fix nits

aws · Oct 16, 2024 · 00eebb9 · 00eebb9
1 parent e1b038c
commit 00eebb9
Show file tree

Hide file tree

Showing 61 changed files with 1,075 additions and 845 deletions.
diff --git a/packages/@aws-cdk/aws-ec2-alpha/README.md b/packages/@aws-cdk/aws-ec2-alpha/README.md
@@ -366,3 +366,104 @@ myVpc.addInternetGateway({
   ipv4Destination: '192.168.0.0/16',
 });
 ```
+
+## Importing an existing VPC
+
+You can import an existing VPC and its subnets using the `VpcV2.fromVpcV2Attributes()` method or an individual subnet using `SubnetV2.fromSubnetV2Attributes()` method.
+
+### Importing a VPC
+
+To import an existing VPC, use the `VpcV2.fromVpcV2Attributes()` method. You'll need to provide the VPC ID, primary CIDR block, and information about the subnets. You can import secondary address as well created through IPAM, BYOIP(IPv4) or enabled through Amazon Provided IPv6. You must provide VPC Id and its primary CIDR block for importing it.
+
+If you wish to add a new subnet to imported VPC, new subnet's IP range(IPv4) will be validated against provided secondary and primary address block to confirm that it is within the the range of VPC.
+
+Here's an example of how to import a VPC with multiple CIDR blocks, IPv6 support, and different subnet types:
+
+In this example, we're importing a VPC with:
+
+ - A primary CIDR block (10.1.0.0/16)
+ - One secondary IPv4 CIDR block (10.2.0.0/16)
+ - Two secondary address using IPAM pool (IPv4 and IPv6)
+ - VPC has Amazon-provided IPv6 CIDR enabled
+ - An isolated subnet in us-west-2a
+ - A public subnet in us-west-2b
+
+```ts
+
+const stack = new Stack();
+
+const importedVpc = VpcV2.fromVpcV2Attributes(this, 'ImportedVPC', {
+  vpcId: 'vpc-XXX',
+  vpcCidrBlock: '10.1.0.0/16',
+  secondaryCidrBlocks: [
+    {
+      cidrBlock: '10.2.0.0/16',
+      cidrBlockName: 'ImportedBlock1',
+    },
+    {
+      ipv6IpamPoolId: 'ipam-pool-XXX',
+      ipv6NetmaskLength: 52,
+      cidrBlockName: 'ImportedIpamIpv6',
+    },
+    {
+      ipv4IpamPoolId: 'ipam-pool-XXX',
+      ipv4IpamProvisionedCidrs: ['10.2.0.0/16'],
+      cidrBlockName: 'ImportedIpamIpv4',
+    },
+    {
+      amazonProvidedIpv6CidrBlock: true,
+    }
+  ],
+  isolatedSubnets: [{
+    subnetName: 'IsolatedSubnet2',
+    subnetId: 'subnet-03cd773c0fe08ed26',
+    subnetType: SubnetType.PRIVATE_ISOLATED,
+    availabilityZone: 'us-west-2a',
+    ipv4CidrBlock: '10.2.0.0/24',
+    routeTableId: 'rtb-0871c310f98da2cbb',
+  }],
+  publicSubnets: [{
+    subnetId: 'subnet-0fa477e01db27d820',
+    subnetType: SubnetType.PUBLIC,
+    availabilityZone: 'us-west-2b',
+    ipv4CidrBlock: '10.3.0.0/24',
+    routeTableId: 'rtb-014f3043098fe4b96',
+  }],
+});
+
+// You can now use the imported VPC in your stack
+
+// Adding a new subnet to the imported VPC
+const importedSubnet = new SubnetV2(this, 'NewSubnet', {
+  availabilityZone: 'us-west-2a',
+  ipv4CidrBlock: new IpCidr('10.2.2.0/24'),
+  vpc: importedVpc,
+  subnetType: SubnetType.PUBLIC,
+});
+
+// Adding gateways to the imported VPC
+importedVpc.addInternetGateway();
+importedVpc.addNatGateway({ subnet: importedSubnet });
+importedVpc.addEgressOnlyInternetGateway();
+```
+
+You can add more subnets as needed by including additional entries in the `isolatedSubnets`, `publicSubnets`, or other subnet type arrays (e.g., `privateSubnets`).
