Skip to content

aws-ec2: Cannot create VPC Endpoint using existing VPC & Subnets if cdk.context.json is missing VPC information #17600

New issue
New issue
Closed
#18554
Closed
aws-ec2: Cannot create VPC Endpoint using existing VPC & Subnets if cdk.context.json is missing VPC information#17600
#18554
Labels
@aws-cdk/aws-ec2Related to Amazon Elastic Compute CloudbugThis issue is a bug.effort/smallSmall work item – less than a day of effortp2
@sdobberstein

Description

@sdobberstein
sdobberstein
opened on Nov 19, 2021

What is the problem?

If you have a stack where you need to look up an existing VPC (using VPC.fromLookup) and add a VPC Interface Endpoint to it using a subnet selection, it will fail if the cdk.context.json file does not exist or does not contain information about that VPC already.

Reproduction Steps

Assumptions:

  • Referencing VPC & Subnets that already exist

Steps to Reproduce:

  1. Populate Account, Subnet Ids, and VPC Id

  2. Ensure cdk.context.json either doesn't exist, or at least does not contain information matching your VPC

  3. Run cdk ls

  4. Verify error occurs

     Cannot create a VPC Endpoint with no subnets
 Subprocess exited with error 1

Workaround:

  1. Comment out VPC Interface Endpoint code
  2. Run cdk ls which should create/update the cdk.context.json
  3. Uncomment out VPC Interface Endpoint code
  4. Run cdk ls and it should work

Code:

#!/usr/bin/env node
import 'source-map-support/register';
import * as cdk from '@aws-cdk/core';
import {Construct, Stack, StackProps} from "@aws-cdk/core";
import {InterfaceVpcEndpointAwsService, SubnetFilter, Vpc} from "@aws-cdk/aws-ec2";

const app = new cdk.App();

interface MyStackProps extends StackProps {
  readonly subnetIds: string[];
  readonly vpcId: string;
}

class MyStack extends Stack {
  constructor(scope: Construct, id: string, props: MyStackProps) {
    super(scope, id, props);

    const vpc = Vpc.fromLookup(this, 'Vpc', {
      vpcId: props.vpcId,
    });

    const secretsManagerEndpoint = vpc.addInterfaceEndpoint('SecretsManagerEndpoint', {
      service: InterfaceVpcEndpointAwsService.SECRETS_MANAGER,
      subnets: {
        subnetFilters: [SubnetFilter.byIds(props.subnetIds)],
      },
    });
    secretsManagerEndpoint.connections.allowDefaultPortFromAnyIpv4();
  }
}

new MyStack(app, 'MyStack', {
  env: {
    account: 'xxx',
    region: 'us-east-1',
  },
  subnetIds: [
    'xxx',
    'xxx'
  ],
  vpcId: 'xxx'
});

What did you expect to happen?

I should be able to run CDK commands without an error occurring and without having to comment out portions of my stack in order to generate/update the cdk.context.json file.

What actually happened?

All CDK commands fail with an error and the cdk.context.json file is not generated/updated.

CDK CLI Version

1.132.0

Framework Version

No response

Node.js Version

v14.17.5

OS

macOS 11.5.1

Language

Typescript

Language Version

TypeScript (3.9.10)

Other information

The error that you will see after running any CDK command is:

Cannot create a VPC Endpoint with no subnets
Subprocess exited with error 1

Reference implementation: https://github.com/sdobberstein/cdk-vpc-issue

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-ec2Related to Amazon Elastic Compute CloudbugThis issue is a bug.effort/smallSmall work item – less than a day of effortp2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions