Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-cdk/ec2): aws-cdk:subnet-name tag and aws-cdk:subnet-type tag are removed after upgrading from 2.171.2 to 2.173.0 #32617

Closed
1 task done
github2023spring opened this issue Dec 20, 2024 · 5 comments
Closed
1 task done

(aws-cdk/ec2): aws-cdk:subnet-name tag and aws-cdk:subnet-type tag are removed after upgrading from 2.171.2 to 2.173.0 #32617

github2023spring opened this issue Dec 20, 2024 · 5 comments
Assignees
@ashishdhingra
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. p2 potential-regression Marking this issue as a potential regression to be checked by team member response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@github2023spring
Copy link

Describe the bug

aws-cdk:subnet-name tag and aws-cdk:subnet-type tag are removed after 2.173.0

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

the aws-cdk:subnet-name tag and aws-cdk:subnet-type tag should stay in the snapshot.

Current Behavior

the aws-cdk:subnet-name tag and aws-cdk:subnet-type tag are deleted from the CDK

Reproduction Steps

build a vpc stack with private subnet, or public subnet

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.173.0

Framework Version

No response

Node.js Version

18

OS

Mac

Language

TypeScript

Language Version

5.0.2

Other information

No response
@github2023spring github2023spring added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Dec 20, 2024
@github-actions github-actions bot added @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud potential-regression Marking this issue as a potential regression to be checked by team member labels Dec 20, 2024
@github2023spring github2023spring changed the title (aws-cdk/ec2): aws-cdk:subnet-name tag and aws-cdk:subnet-type tag are removed after 2.173.0 (aws-cdk/ec2): aws-cdk:subnet-name tag and aws-cdk:subnet-type tag are removed after upgrading from 2.171.2 to 2.173.0 Dec 20, 2024
@github2023spring
Copy link
Author

Our VPC is created by Ipam.

@ashishdhingra
Copy link
Contributor

ashishdhingra commented Dec 20, 2024
edited
Loading

@github2023spring Good morning. Could you please share the steps and minimal CDK code to reproduce the issue? Running cdk synth using version 2.173.0 or 2.173.2 (current latest) of CDK lib (updated in package.json) and CLI:

import * as cdk from 'aws-cdk-lib';
import * as ec2 from 'aws-cdk-lib/aws-ec2';


export class CdktestStackNew extends cdk.Stack {
  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    new ec2.Vpc(this, 'MyVpc', {
      subnetConfiguration: [
        {
          cidrMask: 24,
          name: 'ingress',
          subnetType: ec2.SubnetType.PUBLIC,
        },
        {
          cidrMask: 24,
          name: 'application',
          subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
        },
        {
          cidrMask: 28,
          name: 'rds',
          subnetType: ec2.SubnetType.PRIVATE_ISOLATED,
        }
      ]
    });
  }
}

generates the below CloudFormation template:

