fix nits

aws · Oct 16, 2024 · f8a1645 · f8a1645
1 parent 9d93831
commit f8a1645
Show file tree

Hide file tree

Showing 7 changed files with 183 additions and 181 deletions.
diff --git a/packages/@aws-cdk/aws-ec2-alpha/README.md b/packages/@aws-cdk/aws-ec2-alpha/README.md
@@ -369,19 +369,20 @@ myVpc.addInternetGateway({
 
 ## Importing an existing VPC
 
-You can import an existing VPC and its subnets using the `VpcV2.fromVpcV2Attributes()` and `SubnetV2.fromSubnetV2Attributes()` methods. This is useful when you want to use existing resources in your CDK stack.
+You can import an existing VPC and its subnets using the `VpcV2.fromVpcV2Attributes()` and `SubnetV2.fromSubnetV2Attributes()` methods.
 
 ### Importing a VPC
 
-To import an existing VPC, use the `VpcV2.fromVpcV2Attributes()` method. You'll need to provide the VPC ID, CIDR block, and information about the subnets. This method allows you to integrate existing AWS resources into your CDK stack.
+To import an existing VPC, use the `VpcV2.fromVpcV2Attributes()` method. You'll need to provide the VPC ID, primary CIDR block, and information about the subnets. You can import secondary address as well created through IPAM, BYOIP(IPv4) or enabled through Amazon Provided IPv6. 
 
-Here's a comprehensive example of how to import a VPC with multiple CIDR blocks, IPv6 support, and different subnet types:
+Here's an example of how to import a VPC with multiple CIDR blocks, IPv6 support, and different subnet types:
 
 In this example, we're importing a VPC with:
 
  - A primary CIDR block (10.1.0.0/16)
- - Two secondary IPv4 CIDR blocks (10.2.0.0/16 and 10.3.0.0/16)
- - An Amazon-provided IPv6 CIDR block
+ - One secondary IPv4 CIDR blocks (10.2.0.0/16)
+ - Two secondary address using IPAM pool (IPv4 and IPv6)
+ - VPC has Amazon-provided IPv6 CIDR enabled
  - An isolated subnet in us-west-2a
  - A public subnet in us-west-2b
 
@@ -390,16 +391,22 @@ In this example, we're importing a VPC with:
 const stack = new Stack();
 
 const importedVpc = VpcV2.fromVpcV2Attributes(this, 'ImportedVPC', {
-  vpcId: 'vpc-08193db3ccc4f909f',
+  vpcId: 'vpc-XXX',
   vpcCidrBlock: '10.1.0.0/16',
   secondaryCidrBlocks: [
     {
       cidrBlock: '10.2.0.0/16',
       cidrBlockName: 'ImportedBlock1',
     },
     {
-      cidrBlock: '10.3.0.0/16',
-      cidrBlockName: 'ImportedBlock2',
+      ipv6IpamPoolId: 'ipam-pool-XXX',
+      ipv6NetmaskLength: 52,
+      cidrBlockName: 'ImportedIpamIpv6',
+    },
+    {
+      ipv4IpamPoolId: 'ipam-pool-XXX',
+      ipv4IpamProvisionedCidrs: ['10.2.0.0/16'],
+      cidrBlockName: 'ImportedIpamIpv4',
     },
     {
       amazonProvidedIpv6CidrBlock: true,

diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts
@@ -92,7 +92,7 @@ export enum IpamScopeType {
  *
  * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html
  */
-export interface PoolOptions{
+export interface PoolOptions {
 
   /**
    * addressFamily - The address family of the pool (ipv4 or ipv6).
@@ -180,7 +180,7 @@ export interface IpamPoolCidrProvisioningOptions {
 /**
  * Definition used to add or create a new IPAM pool
  */
-export interface IIpamPool{
+export interface IIpamPool {
   /**
  * Pool ID to be passed to the VPC construct
  * @attribute IpamPoolId
@@ -193,7 +193,8 @@ export interface IIpamPool{
   readonly ipamCidrs: CfnIPAMPoolCidr[];
 
   /**
-   * Pool CIDR for IPv4 to be provisioned
+   * Pool CIDR for IPv4 to be provisioned using IPAM
+   * Required to check for subnet IP range is within the VPC range
    */
   readonly ipamIpv4Cidrs?: string[];
 
