VpcNetwork.importFromContext does not work if multiple private subnets are present

[StoyanIvanovI]

Using the Typescript flavour of CDK, when trying to import a VPC defined outside CDK that has multiple private subnets cdk synthesize produces the following error message Not all subnets in VPC have the same AZs: eu-west-1a,eu-west-1b vs eu-west-1a,eu-west-1a,eu-west-1a,eu-west-1b,eu-west-1b,eu-west-1b:

import cdk = require('@aws-cdk/cdk');
import ec2 = require('@aws-cdk/aws-ec2');

export class CdkPlayStack extends cdk.Stack {
  constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {
    super(parent, name, props);

    const vpc = ec2.VpcNetwork.importFromContext(this, 'VPC', {
      vpcId: 'vpc-12345',
    });
  }
}

Using VpcNetwork.Import did successfully import the VPC but the documentation at the moment recomments using VpcNetwork.importFromContext.

import cdk = require('@aws-cdk/cdk');
import ec2 = require('@aws-cdk/aws-ec2');

export class CdkPlayStack extends cdk.Stack {
  constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {
    super(parent, name, props);

    const vpc = ec2.VpcNetwork.import(this, 'VPC', {
      vpcId: 'vpc-12345',
      availabilityZones: [ 'eu-west-1a', 'eu-west-1b' ],
      publicSubnetIds: [ 'subnet-1', 'subnet-2' ],
      privateSubnetIds: [ 'subnet-3', 'subnet-4', 'subnet-5', 'subnet-6', 'subnet-7', 'subnet-8' ]
    });
  }
}

npm packages @aws-cdk/cdk and @aws-cdk/aws-ec2 version 0.22.0 was used. 0.21.0 also experienced the problem.

[thesurlydev]

I was able to use the same workaround VpcNetwork.Import with explicit AZ's to use instead of importFromContext which seems to fail trying to group all subnets/AZs after interrogating the VPC.

[brad-jones]

Similar issue here but with different error message.

import * as cdk from "@aws-cdk/cdk";
import * as ec2 from "@aws-cdk/aws-ec2";

export class PlayStack extends cdk.Stack {
	constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
		super(scope, id, props);

		ec2.VpcNetwork.importFromContext(this, "VPC", {
			isDefault: true,
		});
	}
}

Running cdk synth fails with Cannot read property 'VpnGatewayId' of undefined.

I'm going to go out on a limb and suggest that importFromContext has a number of expectations about a pre-existing VPC that it is going to import. For example tags that tell it which subnets are private or public.

If you create a standard VPC, eg: new ec2.VpcNetwork(this, "VPC") it creates tags like aws-cdk:subnet-type and possibly other things. In my particular case it would seem importFromContext is looking for a VpnGateway that doesn't exist.

If my assumptions are correct it would be great to get the docs updated to reflect the differences between import and importFromContext

[PaulMaddox]

I'm seeing the same issue when trying to importFromContext a very standard VPC (that was originally created by new VpcNetwork()). I don't think this is related to the original issue @brad-jones - I suspect it's to do with a recent VPN related pull request (#1899) that was merged 8 days ago.

I'm going to open up a new issue, and will tag you in on it.

[ValkyrieUK]

I'm also running into a very similar issue when trying to import existing VPC's into my stack.

Not all subnets in VPC have the same AZs: eu-west-1b vs eu-west-1a,eu-west-1a,eu-west-1a,eu-west-1b,eu-west-1b

I'm using the very simple following code.

import cdk = require("@aws-cdk/core");
import ec2 = require("@aws-cdk/aws-ec2");

export class RcsCdrInfrastructureStack extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);
    const vpcId = "vpc-xxxxxxxx";
    const vpc = ec2.Vpc.fromLookup(this, "MainVpc", { vpcId });
  }
}

It seems that ec2.VpcNetwork is no longer available so there is only Vpc.fromLookup and Vpc.fromVpcAttributes available.

This is currently stopping us from actually using CDK at all as we're unable to use our existing VPC's

[reeseyc]

Confirmed - same issue in python CDK - cannot use ec2.Vpc.from_lookup when multiple private subnets are present

[StoyanIvanovI]

I think this issue is to be closed mainly because the API doesn't exist any more. There could be further problems with VPC.fromLookup but since that is confirmed we should close that.

[StoyanIvanovI]

I can also confirm that the ec2.Vpc.fromVpcAttributes does correctly allow you to provide ids for subnets, availability zones, and a VPC so the object is created without any assumptions about the VPC and works very well.

[yhvh]

The problem is confirmed to exist, above, in the from_lookup API

[fogfish]

Got same issue with new API ec2.Vpc.fromLookup cdk (1.15.0). I believe it relates to VPC configuration. I got the error when importing VPC that is created with maxAzs: 2.