pchaganti]

👍

[nikhilbhoj]

Thanks @eladb , I will try and update on this.

[debora-ito]

Hi @nikhilbhoj are you still having issues?

[nikhilbhoj]

@debora-ito , I haven't done it yet. I will do it in the coming weekend and update my finding.

[pierreozoux]

Coming from this StackOverflow Indeed, it would be a nice to have to have a helper to import just with a vpcId. Is there a feature request for that already?

[eladb]

@pierreozoux it's usually not very useful to just have a VPCID because in most cases you would need to specify a subnet in order to actually use the VPC.

[pda]

Sometimes it would be incredibly pragmatic to have a VpcNetworkRef with just an id, e.g.

new route53.PrivateHostedZone(this, 'HostedZone', {
  zoneName: 'foo.example.com',
  vpc: something('vpc-12345678'),
});

There's no reason for this stack/app to know or look up more details about that existing VPC.

Currently I implement the something() as:

private vpcRef(vpcId : string) : ec2.VpcNetworkRef {
  return ec2.VpcNetworkRef.import(this, 'unused', {vpcId, availabilityZones: ['unused']})
}

[pierreozoux]

@pda it was exactly my use case, thanks for sharing :)

[kevinslin]

does the introduction of ec2.Vpc.fromLookup(opts: VpcLookupOptions): IVpc address all the issues in this thread? this is available in the 0.33 release and has been one of my favorite changes in the cdk :)

/**
 * Properties for looking up an existing VPC.
 *
 * The combination of properties must specify filter down to exactly one
 * non-default VPC, otherwise an error is raised.
 */
export interface VpcLookupOptions {
  /**
   * The ID of the VPC
   *
   * If given, will import exactly this VPC.
   *
   * @default Don't filter on vpcId
   */
  readonly vpcId?: string;

  /**
   * The name of the VPC
   *
   * If given, will import the VPC with this name.
   *
   * @default Don't filter on vpcName
   */
  readonly vpcName?: string;

  /**
   * Tags on the VPC
   *
   * The VPC must have all of these tags
   *
   * @default Don't filter on tags
   */
  readonly tags?: {[key: string]: string};

  /**
   * Whether to match the default VPC
   *
   * @default Don't care whether we return the default VPC
   */
  readonly isDefault?: boolean;
}

[eladb]

ec2.Vpc.fromLookup is the recommended approach to use an existing VPC within CDK apps. I am closing this issue for now. Please reopen if there are use cases that are still not covered.

[pagameba]

If you are getting errors as of 0.36 this only works if you add { env: { region: "your-region", account: "your-account-id"} } to your stack creation call (bin/stack.ts).

[eladb]

Please also note that you can use the CDK_DEFAULT_ACCOUNT and CDK_DEFAULT_REGION environment variables when you define env to bind the stack to the CLI's configuration.

[david-a]

Hi, I'm using ec2.Vpc.fromLookup and started getting this warning recently:

[Warning at /xxxx/Vpc] No routeTableId was provided to the subnet 'subnet-xxxx'. Attempting to read it's .routeTable.routeTableId will return null/undefined. (More info: https://github.com/aws/aws-cdk/pull/3171)

Have you changed anything related to it in the last version of CDK? PS: I also got the same warning when I used ec2.Subnet.from_subnet_attributes, but in this case the warning was gone when I specified route_table_id as an argument). But ec2.Vpc.fromLookup doesn't have this argument..

[Rauttis]

@david-a I had the same issue. In my case removing cdk.context.json and letting cdk re-generate it fixed the issue.

[markingram]

I'm attempting to import a created VPC using the approach recommended above but it only works if I supply the vpcId. I'd rather use something less volatile like a name.

        const vpc = ec2.Vpc.fromLookup(this, "vpc", {
            // vpcId: "vpc-0e3e027882ce530fa",   // <--- this by itself works
            // tags: {"Name": "base-infrastructure-vpc"},
            vpcName: "base-infrastructure-vpc/vpc",
        });

In the above snippet having vpcId by itself works whereas having either of the other two by themselves doesn't work. What am I doing wrong?

[nikhilbhoj]

I have created one blog post on this for CDK in custom VPC for me it works. Here is the link for that https://nikhilbhojcloud.blogspot.com/2019/08/cdk-fargate-load-balanced-service-using.html by referring VPC as "MyVPC"

[markingram]

hmm... actually my code works if I don't depend on @aws-cdk/aws-elasticache...

[ashwgupt]

Is there a way that we can query and find the CIDR range for an existing VPC? We are using VpcLookupOptions to get the reference but we are still not able to find the CIDR range set for the VPC, which is needed for one of our Security Group definition. Any advice will be highly appreciated.

[ashwgupt]

@eladb any suggestions on this the above question of any possible way of finding default cidr range of an existing vpc?

[jaymay19]

Running into a similar issue as @ashwgupt . I can import an existing VPC no problem but when I try to access the vpcCidrBlock property (needed to set up some other resources):

this.vpc.vpcCidrBlock // undefined.

Any reason this isn't populated when importing the VPC?

[andreifinski]

Any luck with bypassing this, anyone? running into the same issue with undefined CIDR: Cannot perform this operation: 'vpcCidrBlock' was not supplied when creating this VPC

[lulu-jplute]

@eladb, what's the point of importing a VPC if you have to specify all the other attributes (e.g., subnets, AZs, etc.) and not just the VPC ID? I'd imagine the CDK would get this information on behalf of the developer.

[pchaganti]

Seems like specifying a VPC id should be all the CDK should need. It can glean all relevant/connected resources from that. Importing each piece separately is time consuming and makes for a horrible user experience.