Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conditionalize creation of Internet Gateway depending on whether public subnets are specified #1283

Closed
wants to merge 7 commits into from
Closed

Conditionalize creation of Internet Gateway depending on whether public subnets are specified #1283

wants to merge 7 commits into from

Conversation

flostadler
Copy link
Contributor

@flostadler flostadler commented May 8, 2024
edited
Loading

Internet Gateways are currently auto created even if no public subnets are configured.
For some customers with very strict security rules this causes compliance tests to fail.

This PR conditionalizes the creation of the Internet Gateway by checking if public subnets are specified. Only in this case the Internet Gateway is needed.

By conditionalizing the creation of the IGW the following breaking changes are introduced

  • The internetGateway output of the VPC module changes to being optional. Users that use the output will need to add a null/undefined check when using it. This breaking change should only affect users with advanced VPC setups that manually use the output of the IGW
  • The Internet Gateway will be deleted for users that are already using an older version of the VPC component resource when they have no public subnets configured. In case they've configured public subnets outside of the stack and are using the implicitly created IGW, this will not have destructive effects because Internet Gateways cannot be detached from VPCs if they're in use (if there's at least one EIP in the VPC).

This fixes #947

@flostadler flostadler self-assigned this May 8, 2024
@flostadler flostadler marked this pull request as draft May 8, 2024 13:25
@flostadler flostadler changed the title Add Toggle for creating VPC without Internet Gateway Conditionalize creation of Internet Gateway depending on whether public subnets are specified May 8, 2024
@flostadler flostadler closed this Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@flostadler flostadler

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Vpc creates an InternetGateway even if there are no public subnets
1 participant
@flostadler