@@ -321,7 +322,8 @@ class IpamPool extends Resource implements IIpamPool {
   public readonly ipamCidrs: CfnIPAMPoolCidr[] = []
 
   /**
-   * Pool CIDR for IPv4 to be provisioned
+   * Pool CIDR for IPv4 to be provisioned using IPAM
+   * Required to check for subnet IP range is within the VPC range
    */
   public readonly ipamIpv4Cidrs: string[] = []
 
@@ -350,6 +352,8 @@ class IpamPool extends Resource implements IIpamPool {
       awsService: props.awsService,
     });
     this.ipamPoolId = this._ipamPool.attrIpamPoolId;
+
+    // Populating to check for subnet range against all IPv4 ranges assigned to VPC including IPAM
     props.ipv4ProvisionedCidrs?.map(cidr => (this.ipamIpv4Cidrs.push(cidr)));
     this.node.defaultChild = this._ipamPool;
   }

diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts
@@ -288,47 +288,48 @@ export class SubnetV2 extends Resource implements ISubnetV2 {
  */
 export interface SubnetV2Attributes {
   /**
-   * The Availability Zone the subnet is located in
+   * The Availability Zone this subnet is located in
    *
    * @default - No AZ information, cannot use AZ selection features
    */
   readonly availabilityZone: string;
 
   /**
-     * The IPv4 CIDR block associated with the subnet
-     *
-     * @default - No CIDR information, cannot use CIDR filter features
-     */
+   * The IPv4 CIDR block associated with the subnet
+   *
+   * @default - No CIDR information, cannot use CIDR filter features
+   */
   readonly ipv4CidrBlock: string;
 
   /**
-     * The IPv4 CIDR block associated with the subnet
-     *
-     * @default - No CIDR information, cannot use CIDR filter features
-     */
+   * The IPv4 CIDR block associated with the subnet
+   *
+   * @default - No CIDR information, cannot use CIDR filter features
+   */
   readonly ipv6CidrBlock?: string;
 
   /**
-     * The ID of the route table for this particular subnet
-     *
-     * @default - No route table information, cannot create VPC endpoints
-     */
+   * The ID of the route table for this particular subnet
+   *
+   * @default - No route table information, cannot create VPC endpoints
+   */
   readonly routeTableId?: string;
 
   /**
-     * The subnetId for this particular subnet
-     */
+   * The subnetId for this particular subnet
+   */
   readonly subnetId: string;
 
   /**
-     * The type of subnet (public or private) that this subnet represents.
-    */
+   * The type of subnet (public or private) that this subnet represents.
+   */
   readonly subnetType: SubnetType;
 
   /**
-     * The type of subnet (public or private) that this subnet represents.
-     * @default - no subnet name
-    */
+   * Name of the given subnet
+   *
+   * @default - no subnet name
+   */
   readonly subnetName?: string;
 
 }
@@ -339,28 +340,29 @@ export interface SubnetV2Attributes {
 export interface ImportedSubnetV2Props extends SubnetV2Attributes {}
 
 /**
- * Class to define an import for existing subnet
+ * Class to define an import for an existing subnet
  * @resource AWS::EC2::Subnet
  */
 export class ImportedSubnetV2 extends Resource implements ISubnetV2 {
 
   /**
-   * The IPv6 CIDR Block for this subnet
+   * The IPv6 CIDR Block assigned to this subnet
    */
   public readonly ipv6CidrBlock?: string;
 
   /**
-   * The type of subnet (public or private) that this subnet represents.
+   * The type of subnet (eg. public or private) that this subnet represents.
    */
   public readonly subnetType?: SubnetType;
 
   /**
-   * The Availability Zone the subnet is located in
+   * The Availability Zone in which subnet is located
    */
   public readonly availabilityZone: string;
 
   /**
   * The subnetId for this particular subnet
+  * Refers to the physical ID created
   */
   public readonly subnetId: string;
 
@@ -370,12 +372,12 @@ export class ImportedSubnetV2 extends Resource implements ISubnetV2 {
   public readonly internetConnectivityEstablished: IDependable = new DependencyGroup();
 
   /**
-   * The IPv4 CIDR block for this subnet
+   * The IPv4 CIDR block assigned to this subnet
    */
   public readonly ipv4CidrBlock: string;
 
   /**
-  * The route table for this subnet
+  *  Current route table associated with this subnet
   */
   public readonly routeTable: IRouteTable;
 
