AWS Network resources for a cluster are not distinguishable from cluster to cluster

[metral]

If one stands up many EKS clusters, all of the network infrastructure is identically named, and this makes it hard to pinpoint which resources belong to which clusters.

For example, we prefix all of the Cluster and IAM resources with the name of the cluster, but do not do the same for the the Networking resources. This ends up creating many VPC's with the name vpc if multiple clusters are created.

Currently, the user is left to either inspect the networking resources in the EKS dashboard, or inspecting the tags of the given resources to pinpoint which resource belongs to which cluster.

$ pulumi up -y
Previewing update (eks-demo):

     Type                                          Name                                Plan
 +   pulumi:pulumi:Stack                           eks-hello-world-eks-demo            create
 +   ├─ eks:index:Cluster                          helloWorld                          create
 +   │  ├─ eks:index:ServiceRole                   helloWorld-eksRole                  create
 +   │  │  ├─ aws:iam:Role                         helloWorld-eksRole-role             create
 +   │  │  ├─ aws:iam:RolePolicyAttachment         helloWorld-eksRole-4b490823         create
 +   │  │  └─ aws:iam:RolePolicyAttachment         helloWorld-eksRole-90eb1c99         create
 +   │  ├─ eks:index:ServiceRole                   helloWorld-instanceRole             create
 +   │  │  ├─ aws:iam:Role                         helloWorld-instanceRole-role        create
 +   │  │  ├─ aws:iam:RolePolicyAttachment         helloWorld-instanceRole-3eb088f2    create
 +   │  │  ├─ aws:iam:RolePolicyAttachment         helloWorld-instanceRole-03516f97    create
 +   │  │  └─ aws:iam:RolePolicyAttachment         helloWorld-instanceRole-e1b295bd    create
 +   │  ├─ pulumi-nodejs:dynamic:Resource          helloWorld-cfnStackName             create
 +   │  ├─ aws:ec2:SecurityGroup                   helloWorld-eksClusterSecurityGroup  create
 +   │  ├─ aws:iam:InstanceProfile                 helloWorld-instanceProfile          create
 +   │  ├─ aws:eks:Cluster                         helloWorld-eksCluster               create
 +   │  ├─ pulumi-nodejs:dynamic:Resource          helloWorld-vpc-cni                  create
 +   │  ├─ pulumi:providers:kubernetes             helloWorld-eks-k8s                  create
 +   │  ├─ aws:ec2:SecurityGroup                   helloWorld-nodeSecurityGroup        create
 +   │  ├─ kubernetes:core:ConfigMap               helloWorld-nodeAccess               create
 +   │  ├─ kubernetes:storage.k8s.io:StorageClass  helloworld-gp2                      create
 +   │  ├─ aws:ec2:SecurityGroupRule               helloWorld-eksClusterIngressRule    create
 +   │  ├─ aws:ec2:LaunchConfiguration             helloWorld-nodeLaunchConfiguration  create
 +   │  ├─ aws:cloudformation:Stack                helloWorld-nodes                    create
 +   │  └─ pulumi:providers:kubernetes             helloWorld-provider                 create
 +   └─ aws-infra:network:Network                  vpc                                 create
 +      ├─ aws:ec2:Vpc                             vpc                                 create
 +      ├─ aws:ec2:Eip                             vpc-nat-0                           create
 +      ├─ aws:ec2:Eip                             vpc-nat-1                           create
 +      ├─ aws:ec2:InternetGateway                 vpc                                 create
 +      ├─ aws:ec2:RouteTable                      vpc                                 create
 +      ├─ aws:ec2:Subnet                          vpc-0                               create
 +      ├─ aws:ec2:Subnet                          vpc-nat-1                           create
 +      ├─ aws:ec2:Subnet                          vpc-nat-0                           create
 +      ├─ aws:ec2:Subnet                          vpc-1                               create
 +      ├─ aws:ec2:NatGateway                      vpc-nat-1                           create
 +      ├─ aws:ec2:RouteTableAssociation           vpc-nat-1                           create
 +      ├─ aws:ec2:NatGateway                      vpc-nat-0                           create
 +      ├─ aws:ec2:RouteTableAssociation           vpc-nat-0                           create
 +      ├─ aws:ec2:RouteTable                      vpc-nat-1                           create
 +      ├─ aws:ec2:RouteTableAssociation           vpc-1                               create
 +      ├─ aws:ec2:RouteTable                      vpc-nat-0                           create
 +      └─ aws:ec2:RouteTableAssociation           vpc-0                               create

[lukehoban]

cc @CyrusNajmabadi for any guidance on how best to structure names to ensure uniqueness.

Note also that unfortunately today, any changes to these names would be breaking changes for existing users (resources would get replaced). So we likely need to be careful about any proposed changes here - and possibly need to block on pulumi/pulumi#458 which will enable us to change name without causing this breaking change.

[lukehoban]

Looking at this again - I believe the networking infrastructure is actually unrelated to the EKS package, and I believe the example that deployed this used vpc as a prefix for the networking infrastructure. So the components being used support what is desired here - just the example did not use unique names. Is that right? If so, I think we can close this.

[CyrusNajmabadi]

Yup, i'm ok closing this out.