Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-ec2: Cannot create VPC Endpoint using existing VPC & Subnets if cdk.context.json is missing VPC information #17600

Closed
sdobberstein opened this issue Nov 19, 2021 · 4 comments · Fixed by #18554
Closed

aws-ec2: Cannot create VPC Endpoint using existing VPC & Subnets if cdk.context.json is missing VPC information #17600

sdobberstein opened this issue Nov 19, 2021 · 4 comments · Fixed by #18554
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/small Small work item – less than a day of effort p2

Comments

@sdobberstein
Copy link

sdobberstein commented Nov 19, 2021
edited

What is the problem?

If you have a stack where you need to look up an existing VPC (using VPC.fromLookup) and add a VPC Interface Endpoint to it using a subnet selection, it will fail if the cdk.context.json file does not exist or does not contain information about that VPC already.

Reproduction Steps

Assumptions:

  • Referencing VPC & Subnets that already exist

Steps to Reproduce:

  1. Populate Account, Subnet Ids, and VPC Id

  2. Ensure cdk.context.json either doesn't exist, or at least does not contain information matching your VPC

  3. Run cdk ls

  4. Verify error occurs

     Cannot create a VPC Endpoint with no subnets
 Subprocess exited with error 1

Workaround:

  1. Comment out VPC Interface Endpoint code
  2. Run cdk ls which should create/update the cdk.context.json
  3. Uncomment out VPC Interface Endpoint code
  4. Run cdk ls and it should work

Code:

#!/usr/bin/env node
import 'source-map-support/register';
import * as cdk from '@aws-cdk/core';
import {Construct, Stack, StackProps} from "@aws-cdk/core";
import {InterfaceVpcEndpointAwsService, SubnetFilter, Vpc} from "@aws-cdk/aws-ec2";

const app = new cdk.App();

interface MyStackProps extends StackProps {
  readonly subnetIds: string[];
  readonly vpcId: string;
}

class MyStack extends Stack {
  constructor(scope: Construct, id: string, props: MyStackProps) {
    super(scope, id, props);

    const vpc = Vpc.fromLookup(this, 'Vpc', {
      vpcId: props.vpcId,
    });

    const secretsManagerEndpoint = vpc.addInterfaceEndpoint('SecretsManagerEndpoint', {
      service: InterfaceVpcEndpointAwsService.SECRETS_MANAGER,
      subnets: {
        subnetFilters: [SubnetFilter.byIds(props.subnetIds)],
      },
    });
    secretsManagerEndpoint.connections.allowDefaultPortFromAnyIpv4();
  }
}

new MyStack(app, 'MyStack', {
  env: {
    account: 'xxx',
    region: 'us-east-1',
  },
  subnetIds: [
    'xxx',
    'xxx'
  ],
  vpcId: 'xxx'
});

What did you expect to happen?

I should be able to run CDK commands without an error occurring and without having to comment out portions of my stack in order to generate/update the cdk.context.json file.

What actually happened?

All CDK commands fail with an error and the cdk.context.json file is not generated/updated.

CDK CLI Version

1.132.0

Framework Version

No response

Node.js Version

v14.17.5

OS

macOS 11.5.1

Language

Typescript

Language Version

TypeScript (3.9.10)

Other information

The error that you will see after running any CDK command is:

Cannot create a VPC Endpoint with no subnets
Subprocess exited with error 1

Reference implementation: https://github.com/sdobberstein/cdk-vpc-issue
@sdobberstein sdobberstein added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 19, 2021
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Nov 19, 2021
@NGL321 NGL321 added the p2 label Nov 22, 2021
@njlynch njlynch added effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Dec 8, 2021
@njlynch njlynch removed their assignment Dec 8, 2021
rix0rrr added a commit that referenced this issue Jan 20, 2022
@rix0rrr
fix(ec2): interface endpoints do not work with Vpc.fromLookup()
35e6dee 
The validation was too eager, causing a validation error before
the actual lookup happened.

Add a property to `SelectedSubnets` to make it clear in consuming
code that validation shouldn't happen yet.

Fixes #17600.
@rix0rrr rix0rrr mentioned this issue Jan 20, 2022
Merged
@mergify mergify bot closed this as completed in #18554 Jan 20, 2022
mergify bot pushed a commit that referenced this issue Jan 20, 2022
@rix0rrr
fix(ec2): interface endpoints do not work with Vpc.fromLookup() (#1…
f55cd2b 
…8554)

The validation was too eager, causing a validation error before
the actual lookup happened.

Add a property to `SelectedSubnets` to make it clear in consuming
code that validation shouldn't happen yet.

Fixes #17600.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this issue Feb 21, 2022
@rix0rrr @TikiTDO
fix(ec2): interface endpoints do not work with Vpc.fromLookup() (aw…
0877b60 
…s#18554)

The validation was too eager, causing a validation error before
the actual lookup happened.

Add a property to `SelectedSubnets` to make it clear in consuming
code that validation shouldn't happen yet.

Fixes aws#17600.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@mcivino
Copy link

mcivino commented Jan 27, 2023

Hello, this issue is still happening.

Any update on the fix?

@jonyzp
Copy link

jonyzp commented Jul 3, 2023

image
Same error

@gshpychka
Copy link
Contributor

image Same error

That is not the same error

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/small Small work item – less than a day of effort p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(ec2): interface endpoints do not work with Vpc.fromLookup() aws/aws-cdk
6 participants
@sdobberstein @njlynch @mcivino @NGL321 @jonyzp @gshpychka