-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use NAT Gateway Service #213
Conversation
Release base infrastructure and dashboard postgres schema fixes
Question: will CDK do a force replacement here of the whole VPC or will do an in-place edit of the existing VPC? Hopefully the latter. |
@ranchodeluxe looks pretty good to me, dunno the answer to the question tho. we'll know once we deploy? :D |
|
instance_type=aws_ec2.InstanceType("t3.nano"), | ||
# NOTE: this line automatically creates a NAT Gateway for each AZ | ||
# and binds the route table in the private subnet | ||
subnet_type=aws_ec2.SubnetType.PRIVATE_WITH_NAT, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I get a new warning here:
[WARNING] aws-cdk-lib.aws_ec2.SubnetType#PRIVATE_WITH_NAT is deprecated.
use `PRIVATE_WITH_EGRESS`
This API will be removed in the next major release.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ividito I've been wondering about whether we should be switching to PRIVATE_WITH_EGRESS as well. Maybe we can see what changes this PR causes and test the subnet type change separately.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me make that change and redeploy on my test instance
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change committed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly LGTM, but I'm not 100% sure what the reasoning was for some of the code being removed (is there a reason we would ever need more than one NAT gateway?).
Are you referring to the number of NAT(s) per AZ here? Or is this a general question about removal of EC2 Instances that function as a NAT and instead using the NAT Gateway? |
Here is my deployed test VPC and test Lambda showing everything is gravy Before we'd do this we kinda need to know if CDK is going to do a whole teardown here b/c that means the site will be offline and might need to redeploy all services. Let's talk about it at standup |
Before the addition of the
I'll pull the change and run these sanity checks again |
No changes caused by changing the subnet type in the construct 👍 |
I actually think @ividito has it right (of course he does!). I know everyone loves CDK here but there's too much magic. The default behavior here is that CDK magically creates a NAT Gateway for each AZ. I looked at my Terraform for all VPCs I use and we can easily just use one for both private subnets. But that means I have manually do all the plumbing. The reason they do that makes sense b/c they are thinking about fail over. |
I was talking about removing the config parameter + related code: |
Sorry I didn't notice there was a still a discussion going when I approved. RE multiple nat gateway count--it is still configurable via aws-cdk and it looks like it determines the number of gateways per availability zone. I suppose leaving the configuration in place with default=1 gives us that option later? If we're still on a roll, we could address this, too, I suppose
^I'm not requesting this as a condition for the PR, though |
@ividito, @anayeaye: my most recent commits make everything groovy:
|
Background
https://github.com/NASA-IMPACT/veda-analytics/issues/86
Next Steps
base_name
and make sure the network is setup correctly. Maybe even manually provision a Lambda in it to do the public test that is failing on GHGC