Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(VpcV2): adding imports for SubnetV2 and VpcV2(WIP) #31765

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
+2,969 −694
Open

feat(VpcV2): adding imports for SubnetV2 and VpcV2(WIP) #31765

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
9572a62
adding imports for first draft
shikha372 Oct 10, 2024
52c087c
feat(VpcV2): adding imports for first draft
shikha372 Oct 10, 2024
4910b6f
fix issue of subnet ip check with ipam range
shikha372 Oct 15, 2024
34fdfb3
fix unit tests
shikha372 Oct 15, 2024
e1b038c
adding unit test for defining imports
shikha372 Oct 16, 2024
00eebb9
fix nits
shikha372 Oct 16, 2024
13d1458
adding arn field to populate account and region
shikha372 Oct 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
105 changes: 101 additions & 4 deletions packages/@aws-cdk/aws-ec2-alpha/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,6 @@ new VpcV2(this, 'Vpc', {

`VpcV2` does not automatically create subnets or allocate IP addresses, which is different from the `Vpc` construct.

Importing existing VPC in an account into CDK as a `VpcV2` is not yet supported.

## SubnetV2

`SubnetV2` is a re-write of the [`ec2.Subnet`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Subnet.html) construct.
Expand All @@ -62,8 +60,6 @@ new SubnetV2(this, 'subnetA', {
})
```

Same as `VpcV2`, importing existing subnets is not yet supported.

## IP Addresses Management

By default `VpcV2` uses `10.0.0.0/16` as the primary CIDR if none is defined.
Expand Down Expand Up @@ -366,3 +362,104 @@ myVpc.addInternetGateway({
ipv4Destination: '192.168.0.0/16',
});
```

## Importing an existing VPC

You can import an existing VPC and its subnets using the `VpcV2.fromVpcV2Attributes()` method or an individual subnet using `SubnetV2.fromSubnetV2Attributes()` method.

### Importing a VPC

To import an existing VPC, use the `VpcV2.fromVpcV2Attributes()` method. You'll need to provide the VPC ID, primary CIDR block, and information about the subnets. You can import secondary address as well created through IPAM, BYOIP(IPv4) or enabled through Amazon Provided IPv6. You must provide VPC Id and its primary CIDR block for importing it.

If you wish to add a new subnet to imported VPC, new subnet's IP range(IPv4) will be validated against provided secondary and primary address block to confirm that it is within the the range of VPC.

Here's an example of how to import a VPC with multiple CIDR blocks, IPv6 support, and different subnet types:

In this example, we're importing a VPC with:

- A primary CIDR block (10.1.0.0/16)
- One secondary IPv4 CIDR block (10.2.0.0/16)
- Two secondary address using IPAM pool (IPv4 and IPv6)
- VPC has Amazon-provided IPv6 CIDR enabled
- An isolated subnet in us-west-2a
- A public subnet in us-west-2b

```ts

const stack = new Stack();

const importedVpc = VpcV2.fromVpcV2Attributes(this, 'ImportedVPC', {
vpcId: 'vpc-XXX',
vpcCidrBlock: '10.1.0.0/16',
secondaryCidrBlocks: [
{
cidrBlock: '10.2.0.0/16',
cidrBlockName: 'ImportedBlock1',
},
{
ipv6IpamPoolId: 'ipam-pool-XXX',
ipv6NetmaskLength: 52,
cidrBlockName: 'ImportedIpamIpv6',
},
{
ipv4IpamPoolId: 'ipam-pool-XXX',
ipv4IpamProvisionedCidrs: ['10.2.0.0/16'],
cidrBlockName: 'ImportedIpamIpv4',
},
{
amazonProvidedIpv6CidrBlock: true,
}
],
isolatedSubnets: [{
subnetName: 'IsolatedSubnet2',
subnetId: 'subnet-03cd773c0fe08ed26',
subnetType: SubnetType.PRIVATE_ISOLATED,
availabilityZone: 'us-west-2a',
ipv4CidrBlock: '10.2.0.0/24',
routeTableId: 'rtb-0871c310f98da2cbb',
}],
publicSubnets: [{
subnetId: 'subnet-0fa477e01db27d820',
subnetType: SubnetType.PUBLIC,
availabilityZone: 'us-west-2b',
ipv4CidrBlock: '10.3.0.0/24',
routeTableId: 'rtb-014f3043098fe4b96',
}],
});

// You can now use the imported VPC in your stack

// Adding a new subnet to the imported VPC
const importedSubnet = new SubnetV2(this, 'NewSubnet', {
availabilityZone: 'us-west-2a',
ipv4CidrBlock: new IpCidr('10.2.2.0/24'),
vpc: importedVpc,
subnetType: SubnetType.PUBLIC,
});

// Adding gateways to the imported VPC
importedVpc.addInternetGateway();
importedVpc.addNatGateway({ subnet: importedSubnet });
importedVpc.addEgressOnlyInternetGateway();
```

You can add more subnets as needed by including additional entries in the `isolatedSubnets`, `publicSubnets`, or other subnet type arrays (e.g., `privateSubnets`).

### Importing Subnets

You can also import individual subnets using the `SubnetV2.fromSubnetV2Attributes()` method. This is useful when you need to work with specific subnets independently of a VPC.

Here's an example of how to import a subnet:

```ts

SubnetV2.fromSubnetV2Attributes(this, 'ImportedSubnet', {
subnetId: 'subnet-0123456789abcdef0',
availabilityZone: 'us-west-2a',
ipv4CidrBlock: '10.2.0.0/24',
routeTableId: 'rtb-0871c310f98da2cbb',
subnetType: SubnetType.PRIVATE_ISOLATED,
});
```

By importing existing VPCs and subnets, you can easily integrate your existing AWS infrastructure with new resources created through CDK. This is particularly useful when you need to work with pre-existing network configurations or when you're migrating existing infrastructure to CDK.
2 changes: 0 additions & 2 deletions packages/@aws-cdk/aws-ec2-alpha/awslint.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
{
"exclude": [
"from-method:@aws-cdk/aws-ec2-alpha.VpcV2",
"attribute-tag:@aws-cdk/aws-ec2-alpha.RouteTable.routeTableId",
"from-method:@aws-cdk/aws-ec2-alpha.SubnetV2",
"from-method:@aws-cdk/aws-ec2-alpha.Route"
]
}
19 changes: 17 additions & 2 deletions packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ export enum IpamScopeType {
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html
*/
export interface PoolOptions{
export interface PoolOptions {

/**
* addressFamily - The address family of the pool (ipv4 or ipv6).
Expand Down Expand Up @@ -180,7 +180,7 @@ export interface IpamPoolCidrProvisioningOptions {
/**
* Definition used to add or create a new IPAM pool
*/
export interface IIpamPool{
export interface IIpamPool {
/**
* Pool ID to be passed to the VPC construct
* @attribute IpamPoolId
Expand All @@ -192,6 +192,12 @@ export interface IIpamPool{
*/
readonly ipamCidrs: CfnIPAMPoolCidr[];

/**
* Pool CIDR for IPv4 to be provisioned using IPAM
* Required to check for subnet IP range is within the VPC range
*/
readonly ipamIpv4Cidrs?: string[];

/**
* Function to associate a IPv6 address with IPAM pool
*/
Expand Down Expand Up @@ -315,6 +321,12 @@ class IpamPool extends Resource implements IIpamPool {
*/
public readonly ipamCidrs: CfnIPAMPoolCidr[] = []

/**
* Pool CIDR for IPv4 to be provisioned using IPAM
* Required to check for subnet IP range is within the VPC range
*/
public readonly ipamIpv4Cidrs: string[] = []

/**
* Reference to ipamPool resource created in this class
*/
Expand All @@ -340,6 +352,9 @@ class IpamPool extends Resource implements IIpamPool {
awsService: props.awsService,
});
this.ipamPoolId = this._ipamPool.attrIpamPoolId;

// Populating to check for subnet range against all IPv4 ranges assigned to VPC including IPAM
props.ipv4ProvisionedCidrs?.map(cidr => (this.ipamIpv4Cidrs.push(cidr)));
this.node.defaultChild = this._ipamPool;
}

Expand Down
Loading
Loading