Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-ec2: Delete default VPC #31300

Closed
1 of 2 tasks
Conklin-Spencer-bah opened this issue Sep 3, 2024 · 2 comments
Closed
1 of 2 tasks

aws-ec2: Delete default VPC #31300

Conklin-Spencer-bah opened this issue Sep 3, 2024 · 2 comments
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@Conklin-Spencer-bah
Copy link

Describe the feature

New AWS accounts are provisioned with a default vpc with a default security group. It is best practice not to use the default VPC. It would be nice to be able to have the VPC removed via CDK.

Use Case

  • Mitigation of SecurityHub controls related to default VPC and default security group findings.
  • Alignment with AWS best practices.

Proposed Solution

Create a context parameter that allows deletion of the default VPC for the account.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.147.3 (build 32f0fdb)

Environment details (OS name and version, etc.)

OSx 23.5.0
@Conklin-Spencer-bah Conklin-Spencer-bah added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Sep 3, 2024
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Sep 3, 2024
@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels Sep 3, 2024
@khushail khushail self-assigned this Sep 3, 2024
@khushail
Copy link
Contributor

khushail commented Sep 3, 2024
edited
Loading

Hi @Conklin-Spencer-bah , thanks for reaching out.

Deleting a dafault VPC might have repercussions as there might be impact on gateway attachment or other underlying resources being used. Here is a link to delete the default VPC using console or CLI outside CDK. Please verify that it doesn't have any resources or running services. After you delete the VPC, services or resources on the default VPC are no longer available.

However given the usecase, if default VPC is deleted, one would need to always create the VPC manually and get the subnets to launch it with other instances.

For now, I am marking this as P2 as it won't be immediately addressed by the team but would reach out to core team for their inputs on this request. Please feel free to submit a PR though. TIA.

@khushail khushail added p2 effort/medium Medium work item – several days of effort and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Sep 3, 2024
@khushail khushail removed their assignment Sep 3, 2024
This was referenced Sep 9, 2024
Open
Open
@shikha372
Copy link
Contributor

shikha372 commented Sep 13, 2024
edited
Loading

Default VPC is not something that is created by CDK. So, allowing deletion of a resource that is created outside of it might introduce serious implications and unwanted failures in customer accounts. Since deletion of default VPC is also not something that can be achieved using Cloudformation template, don't see any reason for why we need it to be a part of CDK.

You can always choose not to deploy any resources inside default VPC to address security concerns and implement AWS best practices using custom VPC.

@moelasmar moelasmar added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Sep 14, 2024
@github-actions github-actions bot added closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Sep 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@shikha372 @moelasmar @khushail @Conklin-Spencer-bah