+
+### Importing Subnets
+
+You can also import individual subnets using the `SubnetV2.fromSubnetV2Attributes()` method. This is useful when you need to work with specific subnets independently of a VPC.
+
+Here's an example of how to import a subnet:
+
+```ts
+
+SubnetV2.fromSubnetV2Attributes(this, 'ImportedSubnet', {
+  subnetId: 'subnet-0123456789abcdef0',
+  availabilityZone: 'us-west-2a',
+  ipv4CidrBlock: '10.2.0.0/24',
+  routeTableId: 'rtb-0871c310f98da2cbb',
+  subnetType: SubnetType.PRIVATE_ISOLATED,
+});
+```
+
+By importing existing VPCs and subnets, you can easily integrate your existing AWS infrastructure with new resources created through CDK. This is particularly useful when you need to work with pre-existing network configurations or when you're migrating existing infrastructure to CDK.
diff --git a/packages/@aws-cdk/aws-ec2-alpha/awslint.json b/packages/@aws-cdk/aws-ec2-alpha/awslint.json
@@ -1,8 +1,6 @@
 {
     "exclude": [
-      "from-method:@aws-cdk/aws-ec2-alpha.VpcV2",
       "attribute-tag:@aws-cdk/aws-ec2-alpha.RouteTable.routeTableId",
-      "from-method:@aws-cdk/aws-ec2-alpha.SubnetV2",
       "from-method:@aws-cdk/aws-ec2-alpha.Route"
     ]
 }
diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts
@@ -92,7 +92,7 @@ export enum IpamScopeType {
  *
  * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html
  */
-export interface PoolOptions{
+export interface PoolOptions {
 
   /**
    * addressFamily - The address family of the pool (ipv4 or ipv6).
@@ -180,7 +180,7 @@ export interface IpamPoolCidrProvisioningOptions {
 /**
  * Definition used to add or create a new IPAM pool
  */
-export interface IIpamPool{
+export interface IIpamPool {
   /**
  * Pool ID to be passed to the VPC construct
  * @attribute IpamPoolId
@@ -193,7 +193,8 @@ export interface IIpamPool{
   readonly ipamCidrs: CfnIPAMPoolCidr[];
 
   /**
-   * Pool CIDR for IPv4 to be provisioned
+   * Pool CIDR for IPv4 to be provisioned using IPAM
+   * Required to check for subnet IP range is within the VPC range
    */
   readonly ipamIpv4Cidrs?: string[];
 
@@ -321,7 +322,8 @@ class IpamPool extends Resource implements IIpamPool {
   public readonly ipamCidrs: CfnIPAMPoolCidr[] = []
 
   /**
-   * Pool CIDR for IPv4 to be provisioned
+   * Pool CIDR for IPv4 to be provisioned using IPAM
+   * Required to check for subnet IP range is within the VPC range
    */
   public readonly ipamIpv4Cidrs: string[] = []
 
@@ -350,6 +352,8 @@ class IpamPool extends Resource implements IIpamPool {
       awsService: props.awsService,
     });
     this.ipamPoolId = this._ipamPool.attrIpamPoolId;
+
+    // Populating to check for subnet range against all IPv4 ranges assigned to VPC including IPAM
     props.ipv4ProvisionedCidrs?.map(cidr => (this.ipamIpv4Cidrs.push(cidr)));
     this.node.defaultChild = this._ipamPool;
   }

diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts
@@ -123,7 +123,7 @@ export class SubnetV2 extends Resource implements ISubnetV2 {
   /**
    * Import an existing subnet to the VPC
    */
-  public static fromSubnetV2attributes(scope: Construct, id: string, attrs: SubnetV2Attributes) : ISubnetV2 {
+  public static fromSubnetV2Attributes(scope: Construct, id: string, attrs: SubnetV2Attributes) : ISubnetV2 {
     return new ImportedSubnetV2(scope, id, attrs);
   }
 
@@ -288,47 +288,48 @@ export class SubnetV2 extends Resource implements ISubnetV2 {
  */
 export interface SubnetV2Attributes {
   /**
-   * The Availability Zone the subnet is located in
+   * The Availability Zone this subnet is located in
    *
    * @default - No AZ information, cannot use AZ selection features
    */
   readonly availabilityZone: string;
 
   /**
-     * The IPv4 CIDR block associated with the subnet
-     *
