search

pulumi / pulumi-awsx

AWS infrastructure best practices in component form!
https://www.pulumi.com/docs/guides/crosswalk/aws/
Apache License 2.0
219 stars 104 forks source link

If I only have public subnets, don't try to create a NATGateway #952

Open pierskarsenbarg opened 1 year ago

pierskarsenbarg commented 1 year ago

What happened?

Trying to create a VPC with a public subnet in one AZ

Steps to reproduce

Code: 

const vpc = new awsx.ec2.Vpc("vpc", {
    cidrBlock: "10.0.0.0/24",
    numberOfAvailabilityZones: 1,
    subnetSpecs: [{
        type: awsx.ec2.SubnetType.Public,
        name: "public-ecs-subnet",
    }],
    tags: {
        name: "pk-ecs-connect"
    },
});

Expected Behavior

If I've only got public subnets, I don't need a NATGateway

Actual Behavior

Error message:

error: Error: If NAT Gateway strategy is 'OnePerAz' or 'Single', both private and public subnets must be declared. The private subnet creates the need for a NAT Gateway, and the public subnet is required to host the NAT Gateway resource.
        at validateNatGatewayStrategy (/snapshot/awsx/bin/ec2/vpc.js:230:19)
        at Vpc.initialize (/snapshot/awsx/bin/ec2/vpc.js:52:9)
        at processTicksAndRejections (node:internal/process/task_queues:96:5)
    error: Running program '/Users/piers/github.com/pierskarsenbarg/scratchpad/ecs-service-discovery' failed with an unhandled exception:
    Error: failed to register new resource vpc [awsx:ec2:Vpc]: 2 UNKNOWN: If NAT Gateway strategy is 'OnePerAz' or 'Single', both private and public subnets must be declared. The private subnet creates the need for a NAT Gateway, and the public subnet is required to host the NAT Gateway resource.
        at Object.registerResource (/Users/piers/github.com/pierskarsenbarg/scratchpad/ecs-service-discovery/node_modules/@pulumi/runtime/resource.ts:294:27)
        at new Resource (/Users/piers/github.com/pierskarsenbarg/scratchpad/ecs-service-discovery/node_modules/@pulumi/resource.ts:402:13)
        at new ComponentResource (/Users/piers/github.com/pierskarsenbarg/scratchpad/ecs-service-discovery/node_modules/@pulumi/resource.ts:895:9)
        at new Vpc (/Users/piers/github.com/pierskarsenbarg/scratchpad/ecs-service-discovery/node_modules/@pulumi/ec2/vpc.ts:124:9)
        at Object.<anonymous> (/Users/piers/github.com/pierskarsenbarg/scratchpad/ecs-service-discovery/index.ts:5:13)
        at Module._compile (node:internal/modules/cjs/loader:1159:14)
        at Module.m._compile (/Users/piers/github.com/pierskarsenbarg/scratchpad/ecs-service-discovery/node_modules/ts-node/src/index.ts:439:23)
        at Module._extensions..js (node:internal/modules/cjs/loader:1213:10)
        at Object.require.extensions.<computed> [as .ts] (/Users/piers/github.com/pierskarsenbarg/scratchpad/ecs-service-discovery/node_modules/ts-node/src/index.ts:442:12)
        at Module.load (node:internal/modules/cjs/loader:1037:32)

    Error: If NAT Gateway strategy is 'OnePerAz' or 'Single', both private and public subnets must be declared. The private subnet creates the need for a NAT Gateway, and the public subnet is required to host the NAT Gateway resource.: Error: If NAT Gateway strategy is 'OnePerAz' or 'Single', both private and public subnets must be declared. The private subnet creates the need for a NAT Gateway, and the public subnet is required to host the NAT Gateway resource.
        at validateNatGatewayStrategy (/snapshot/awsx/bin/ec2/vpc.js:230:19)
        at Vpc.initialize (/snapshot/awsx/bin/ec2/vpc.js:52:9)
        at processTicksAndRejections (node:internal/process/task_queues:96:5)

if I add in a strategy it works:

const vpc = new awsx.ec2.Vpc("vpc", {
    cidrBlock: "10.0.0.0/24",
    numberOfAvailabilityZones: 1,
    subnetSpecs: [{
        type: awsx.ec2.SubnetType.Public,
        name: "public-ecs-subnet",
    }],
    tags: {
        name: "pk-ecs-connect"
    },
    natGateways: {
        strategy: "None"
    }
});

Output of pulumi about

CLI          
Version      3.48.0
Go Version   go1.19.2
Go Compiler  gc

Plugins
NAME    VERSION
aws     5.21.1
awsx    1.0.0
docker  3.6.1
nodejs  unknown

Host     
OS       darwin
Version  13.0.1
Arch     x86_64

Current Stack: dev

Found no resources associated with dev

Found no pending operations associated with dev

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/pierskarsenbarg
User           pierskarsenbarg
Organizations  pierskarsenbarg, karsenbarg, team-ce, demo

Pulumi locates its logs in /var/folders/69/3w1gr05s2pq36wn49bhyknym0000gn/T/ by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

lblackstone commented 1 year ago

@pierskarsenbarg To make sure I understand the request, you want the .natGateways.strategy field to default to "None" if .subnetSpecs[*].type is awsx.ec2.SubnetType.Public?

pierskarsenbarg commented 1 year ago

Yes. If you've only got public subnets, you don't have a need for a nat gateway.

blazmrak commented 1 year ago

Would it make sense to have NAT gateway default to Single only if at least one Private network is specified, otherwise it could be None, right?