feat(ec2): Vpc supports allocating CIDR from AWS IPAM

[nbaillie]

Allows Vpc to Use Aws IPAM for Ip address assignment:

import { IpAddresses } from '@aws-cdk/aws-ec2';

declare const pool: ec2.CfnIPAMPool;

new ec2.Vpc(stack, 'TheVPC', {
  ipAddresses: ec2.IpAddresses.awsIpamAllocation({
    ipv4IpamPoolId: pool.ref,
    ipv4NetmaskLength: 18,
    defaultSubnetIpv4NetmaskLength: 24
  })
});

This is useful for enterprise users that wish to adopt the benefits of centralised IP address management.

It introduces ipAddresses property to allow the new configuration.

---

Thanks to @rix0rrr for support on this.

---

closes #21333

---

#22443 - Issue adds a fix to allow the clean up of the AWS Ipam resource used in ingeg-test testing. Would be better to implement something like this later. for now disclaimer added to integ-test clean up needed on Ipam.

---

All Submissions:

• Have you followed the guidelines in our Contributing guide?

New Features

• Have you added the new feature to an integration test?
  • Did you use yarn integ to deploy the infrastructure and generate the snapshot (i.e. yarn integ without --dry-run)?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[gitpod-io]

Pull request has been modified.

[mrpackethead]

This looks sensible, however i'd urge care here that this does not cause unintended breaking changes.

I noted that Network Builder as been removed, and replaced with IPAMProvider.

There are many cases where someone is not going to use IPAM. Its confusing to use the term IPAM, when the IPAM service is not part of things doesn't make sense. Its not the job of 'IPAM' to calculate subnets.. Its the job of IPAM to assign Pools of Address space, ( and monitor them )..

NetworkBuilder was not a bad name, becuase it described what it was doing.. IPAM is not a good name.

[rix0rrr]

I have some final commits pushed to Neil's branch, but they're not appearing here. Can't approve until I see them and I know they are in the validation pipeline.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[rix0rrr]

@Mergifyio refresh

[mergify]

refresh

✅ Pull request refreshed

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mrpackethead]

Sorry a late comment, but only about docs.

Something that might cause pain , is if we try to request an ipam allocation from a pool that has rules applied to it, restricting which size networks are able to be allocated. eg, if you asked for a /20 but the rules say you can only have between /22 - /24.

A once sentance addtion could save a lot of fustration.

Pull request has been modified.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 132f18d
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[iamed2]

Thank you very much for this. We have been stuck with L1 constructs only until now; this change now makes CDK a usable and useful product for us to replace raw CloudFormation!