{
 "Resources": {
  "MyVpcF9F0CA6F": {
   "Type": "AWS::EC2::VPC",
   "Properties": {
    "CidrBlock": "10.0.0.0/16",
    "EnableDnsHostnames": true,
    "EnableDnsSupport": true,
    "InstanceTenancy": "default",
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc"
     }
    ]
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/Resource"
   }
  },
  "MyVpcingressSubnet1Subnet05B4D133": {
   "Type": "AWS::EC2::Subnet",
   "Properties": {
    "AvailabilityZone": "us-east-2a",
    "CidrBlock": "10.0.0.0/24",
    "MapPublicIpOnLaunch": true,
    "Tags": [
     {
      "Key": "aws-cdk:subnet-name",
      "Value": "ingress"
     },
     {
      "Key": "aws-cdk:subnet-type",
      "Value": "Public"
     },
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/ingressSubnet1"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet1/Subnet"
   }
  },
  "MyVpcingressSubnet1RouteTableBD23564A": {
   "Type": "AWS::EC2::RouteTable",
   "Properties": {
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/ingressSubnet1"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet1/RouteTable"
   }
  },
  "MyVpcingressSubnet1RouteTableAssociationCA312C68": {
   "Type": "AWS::EC2::SubnetRouteTableAssociation",
   "Properties": {
    "RouteTableId": {
     "Ref": "MyVpcingressSubnet1RouteTableBD23564A"
    },
    "SubnetId": {
     "Ref": "MyVpcingressSubnet1Subnet05B4D133"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet1/RouteTableAssociation"
   }
  },
  "MyVpcingressSubnet1DefaultRoute5C0E02BD": {
   "Type": "AWS::EC2::Route",
   "Properties": {
    "DestinationCidrBlock": "0.0.0.0/0",
    "GatewayId": {
     "Ref": "MyVpcIGW5C4A4F63"
    },
    "RouteTableId": {
     "Ref": "MyVpcingressSubnet1RouteTableBD23564A"
    }
   },
   "DependsOn": [
    "MyVpcVPCGW488ACE0D"
   ],
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet1/DefaultRoute"
   }
  },
  "MyVpcingressSubnet1EIPD447827A": {
   "Type": "AWS::EC2::EIP",
   "Properties": {
    "Domain": "vpc",
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/ingressSubnet1"
     }
    ]
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet1/EIP"
   }
  },
  "MyVpcingressSubnet1NATGatewayC15F3CF1": {
   "Type": "AWS::EC2::NatGateway",
   "Properties": {
    "AllocationId": {
     "Fn::GetAtt": [
      "MyVpcingressSubnet1EIPD447827A",
      "AllocationId"
     ]
    },
    "SubnetId": {
     "Ref": "MyVpcingressSubnet1Subnet05B4D133"
    },
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/ingressSubnet1"
     }
    ]
   },
   "DependsOn": [
    "MyVpcingressSubnet1DefaultRoute5C0E02BD",
    "MyVpcingressSubnet1RouteTableAssociationCA312C68"
   ],
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet1/NATGateway"
   }
  },
  "MyVpcingressSubnet2Subnet6E3FCA55": {
   "Type": "AWS::EC2::Subnet",
   "Properties": {
    "AvailabilityZone": "us-east-2b",
    "CidrBlock": "10.0.1.0/24",
    "MapPublicIpOnLaunch": true,
    "Tags": [
     {
      "Key": "aws-cdk:subnet-name",
      "Value": "ingress"
     },
     {
      "Key": "aws-cdk:subnet-type",
      "Value": "Public"
     },
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/ingressSubnet2"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet2/Subnet"
   }
  },
  "MyVpcingressSubnet2RouteTable17765BD0": {
   "Type": "AWS::EC2::RouteTable",
   "Properties": {
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/ingressSubnet2"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet2/RouteTable"
   }
  },
  "MyVpcingressSubnet2RouteTableAssociation10D8624C": {
   "Type": "AWS::EC2::SubnetRouteTableAssociation",
   "Properties": {
    "RouteTableId": {
     "Ref": "MyVpcingressSubnet2RouteTable17765BD0"
    },
    "SubnetId": {
     "Ref": "MyVpcingressSubnet2Subnet6E3FCA55"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet2/RouteTableAssociation"
   }
