Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

vpc: when natGateways Inconsistent Route Table Configuration for Private Subnets in VPC with Multiple NAT Gateways #30643

Open
waltervargas opened this issue Jun 24, 2024 · 3 comments
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/small Small work item – less than a day of effort p3

Comments

@waltervargas
Copy link

Describe the bug

When creating a VPC with multiple NAT Gateways using the AWS CDK, the automatic route table configuration for private subnets does not consistently assign routes for internet access (0.0.0.0/0) to the corresponding NAT Gateways.

Expected Behavior

All private subnets should have a route (0.0.0.0/0) pointing to their corresponding NAT Gateway

Current Behavior

Only one of the private subnets had the correct route to the NAT Gateway. The other private subnets lacked this route, causing connectivity issues.

image

image

Reproduction Steps

Define a VPC with multiple private and public subnets.
Configure the VPC to use multiple NAT Gateways (one per AZ) with property natGateways
Deploy the stack.
Here is the relevant CDK code used to create the VPC:

import * as cdk from 'aws-cdk-lib';
import { Vpc, SubnetType, IpAddresses } from 'aws-cdk-lib/aws-ec2';
import { Construct } from 'constructs';
import { ExtendedStackProps } from '../constants';

export class VPCStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props: ExtendedStackProps) {
    super(scope, id, props);

    new Vpc(this, props.envConfig.BackendVpc.name, {
      ipAddresses: IpAddresses.cidr(props.envConfig.BackendVpc.cidr),
      maxAzs: props.envConfig.BackendVpc.maxAzs,
      natGateways: props.envConfig.BackendVpc.natGateways,
      subnetConfiguration: [
        {
          cidrMask: props.envConfig.BackendVpc.publicSubnetMask,
          name: 'pab-public',
          subnetType: SubnetType.PUBLIC,
        },
        {
          cidrMask: props.envConfig.BackendVpc.privateSubnetMask,
          name: 'pab-private',
          subnetType: SubnetType.PRIVATE_WITH_EGRESS,
        },
      ],
    });
  }
}

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.144.0 (build 5fb15bc)

Framework Version

No response

Node.js Version

Node.js v20.14.0

OS

Linux avril 6.5.0-41-generic #41-Ubuntu SMP PREEMPT_DYNAMIC Mon May 20 15:55:15 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Language

TypeScript

Language Version

No response

Other information

No response

@waltervargas waltervargas added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 24, 2024
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Jun 24, 2024
@pahud pahud self-assigned this Jun 24, 2024
@pahud
Copy link
Contributor

pahud commented Jun 24, 2024

I can't see some values from your provided snippet but this works perfect for me.

    new ec2.Vpc(this, 'Vpc', {
      ipAddresses: ec2.IpAddresses.cidr('10.0.0.0/16'),
      maxAzs: 3,
      natGateways: 3,
      subnetConfiguration: [
        {
          cidrMask: 19,
          name: 'pab-public',
          subnetType: SubnetType.PUBLIC,
        },
        {
          cidrMask: 19,
          name: 'pab-private',
          subnetType: SubnetType.PRIVATE_WITH_EGRESS,
        },
      ],
    });

Can you verify if my provided sample good with you?

@pahud pahud added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. p3 and removed needs-triage This issue or PR still needs to be triaged. labels Jun 24, 2024
@pahud pahud removed their assignment Jun 24, 2024
@pahud pahud added the effort/small Small work item – less than a day of effort label Jun 24, 2024
Copy link

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Jun 26, 2024
@waltervargas
Copy link
Author

any update on this?

@github-actions github-actions bot removed closing-soon This issue will automatically close in 4 days unless further comments are made. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. labels Jun 30, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/small Small work item – less than a day of effort p3
Projects
None yet
Development

No branches or pull requests

2 participants