fix(aws-ec2): add dependency on gateway attachment for public routes (#1142)

Currently there is a race condition when creating the
public subnet routes for the ec2.VpcNetwork construct. CloudFormation
can attempt to create the public subnet routes to the IGW before the IGW
is attached to the VPC. This change adds a dependency to the public
routes on the IGW attachment.

Fixes #1140. 

BREAKING CHANGE: Method signature of
VpcPublicSubnet.addDefaultIGWRouteEntry changed in order to add a
dependency on gateway attachment completing before creating the public
route to the gateway. Instead of passing a gateway ID string, pass in a
cloudformation.InternetGatewayResource object and a
cloudformation.VPCGatewayAttachmentResource object.

Author: clareliguori

packages/@aws-cdk/aws-autoscaling/test/integ.amazonlinux2.expected.json

@@ -59,6 +59,9 @@
     },
     "VPCPublicSubnet1DefaultRoute91CEF279": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VPCVPCGW99B986DC"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VPCPublicSubnet1RouteTableFEE4B781"
@@ -139,6 +142,9 @@
     },
     "VPCPublicSubnet2DefaultRouteB7481BBA": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VPCVPCGW99B986DC"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VPCPublicSubnet2RouteTable6F1A15F1"
@@ -411,4 +417,4 @@
       }
     }
   }
-}
+}

packages/@aws-cdk/aws-autoscaling/test/integ.asg-w-classic-loadbalancer.expected.json

@@ -85,6 +85,9 @@
     },
     "VPCPublicSubnet1DefaultRoute91CEF279": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VPCVPCGW99B986DC"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VPCPublicSubnet1RouteTableFEE4B781"
@@ -165,6 +168,9 @@
     },
     "VPCPublicSubnet2DefaultRouteB7481BBA": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VPCVPCGW99B986DC"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VPCPublicSubnet2RouteTable6F1A15F1"
@@ -245,6 +251,9 @@
     },
     "VPCPublicSubnet3DefaultRouteA0D29D46": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VPCVPCGW99B986DC"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VPCPublicSubnet3RouteTable98AE0E14"

packages/@aws-cdk/aws-autoscaling/test/integ.asg-w-elbv2.expected.json

@@ -85,6 +85,9 @@
     },
     "VPCPublicSubnet1DefaultRoute91CEF279": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VPCVPCGW99B986DC"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VPCPublicSubnet1RouteTableFEE4B781"
@@ -165,6 +168,9 @@
     },
     "VPCPublicSubnet2DefaultRouteB7481BBA": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VPCVPCGW99B986DC"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VPCPublicSubnet2RouteTable6F1A15F1"

packages/@aws-cdk/aws-codedeploy/test/integ.deployment-group.expected.json

@@ -59,6 +59,9 @@
     },
     "VPCPublicSubnet1DefaultRoute91CEF279": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VPCVPCGW99B986DC"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VPCPublicSubnet1RouteTableFEE4B781"
@@ -139,6 +142,9 @@
     },
     "VPCPublicSubnet2DefaultRouteB7481BBA": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VPCVPCGW99B986DC"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VPCPublicSubnet2RouteTable6F1A15F1"
@@ -219,6 +225,9 @@
     },
     "VPCPublicSubnet3DefaultRouteA0D29D46": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VPCVPCGW99B986DC"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VPCPublicSubnet3RouteTable98AE0E14"

packages/@aws-cdk/aws-ec2/lib/vpc.ts

@@ -319,7 +319,7 @@ export class VpcNetwork extends VpcNetworkRef implements cdk.ITaggable {
       this.dependencyElements.push(igw, att);
 
       (this.publicSubnets as VpcPublicSubnet[]).forEach(publicSubnet => {
-        publicSubnet.addDefaultIGWRouteEntry(igw.ref);
+        publicSubnet.addDefaultIGWRouteEntry(igw, att);
       });
 
       // if gateways are needed create them
@@ -520,12 +520,19 @@ export class VpcSubnet extends VpcSubnetRef implements cdk.ITaggable {
     });
   }
 