  },
  "MyVpcingressSubnet2DefaultRouteF6D3CDFA": {
   "Type": "AWS::EC2::Route",
   "Properties": {
    "DestinationCidrBlock": "0.0.0.0/0",
    "GatewayId": {
     "Ref": "MyVpcIGW5C4A4F63"
    },
    "RouteTableId": {
     "Ref": "MyVpcingressSubnet2RouteTable17765BD0"
    }
   },
   "DependsOn": [
    "MyVpcVPCGW488ACE0D"
   ],
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet2/DefaultRoute"
   }
  },
  "MyVpcingressSubnet2EIP1342BA84": {
   "Type": "AWS::EC2::EIP",
   "Properties": {
    "Domain": "vpc",
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/ingressSubnet2"
     }
    ]
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet2/EIP"
   }
  },
  "MyVpcingressSubnet2NATGateway220B5C59": {
   "Type": "AWS::EC2::NatGateway",
   "Properties": {
    "AllocationId": {
     "Fn::GetAtt": [
      "MyVpcingressSubnet2EIP1342BA84",
      "AllocationId"
     ]
    },
    "SubnetId": {
     "Ref": "MyVpcingressSubnet2Subnet6E3FCA55"
    },
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/ingressSubnet2"
     }
    ]
   },
   "DependsOn": [
    "MyVpcingressSubnet2DefaultRouteF6D3CDFA",
    "MyVpcingressSubnet2RouteTableAssociation10D8624C"
   ],
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet2/NATGateway"
   }
  },
  "MyVpcingressSubnet3SubnetB43CCB2C": {
   "Type": "AWS::EC2::Subnet",
   "Properties": {
    "AvailabilityZone": "us-east-2c",
    "CidrBlock": "10.0.2.0/24",
    "MapPublicIpOnLaunch": true,
    "Tags": [
     {
      "Key": "aws-cdk:subnet-name",
      "Value": "ingress"
     },
     {
      "Key": "aws-cdk:subnet-type",
      "Value": "Public"
     },
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/ingressSubnet3"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet3/Subnet"
   }
  },
  "MyVpcingressSubnet3RouteTable218CD36A": {
   "Type": "AWS::EC2::RouteTable",
   "Properties": {
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/ingressSubnet3"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet3/RouteTable"
   }
  },
  "MyVpcingressSubnet3RouteTableAssociation0850FC5F": {
   "Type": "AWS::EC2::SubnetRouteTableAssociation",
   "Properties": {
    "RouteTableId": {
     "Ref": "MyVpcingressSubnet3RouteTable218CD36A"
    },
    "SubnetId": {
     "Ref": "MyVpcingressSubnet3SubnetB43CCB2C"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet3/RouteTableAssociation"
   }
  },
  "MyVpcingressSubnet3DefaultRouteEEE78E68": {
   "Type": "AWS::EC2::Route",
   "Properties": {
    "DestinationCidrBlock": "0.0.0.0/0",
    "GatewayId": {
     "Ref": "MyVpcIGW5C4A4F63"
    },
    "RouteTableId": {
     "Ref": "MyVpcingressSubnet3RouteTable218CD36A"
    }
   },
   "DependsOn": [
    "MyVpcVPCGW488ACE0D"
   ],
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet3/DefaultRoute"
   }
  },
  "MyVpcingressSubnet3EIPCC82CF52": {
   "Type": "AWS::EC2::EIP",
   "Properties": {
    "Domain": "vpc",
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/ingressSubnet3"
     }
    ]
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet3/EIP"
   }
  },
  "MyVpcingressSubnet3NATGateway8C3F8115": {
   "Type": "AWS::EC2::NatGateway",
   "Properties": {
    "AllocationId": {
     "Fn::GetAtt": [
      "MyVpcingressSubnet3EIPCC82CF52",
      "AllocationId"
     ]
    },
    "SubnetId": {
     "Ref": "MyVpcingressSubnet3SubnetB43CCB2C"
    },
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/ingressSubnet3"
     }
    ]
   },
   "DependsOn": [
    "MyVpcingressSubnet3DefaultRouteEEE78E68",
    "MyVpcingressSubnet3RouteTableAssociation0850FC5F"
   ],
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/ingressSubnet3/NATGateway"
   }
  },
  "MyVpcapplicationSubnet1Subnet0A4FCBEC": {
   "Type": "AWS::EC2::Subnet",
   "Properties": {
    "AvailabilityZone": "us-east-2a",
    "CidrBlock": "10.0.3.0/24",
    "MapPublicIpOnLaunch": false,
    "Tags": [
     {
      "Key": "aws-cdk:subnet-name",
      "Value": "application"
     },
     {
      "Key": "aws-cdk:subnet-type",
      "Value": "Private"
     },
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/applicationSubnet1"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/applicationSubnet1/Subnet"
   }
  },
  "MyVpcapplicationSubnet1RouteTableFCDD946D": {
   "Type": "AWS::EC2::RouteTable",
   "Properties": {
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/applicationSubnet1"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/applicationSubnet1/RouteTable"
   }
  },
  "MyVpcapplicationSubnet1RouteTableAssociation37281D7C": {
   "Type": "AWS::EC2::SubnetRouteTableAssociation",
   "Properties": {
    "RouteTableId": {
     "Ref": "MyVpcapplicationSubnet1RouteTableFCDD946D"
    },
    "SubnetId": {
     "Ref": "MyVpcapplicationSubnet1Subnet0A4FCBEC"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/applicationSubnet1/RouteTableAssociation"
   }
  },
  "MyVpcapplicationSubnet1DefaultRoute4B900A14": {
   "Type": "AWS::EC2::Route",
   "Properties": {
    "DestinationCidrBlock": "0.0.0.0/0",
    "NatGatewayId": {
     "Ref": "MyVpcingressSubnet1NATGatewayC15F3CF1"
    },
    "RouteTableId": {
     "Ref": "MyVpcapplicationSubnet1RouteTableFCDD946D"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/applicationSubnet1/DefaultRoute"
   }
  },
  "MyVpcapplicationSubnet2Subnet04E944F4": {
   "Type": "AWS::EC2::Subnet",
   "Properties": {
    "AvailabilityZone": "us-east-2b",
    "CidrBlock": "10.0.4.0/24",
    "MapPublicIpOnLaunch": false,
    "Tags": [
     {
      "Key": "aws-cdk:subnet-name",
      "Value": "application"
     },
     {
      "Key": "aws-cdk:subnet-type",
      "Value": "Private"
     },
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/applicationSubnet2"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/applicationSubnet2/Subnet"
   }
  },
  "MyVpcapplicationSubnet2RouteTable1A5026C8": {
   "Type": "AWS::EC2::RouteTable",
   "Properties": {
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/applicationSubnet2"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/applicationSubnet2/RouteTable"
   }
  },
  "MyVpcapplicationSubnet2RouteTableAssociationD1C39589": {
   "Type": "AWS::EC2::SubnetRouteTableAssociation",
   "Properties": {
    "RouteTableId": {
     "Ref": "MyVpcapplicationSubnet2RouteTable1A5026C8"
    },
    "SubnetId": {
     "Ref": "MyVpcapplicationSubnet2Subnet04E944F4"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/applicationSubnet2/RouteTableAssociation"
   }
  },
  "MyVpcapplicationSubnet2DefaultRouteA21A20B8": {
   "Type": "AWS::EC2::Route",
   "Properties": {
    "DestinationCidrBlock": "0.0.0.0/0",
    "NatGatewayId": {
     "Ref": "MyVpcingressSubnet2NATGateway220B5C59"
    },
    "RouteTableId": {
     "Ref": "MyVpcapplicationSubnet2RouteTable1A5026C8"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/applicationSubnet2/DefaultRoute"
   }
  },
  "MyVpcapplicationSubnet3Subnet36843A8F": {
   "Type": "AWS::EC2::Subnet",
   "Properties": {
    "AvailabilityZone": "us-east-2c",
    "CidrBlock": "10.0.5.0/24",
    "MapPublicIpOnLaunch": false,
    "Tags": [
     {
      "Key": "aws-cdk:subnet-name",
      "Value": "application"
     },
     {
      "Key": "aws-cdk:subnet-type",
      "Value": "Private"
     },
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/applicationSubnet3"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/applicationSubnet3/Subnet"
   }
  },
  "MyVpcapplicationSubnet3RouteTable94563292": {
   "Type": "AWS::EC2::RouteTable",
   "Properties": {
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/applicationSubnet3"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/applicationSubnet3/RouteTable"
   }
  },
  "MyVpcapplicationSubnet3RouteTableAssociationE29CB40A": {
