Skip to content

(aws-cdk-lib/aws_ec2): (Can't create Internet Gateway without public subnets) #34069

Open
@KuramaeNaputo

Description

@KuramaeNaputo

Describe the bug

I specified "create InternetGateway" prop true and "subnetConfiguration" as "PRIVATE_ISOLATED". But It doesn't make Internet Gateway. I Use Internet Gateway only for Cloud front VPC origin.

new _Vpc(this, 'Vpc', {
          ipAddresses: IpAddresses.cidr('10.0.0.0/16'),
          availabilityZones: ["ap-northeast-1a", "ap-northeast-1c"],
          ipProtocol: IpProtocol.IPV4_ONLY,
          createInternetGateway: true,
          subnetConfiguration: [
            {
              cidrMask: 24,
              name: 'SubnetA',
              subnetType: SubnetType.PRIVATE_ISOLATED
            },
            {
              cidrMask: 24,
              name: 'SubnetB',
              subnetType: SubnetType.PRIVATE_ISOLATED
            },
            {
              cidrMask: 24,
              name: 'SubnetC',
              subnetType: SubnetType.PRIVATE_ISOLATED
            },
            {
              cidrMask: 24,
              name: 'SubnetD',
              subnetType: SubnetType.PRIVATE_ISOLATED
            },
          ]
        });

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

It makes Internet Gateway and Private Subnets

Current Behavior

It doesn't makes Internet Gateway

Reproduction Steps

new _Vpc(this, 'Vpc', {
          ipAddresses: IpAddresses.cidr('10.0.0.0/16'),
          availabilityZones: ["ap-northeast-1a", "ap-northeast-1c"],
          ipProtocol: IpProtocol.IPV4_ONLY,
          createInternetGateway: true,
          subnetConfiguration: [
            {
              cidrMask: 24,
              name: 'SubnetA',
              subnetType: SubnetType.PRIVATE_ISOLATED
            },
            {
              cidrMask: 24,
              name: 'SubnetB',
              subnetType: SubnetType.PRIVATE_ISOLATED
            },
            {
              cidrMask: 24,
              name: 'SubnetC',
              subnetType: SubnetType.PRIVATE_ISOLATED
            },
            {
              cidrMask: 24,
              name: 'SubnetD',
              subnetType: SubnetType.PRIVATE_ISOLATED
            },
          ]
        });

Possible Solution

Remove the "allowOutbound" condition from the if statement in the process of creating an "Internet Gateway". However, I think it will have a big impact.

/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts line 1614:1629

    const createInternetGateway = props.createInternetGateway ?? true;
    const allowOutbound = this.subnetConfiguration.filter(
      subnet => (subnet.subnetType !== SubnetType.PRIVATE_ISOLATED && subnet.subnetType !== SubnetType.ISOLATED && !subnet.reserved)).length > 0;

    // Create an Internet Gateway and attach it if necessary
    if (allowOutbound && createInternetGateway) {
      const igw = new CfnInternetGateway(this, 'IGW', {
      });

      this.internetGatewayId = igw.ref;

      this._internetConnectivityEstablished.add(igw);
      const att = new CfnVPCGatewayAttachment(this, 'VPCGW', {
        internetGatewayId: igw.ref,
        vpcId: this.resource.ref,
      });

Additional Information/Context

No response

CDK CLI Version

2.1006.0

Framework Version

No response

Node.js Version

v23.10.0

OS

Mac OS

Language

TypeScript

Language Version

No response

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-ec2Related to Amazon Elastic Compute CloudbugThis issue is a bug.p2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions