aws-cdk icon indicating copy to clipboard operation
aws-cdk copied to clipboard
verified publisher icon aws

vpc: when `natGateways` Inconsistent Route Table Configuration for Private Subnets in VPC with Multiple NAT Gateways

Open waltervargas opened this issue 1 year ago • 3 comments

Describe the bug

When creating a VPC with multiple NAT Gateways using the AWS CDK, the automatic route table configuration for private subnets does not consistently assign routes for internet access (0.0.0.0/0) to the corresponding NAT Gateways.

Expected Behavior

All private subnets should have a route (0.0.0.0/0) pointing to their corresponding NAT Gateway

Current Behavior

Only one of the private subnets had the correct route to the NAT Gateway. The other private subnets lacked this route, causing connectivity issues.

image

image

Reproduction Steps

Define a VPC with multiple private and public subnets. Configure the VPC to use multiple NAT Gateways (one per AZ) with property natGateways Deploy the stack. Here is the relevant CDK code used to create the VPC:

import * as cdk from 'aws-cdk-lib';
import { Vpc, SubnetType, IpAddresses } from 'aws-cdk-lib/aws-ec2';
import { Construct } from 'constructs';
import { ExtendedStackProps } from '../constants';

export class VPCStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props: ExtendedStackProps) {
    super(scope, id, props);

    new Vpc(this, props.envConfig.BackendVpc.name, {
      ipAddresses: IpAddresses.cidr(props.envConfig.BackendVpc.cidr),
      maxAzs: props.envConfig.BackendVpc.maxAzs,
      natGateways: props.envConfig.BackendVpc.natGateways,
      subnetConfiguration: [
        {
          cidrMask: props.envConfig.BackendVpc.publicSubnetMask,
          name: 'pab-public',
          subnetType: SubnetType.PUBLIC,
        },
        {
          cidrMask: props.envConfig.BackendVpc.privateSubnetMask,
          name: 'pab-private',
          subnetType: SubnetType.PRIVATE_WITH_EGRESS,
        },
      ],
    });
  }
}

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.144.0 (build 5fb15bc)

Framework Version

No response

Node.js Version

Node.js v20.14.0

OS

Linux avril 6.5.0-41-generic #41-Ubuntu SMP PREEMPT_DYNAMIC Mon May 20 15:55:15 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Language

TypeScript

Language Version

No response

Other information

No response

waltervargas avatar Jun 24 '24 14:06 waltervargas

I can't see some values from your provided snippet but this works perfect for me.

    new ec2.Vpc(this, 'Vpc', {
      ipAddresses: ec2.IpAddresses.cidr('10.0.0.0/16'),
      maxAzs: 3,
      natGateways: 3,
      subnetConfiguration: [
        {
          cidrMask: 19,
          name: 'pab-public',
          subnetType: SubnetType.PUBLIC,
        },
        {
          cidrMask: 19,
          name: 'pab-private',
          subnetType: SubnetType.PRIVATE_WITH_EGRESS,
        },
      ],
    });

Can you verify if my provided sample good with you?

pahud avatar Jun 24 '24 19:06 pahud

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

github-actions[bot] avatar Jun 26 '24 20:06 github-actions[bot]

any update on this?

waltervargas avatar Jun 30 '24 19:06 waltervargas