   "Type": "AWS::EC2::SubnetRouteTableAssociation",
   "Properties": {
    "RouteTableId": {
     "Ref": "MyVpcapplicationSubnet3RouteTable94563292"
    },
    "SubnetId": {
     "Ref": "MyVpcapplicationSubnet3Subnet36843A8F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/applicationSubnet3/RouteTableAssociation"
   }
  },
  "MyVpcapplicationSubnet3DefaultRouteD7A3BDF3": {
   "Type": "AWS::EC2::Route",
   "Properties": {
    "DestinationCidrBlock": "0.0.0.0/0",
    "NatGatewayId": {
     "Ref": "MyVpcingressSubnet3NATGateway8C3F8115"
    },
    "RouteTableId": {
     "Ref": "MyVpcapplicationSubnet3RouteTable94563292"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/applicationSubnet3/DefaultRoute"
   }
  },
  "MyVpcrdsSubnet1Subnet57EACA60": {
   "Type": "AWS::EC2::Subnet",
   "Properties": {
    "AvailabilityZone": "us-east-2a",
    "CidrBlock": "10.0.6.0/28",
    "MapPublicIpOnLaunch": false,
    "Tags": [
     {
      "Key": "aws-cdk:subnet-name",
      "Value": "rds"
     },
     {
      "Key": "aws-cdk:subnet-type",
      "Value": "Isolated"
     },
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/rdsSubnet1"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/rdsSubnet1/Subnet"
   }
  },
  "MyVpcrdsSubnet1RouteTable705FA6EE": {
   "Type": "AWS::EC2::RouteTable",
   "Properties": {
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/rdsSubnet1"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/rdsSubnet1/RouteTable"
   }
  },
  "MyVpcrdsSubnet1RouteTableAssociation38A3DB4D": {
   "Type": "AWS::EC2::SubnetRouteTableAssociation",
   "Properties": {
    "RouteTableId": {
     "Ref": "MyVpcrdsSubnet1RouteTable705FA6EE"
    },
    "SubnetId": {
     "Ref": "MyVpcrdsSubnet1Subnet57EACA60"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/rdsSubnet1/RouteTableAssociation"
   }
  },
  "MyVpcrdsSubnet2Subnet07251841": {
   "Type": "AWS::EC2::Subnet",
   "Properties": {
    "AvailabilityZone": "us-east-2b",
    "CidrBlock": "10.0.6.16/28",
    "MapPublicIpOnLaunch": false,
    "Tags": [
     {
      "Key": "aws-cdk:subnet-name",
      "Value": "rds"
     },
     {
      "Key": "aws-cdk:subnet-type",
      "Value": "Isolated"
     },
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/rdsSubnet2"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/rdsSubnet2/Subnet"
   }
  },
  "MyVpcrdsSubnet2RouteTable779EA1B9": {
   "Type": "AWS::EC2::RouteTable",
   "Properties": {
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/rdsSubnet2"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/rdsSubnet2/RouteTable"
   }
  },
  "MyVpcrdsSubnet2RouteTableAssociation3604833F": {
   "Type": "AWS::EC2::SubnetRouteTableAssociation",
   "Properties": {
    "RouteTableId": {
     "Ref": "MyVpcrdsSubnet2RouteTable779EA1B9"
    },
    "SubnetId": {
     "Ref": "MyVpcrdsSubnet2Subnet07251841"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/rdsSubnet2/RouteTableAssociation"
   }
  },
  "MyVpcrdsSubnet3SubnetE5A38958": {
   "Type": "AWS::EC2::Subnet",
   "Properties": {
    "AvailabilityZone": "us-east-2c",
    "CidrBlock": "10.0.6.32/28",
    "MapPublicIpOnLaunch": false,
    "Tags": [
     {
      "Key": "aws-cdk:subnet-name",
      "Value": "rds"
     },
     {
      "Key": "aws-cdk:subnet-type",
      "Value": "Isolated"
     },
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/rdsSubnet3"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/rdsSubnet3/Subnet"
   }
  },
  "MyVpcrdsSubnet3RouteTable619BC15A": {
   "Type": "AWS::EC2::RouteTable",
   "Properties": {
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc/rdsSubnet3"
     }
    ],
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/rdsSubnet3/RouteTable"
   }
  },
  "MyVpcrdsSubnet3RouteTableAssociationEA2CA155": {
   "Type": "AWS::EC2::SubnetRouteTableAssociation",
