Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-ec2: cannot synth Vpc with CIDR mask configuration #25757

Open
ChrisLane opened this issue May 26, 2023 · 3 comments
Open

aws-ec2: cannot synth Vpc with CIDR mask configuration #25757

ChrisLane opened this issue May 26, 2023 · 3 comments
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/medium Medium work item – several days of effort p2

Comments

@ChrisLane
Copy link

ChrisLane commented May 26, 2023
edited
Loading

Describe the bug

I cannot synth the following code:

const ec2 = require("aws-cdk-lib/aws-ec2");
const vpc = new ec2.Vpc(this, "my-vpc", {
  vpcName: "my-vpc",
  ipAddresses: ec2.IpAddresses.cidr("10.199.32.0/20"),
  natGateways: 1,
  subnetConfiguration: [
    {
      name: "public-subnet",
      subnetType: ec2.SubnetType.PUBLIC,
      cidrMask: 25
    },
    {
      name: `private-with-nat-subnet`,
      subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
      cidrMask: 22
    },
    {
      name: `private-isolated-subnet`,
      subnetType: ec2.SubnetType.PRIVATE_ISOLATED,
      cidrMask: 25
    }
  ]
});

Instead, I get the error 1 of /25 exceeds remaining space of 10.199.32.0/20.

Expected Behavior

I understand that the default config results in 3 AZs, meaning this configuration would have a total of 9 subnets.

As far as I'm aware, the above configuration should be able to produce a subnet layout similar to the following that fits within the given CIDR:

10.199.32.0/22    Private with NAT
10.199.36.0/22    Private with NAT
10.199.40.0/22    Private with NAT
10.199.44.0/25    Public
10.199.44.128/25  Public
10.199.45.0/25    Public
10.199.45.128/25  Private Isolated
10.199.46.0/25    Private Isolated
10.199.46.128/25  Private Isolated

Current Behavior

Instead of the synth succeeding, I get the error 1 of /25 exceeds remaining space of 10.199.32.0/20.

Reproduction Steps

Attempt to synth the example code.

Possible Solution

Perhaps there is a hidden network feature that is restricting the IP space available to me, otherwise I think I've miscalculated my subnets or this is a bug.

Additional Information/Context

No response

CDK CLI Version

2.81.0

Framework Version

No response

Node.js Version

20.2.0

OS

Arch Linux 6.3.4

Language

Typescript

Language Version

JavaScript

Other information

If I reduce the PRIVATE_WITH_EGRESS CIDR mask to /23, I can successfully synth the project but this provides me with considerably fewer IPs.
@ChrisLane ChrisLane added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 26, 2023
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label May 26, 2023
@pahud
Copy link
Contributor

pahud commented May 30, 2023

related to #25537

@pahud pahud added investigating This issue is being investigated and/or work is in progress to resolve the issue. p2 effort/medium Medium work item – several days of effort labels May 30, 2023
@pahud pahud self-assigned this May 30, 2023
@pahud pahud removed the needs-triage This issue or PR still needs to be triaged. label May 30, 2023
@ChrisLane
Copy link
Author

I expected that the order that I define the subnets would not matter and that they would be placed in an order that works but this is not the case.

Changing the subnet order allows me to synth the configuration:

const ec2 = require("aws-cdk-lib/aws-ec2");
const vpc = new ec2.Vpc(this, "my-vpc", {
  vpcName: "my-vpc",
  ipAddresses: ec2.IpAddresses.cidr("10.199.32.0/20"),
  natGateways: 1,
  subnetConfiguration: [
      {
      name: `private-with-nat-subnet`,
      subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
      cidrMask: 22
    },
    {
      name: "public-subnet",
      subnetType: ec2.SubnetType.PUBLIC,
      cidrMask: 25
    },
    {
      name: `private-isolated-subnet`,
      subnetType: ec2.SubnetType.PRIVATE_ISOLATED,
      cidrMask: 25
    }
  ]
});

@pahud
Copy link
Contributor

pahud commented Aug 7, 2024

Yes your issue still relevant and workaround works for me.

@pahud pahud removed the investigating This issue is being investigated and/or work is in progress to resolve the issue. label Aug 7, 2024
@pahud pahud removed their assignment Aug 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/medium Medium work item – several days of effort p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pahud @ChrisLane