-     * @default - No CIDR information, cannot use CIDR filter features
-     */
+   * The IPv4 CIDR block associated with the subnet
+   *
+   * @default - No CIDR information, cannot use CIDR filter features
+   */
   readonly ipv4CidrBlock: string;
 
   /**
-     * The IPv4 CIDR block associated with the subnet
-     *
-     * @default - No CIDR information, cannot use CIDR filter features
-     */
+   * The IPv4 CIDR block associated with the subnet
+   *
+   * @default - No CIDR information, cannot use CIDR filter features
+   */
   readonly ipv6CidrBlock?: string;
 
   /**
-     * The ID of the route table for this particular subnet
-     *
-     * @default - No route table information, cannot create VPC endpoints
-     */
+   * The ID of the route table for this particular subnet
+   *
+   * @default - No route table information, cannot create VPC endpoints
+   */
   readonly routeTableId?: string;
 
   /**
-     * The subnetId for this particular subnet
-     */
+   * The subnetId for this particular subnet
+   */
   readonly subnetId: string;
 
   /**
-     * The type of subnet (public or private) that this subnet represents.
-    */
+   * The type of subnet (public or private) that this subnet represents.
+   */
   readonly subnetType: SubnetType;
 
   /**
-     * The type of subnet (public or private) that this subnet represents.
-     * @default - no subnet name
-    */
+   * Name of the given subnet
+   *
+   * @default - no subnet name
+   */
   readonly subnetName?: string;
 
 }
@@ -339,28 +340,29 @@ export interface SubnetV2Attributes {
 export interface ImportedSubnetV2Props extends SubnetV2Attributes {}
 
 /**
- * Class to define an import for existing subnet
+ * Class to define an import for an existing subnet
  * @resource AWS::EC2::Subnet
  */
 export class ImportedSubnetV2 extends Resource implements ISubnetV2 {
 
   /**
-   * The IPv6 CIDR Block for this subnet
+   * The IPv6 CIDR Block assigned to this subnet
    */
   public readonly ipv6CidrBlock?: string;
 
   /**
-   * The type of subnet (public or private) that this subnet represents.
+   * The type of subnet (eg. public or private) that this subnet represents.
    */
   public readonly subnetType?: SubnetType;
 
   /**
-   * The Availability Zone the subnet is located in
+   * The Availability Zone in which subnet is located
    */
   public readonly availabilityZone: string;
 
   /**
   * The subnetId for this particular subnet
+  * Refers to the physical ID created
   */
   public readonly subnetId: string;
 
@@ -370,12 +372,12 @@ export class ImportedSubnetV2 extends Resource implements ISubnetV2 {
   public readonly internetConnectivityEstablished: IDependable = new DependencyGroup();
 
   /**
-   * The IPv4 CIDR block for this subnet
+   * The IPv4 CIDR block assigned to this subnet
    */
   public readonly ipv4CidrBlock: string;
 
   /**
-  * The route table for this subnet
+  *  Current route table associated with this subnet
   */
   public readonly routeTable: IRouteTable;
 
@@ -392,7 +394,6 @@ export class ImportedSubnetV2 extends Resource implements ISubnetV2 {
     this.ipv6CidrBlock = props.ipv6CidrBlock;
     this.subnetId = props.subnetId;
     this.routeTable = {
-      //if not given should we fallback
       routeTableId: props.routeTableId!,
     };
   }
@@ -456,7 +457,6 @@ function storeSubnetToVpcByType(vpc: IVpcV2, subnet: SubnetV2, type: SubnetType)
  * @internal
  */
 function validateSupportIpv6(vpc: IVpcV2) {
-
   if (vpc.secondaryCidrBlock) {
     if (vpc.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true ||
   secondaryAddress.ipv6IpamPoolId != undefined)) {
@@ -475,36 +475,12 @@ function validateSupportIpv6(vpc: IVpcV2) {
  * @returns True if the CIDR range falls within the VPC's IP address ranges, false otherwise.
