MWAA - Check Service Vpc Endpoints showing wrong results

[cbroggi]

Function _check_service_vpcendpoints returns wrong information, mentioning that not all vpc endpoints are associated with the corresponding subnets used in the environment creation of mwaa.

Context:

• I created VPC endpoints of the following services: s3, ecr, kms, sqs, monitoring, airflow.api, airflow.env, airflow.ops
• These VPC endpoints are associated to the same VPC and subnets as the mwaa environment
• Moreover, this endpoints are supported to a 3rd subnet that is not associated with the mwaa environment (as 2 subnets only are right now supported)

Promt

What is expected:

Possible bug:

I think this line can be the problem: https://github.com/awslabs/aws-support-tools/blob/a143ec93ab2a68b230bc9781c19f7b681c7cd46f/MWAA/verify_env/verify_env.py#L658

it's checking whether all the subnets associated with the endpoints are present in the subnets of the MWAA environment, but it should be the other way around.

[abigan09]

Hi, thanks for reaching out and pointing out this issue. I'm looking into this issue. I will get back here once I have more information.