@@ -392,7 +394,6 @@ export class ImportedSubnetV2 extends Resource implements ISubnetV2 {
     this.ipv6CidrBlock = props.ipv6CidrBlock;
     this.subnetId = props.subnetId;
     this.routeTable = {
-      //if not given should we fallback
       routeTableId: props.routeTableId!,
     };
   }
@@ -456,7 +457,6 @@ function storeSubnetToVpcByType(vpc: IVpcV2, subnet: SubnetV2, type: SubnetType)
  * @internal
  */
 function validateSupportIpv6(vpc: IVpcV2) {
-
   if (vpc.secondaryCidrBlock) {
     if (vpc.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true ||
   secondaryAddress.ipv6IpamPoolId != undefined)) {
@@ -475,36 +475,12 @@ function validateSupportIpv6(vpc: IVpcV2) {
  * @returns True if the CIDR range falls within the VPC's IP address ranges, false otherwise.
  * @internal
  */
-// function checkCidrRanges(vpc: IVpcV2, cidrRange: string) {
-
-//   const vpcCidrBlock = [vpc.ipv4CidrBlock];
-
-//   if (vpc.secondaryCidrBlock) {
-//     for (const ipAddress of vpc.secondaryCidrBlock) {
-//       if (ipAddress.cidrBlock) {
-//         vpcCidrBlock.push(ipAddress.cidrBlock);
-//       }
-//     }
-//     const cidrs = vpcCidrBlock.map(cidr => new CidrBlock(cidr));
-
-//     const subnetCidrBlock = new CidrBlock(cidrRange);
-
-//     return cidrs.some(c => c.containsCidr(subnetCidrBlock));
-//   }
-//   if (vpc.ipv4ProvisionedCidrs) {
-
-//     const cidrs = vpc.ipv4ProvisionedCidrs.map(cidr => new CidrBlock(cidr));
-
-//     const subnetCidrBlock = new CidrBlock(cidrRange);
-
-//     return cidrs.some(c => c.containsCidr(subnetCidrBlock));
-//   } else {throw error('No secondary IP address attached to VPC');}
-// }
 function checkCidrRanges(vpc: IVpcV2, cidrRange: string) {
-
   const vpcCidrBlock = [vpc.ipv4CidrBlock];
+  const subnetCidrBlock = new CidrBlock(cidrRange);
   const allCidrs: CidrBlock[] = [];
 
+  // Secondary IP addresses assoicated using user defined IPv4 range
   if (vpc.secondaryCidrBlock) {
     for (const ipAddress of vpc.secondaryCidrBlock) {
       if (ipAddress.cidrBlock) {
@@ -515,17 +491,17 @@ function checkCidrRanges(vpc: IVpcV2, cidrRange: string) {
     allCidrs.push(...cidrs);
   }
 
-  if (vpc.ipv4ProvisionedCidrs) {
-
-    const cidrs = vpc.ipv4ProvisionedCidrs.map(cidr => new CidrBlock(cidr));
+  // Secondary IP addresses assoicated using IPAM IPv4 range
+  if (vpc.ipv4IpamProvisionedCidrs) {
+    const cidrs = vpc.ipv4IpamProvisionedCidrs.map(cidr => new CidrBlock(cidr));
     allCidrs.push(...cidrs);
   }
+
+  // If no IPv4 is assigned as secondary address
   if (allCidrs.length === 0) {
     throw new Error('No secondary IP address attached to VPC');
   }
 
-  const subnetCidrBlock = new CidrBlock(cidrRange);
-
   return allCidrs.some(c => c.containsCidr(subnetCidrBlock));
 }
 

diff --git a/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts b/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts
@@ -102,7 +102,7 @@ export interface IVpcV2 extends IVpc {
    * Required to check for overlapping CIDRs after provisioning
    * is complete under IPAM pool
    */
-  readonly ipv4ProvisionedCidrs?: string[];
+  readonly ipv4IpamProvisionedCidrs?: string[];
 
   /**
    * Add an Egress only Internet Gateway to current VPC.
@@ -353,7 +353,6 @@ export abstract class VpcV2Base extends Resource implements IVpcV2 {
     });
 
     let useIpv6;
-
     if (this.secondaryCidrBlock) {
       useIpv6 = (this.secondaryCidrBlock.some((secondaryAddress) => secondaryAddress.amazonProvidedIpv6CidrBlock === true ||
     secondaryAddress.ipv6IpamPoolId != undefined));