  * @internal
  */
-// function checkCidrRanges(vpc: IVpcV2, cidrRange: string) {
-
-//   const vpcCidrBlock = [vpc.ipv4CidrBlock];
-
-//   if (vpc.secondaryCidrBlock) {
-//     for (const ipAddress of vpc.secondaryCidrBlock) {
-//       if (ipAddress.cidrBlock) {
-//         vpcCidrBlock.push(ipAddress.cidrBlock);
-//       }
-//     }
-//     const cidrs = vpcCidrBlock.map(cidr => new CidrBlock(cidr));
-
-//     const subnetCidrBlock = new CidrBlock(cidrRange);
-
-//     return cidrs.some(c => c.containsCidr(subnetCidrBlock));
-//   }
-//   if (vpc.ipv4ProvisionedCidrs) {
-
-//     const cidrs = vpc.ipv4ProvisionedCidrs.map(cidr => new CidrBlock(cidr));
-
-//     const subnetCidrBlock = new CidrBlock(cidrRange);
-
-//     return cidrs.some(c => c.containsCidr(subnetCidrBlock));
-//   } else {throw error('No secondary IP address attached to VPC');}
-// }
 function checkCidrRanges(vpc: IVpcV2, cidrRange: string) {
-
   const vpcCidrBlock = [vpc.ipv4CidrBlock];
+  const subnetCidrBlock = new CidrBlock(cidrRange);
   const allCidrs: CidrBlock[] = [];
 
+  // Secondary IP addresses assoicated using user defined IPv4 range
   if (vpc.secondaryCidrBlock) {
     for (const ipAddress of vpc.secondaryCidrBlock) {
       if (ipAddress.cidrBlock) {
@@ -515,17 +491,17 @@ function checkCidrRanges(vpc: IVpcV2, cidrRange: string) {
     allCidrs.push(...cidrs);
   }
 
-  if (vpc.ipv4ProvisionedCidrs) {
-
-    const cidrs = vpc.ipv4ProvisionedCidrs.map(cidr => new CidrBlock(cidr));
+  // Secondary IP addresses assoicated using IPAM IPv4 range
+  if (vpc.ipv4IpamProvisionedCidrs) {
+    const cidrs = vpc.ipv4IpamProvisionedCidrs.map(cidr => new CidrBlock(cidr));
     allCidrs.push(...cidrs);
   }
+
+  // If no IPv4 is assigned as secondary address
   if (allCidrs.length === 0) {
     throw new Error('No secondary IP address attached to VPC');
   }
 
-  const subnetCidrBlock = new CidrBlock(cidrRange);
-
   return allCidrs.some(c => c.containsCidr(subnetCidrBlock));
 }
 

diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts
@@ -102,7 +102,7 @@ export interface IVpcV2 extends IVpc {
    * Required to check for overlapping CIDRs after provisioning
    * is complete under IPAM pool
    */
-  readonly ipv4ProvisionedCidrs?: string[];
+  readonly ipv4IpamProvisionedCidrs?: string[];
 
   /**
    * Add an Egress only Internet Gateway to current VPC.
@@ -353,7 +353,6 @@ export abstract class VpcV2Base extends Resource implements IVpcV2 {
     });
 
     let useIpv6;
-
     if (this.secondaryCidrBlock) {
       useIpv6 = (this.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true ||
     secondaryAddress.ipv6IpamPoolId != undefined));