-  protected addDefaultRouteToIGW(gatewayId: string) {
-    new cloudformation.RouteResource(this, `DefaultRoute`, {
+  /**
+   * Create a default route that points to a passed IGW, with a dependency
+   * on the IGW's attachment to the VPC.
+   */
+  protected addDefaultRouteToIGW(
+    gateway: cloudformation.InternetGatewayResource,
+    gatewayAttachment: cloudformation.VPCGatewayAttachmentResource) {
+    const route = new cloudformation.RouteResource(this, `DefaultRoute`, {
       routeTableId: this.routeTableId,
       destinationCidrBlock: '0.0.0.0/0',
-      gatewayId
+      gatewayId: gateway.ref
     });
+    route.addDependency(gatewayAttachment);
   }
 }
 
@@ -538,10 +545,13 @@ export class VpcPublicSubnet extends VpcSubnet {
   }
 
   /**
-   * Create a default route that points to a passed IGW
+   * Create a default route that points to a passed IGW, with a dependency
+   * on the IGW's attachment to the VPC.
    */
-  public addDefaultIGWRouteEntry(gatewayId: string) {
-    this.addDefaultRouteToIGW(gatewayId);
+  public addDefaultIGWRouteEntry(
+    gateway: cloudformation.InternetGatewayResource,
+    gatewayAttachment: cloudformation.VPCGatewayAttachmentResource) {
+    this.addDefaultRouteToIGW(gateway, gatewayAttachment);
   }
 
   /**

packages/@aws-cdk/aws-ec2/test/integ.vpc.expected.json

@@ -85,6 +85,9 @@
     },
     "MyVpcPublicSubnet1DefaultRoute95FDF9EB": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "MyVpcVPCGW488ACE0D"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "MyVpcPublicSubnet1RouteTableC46AB2F4"
@@ -165,6 +168,9 @@
     },
     "MyVpcPublicSubnet2DefaultRoute052936F6": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "MyVpcVPCGW488ACE0D"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "MyVpcPublicSubnet2RouteTable1DF17386"
@@ -245,6 +251,9 @@
     },
     "MyVpcPublicSubnet3DefaultRoute3A83AB36": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "MyVpcVPCGW488ACE0D"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "MyVpcPublicSubnet3RouteTable15028F08"

packages/@aws-cdk/aws-ecs/test/ec2/integ.lb-awsvpc-nw.expected.json

@@ -59,6 +59,9 @@
     },
     "VpcPublicSubnet1DefaultRoute3DA9E72A": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VpcVPCGWBF912B6E"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
@@ -139,6 +142,9 @@
     },
     "VpcPublicSubnet2DefaultRoute97F91067": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VpcVPCGWBF912B6E"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VpcPublicSubnet2RouteTable94F7E489"
@@ -722,4 +728,4 @@
       }
     }
   }
-}
+}

packages/@aws-cdk/aws-ecs/test/ec2/integ.lb-bridge-nw.expected.json

@@ -59,6 +59,9 @@
     },
     "VpcPublicSubnet1DefaultRoute3DA9E72A": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VpcVPCGWBF912B6E"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
@@ -139,6 +142,9 @@
     },
     "VpcPublicSubnet2DefaultRoute97F91067": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VpcVPCGWBF912B6E"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VpcPublicSubnet2RouteTable94F7E489"
@@ -685,4 +691,4 @@
       }
     }
   }
-}
+}

packages/@aws-cdk/aws-ecs/test/fargate/integ.asset-image.expected.json

@@ -59,6 +59,9 @@
     },
     "VpcPublicSubnet1DefaultRoute3DA9E72A": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VpcVPCGWBF912B6E"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
@@ -139,6 +142,9 @@
     },
     "VpcPublicSubnet2DefaultRoute97F91067": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VpcVPCGWBF912B6E"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VpcPublicSubnet2RouteTable94F7E489"
@@ -801,4 +807,4 @@
       }
     }
   }
-}
+}

packages/@aws-cdk/aws-ecs/test/fargate/integ.lb-awsvpc-nw.expected.json

@@ -59,6 +59,9 @@
     },
     "VpcPublicSubnet1DefaultRoute3DA9E72A": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VpcVPCGWBF912B6E"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VpcPublicSubnet1RouteTable6C95E38E"
@@ -139,6 +142,9 @@
     },
     "VpcPublicSubnet2DefaultRoute97F91067": {
       "Type": "AWS::EC2::Route",
+      "DependsOn": [
+        "VpcVPCGWBF912B6E"
+      ],
       "Properties": {
         "RouteTableId": {
           "Ref": "VpcPublicSubnet2RouteTable94F7E489"
@@ -631,4 +637,4 @@
       }
     }
   }
-}
+}