   "Properties": {
    "RouteTableId": {
     "Ref": "MyVpcrdsSubnet3RouteTable619BC15A"
    },
    "SubnetId": {
     "Ref": "MyVpcrdsSubnet3SubnetE5A38958"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/rdsSubnet3/RouteTableAssociation"
   }
  },
  "MyVpcIGW5C4A4F63": {
   "Type": "AWS::EC2::InternetGateway",
   "Properties": {
    "Tags": [
     {
      "Key": "Name",
      "Value": "CdktestStackNew/MyVpc"
     }
    ]
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/IGW"
   }
  },
  "MyVpcVPCGW488ACE0D": {
   "Type": "AWS::EC2::VPCGatewayAttachment",
   "Properties": {
    "InternetGatewayId": {
     "Ref": "MyVpcIGW5C4A4F63"
    },
    "VpcId": {
     "Ref": "MyVpcF9F0CA6F"
    }
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/VPCGW"
   }
  },
  "MyVpcRestrictDefaultSecurityGroupCustomResourceA4FCCD62": {
   "Type": "Custom::VpcRestrictDefaultSG",
   "Properties": {
    "ServiceToken": {
     "Fn::GetAtt": [
      "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E",
      "Arn"
     ]
    },
    "DefaultSecurityGroupId": {
     "Fn::GetAtt": [
      "MyVpcF9F0CA6F",
      "DefaultSecurityGroup"
     ]
    },
    "Account": "<<ACCOUN-ID>>"
   },
   "UpdateReplacePolicy": "Delete",
   "DeletionPolicy": "Delete",
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/MyVpc/RestrictDefaultSecurityGroupCustomResource/Default"
   }
  },
  "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": {
   "Type": "AWS::IAM::Role",
   "Properties": {
    "AssumeRolePolicyDocument": {
     "Version": "2012-10-17",
     "Statement": [
      {
       "Action": "sts:AssumeRole",
       "Effect": "Allow",
       "Principal": {
        "Service": "lambda.amazonaws.com"
       }
      }
     ]
    },
    "ManagedPolicyArns": [
     {
      "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
     }
    ],
    "Policies": [
     {
      "PolicyName": "Inline",
      "PolicyDocument": {
       "Version": "2012-10-17",
       "Statement": [
        {
         "Effect": "Allow",
         "Action": [
          "ec2:AuthorizeSecurityGroupIngress",
          "ec2:AuthorizeSecurityGroupEgress",
          "ec2:RevokeSecurityGroupIngress",
          "ec2:RevokeSecurityGroupEgress"
         ],
         "Resource": [
          {
           "Fn::Join": [
            "",
            [
             "arn:aws:ec2:us-east-2:<<ACCOUN-ID>>:security-group/",
             {
              "Fn::GetAtt": [
               "MyVpcF9F0CA6F",
               "DefaultSecurityGroup"
              ]
             }
            ]
           ]
          }
         ]
        }
       ]
      }
     }
    ]
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role"
   }
  },
  "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": {
   "Type": "AWS::Lambda::Function",
   "Properties": {
    "Code": {
     "S3Bucket": "cdk-hnb659fds-assets-<<ACCOUN-ID>>-us-east-2",
     "S3Key": "7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200.zip"
    },
    "Timeout": 900,
    "MemorySize": 128,
    "Handler": "__entrypoint__.handler",
    "Role": {
     "Fn::GetAtt": [
      "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0",
      "Arn"
     ]
    },
    "Runtime": "nodejs20.x",
    "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group"
   },
   "DependsOn": [
    "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0"
   ],
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler",
    "aws:asset:path": "asset.7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200",
    "aws:asset:property": "Code"
   }
  },
  "CDKMetadata": {
   "Type": "AWS::CDK::Metadata",
   "Properties": {
    "Analytics": "v2:deflate64:H4sIAAAAAAAA/3WOwWrDQAxEvyX39TZxC+3VNaXkUha75FrktZIosbVlpbUpIf9eTEr21NPMPA1iSrt5frTrFcxS+P5cDNTZS6vgzwZm+UJf2svu25t6zztXG5e6gXybOkZdWHZNSIqf0A2YeWaVSPAESoHv5cW8bd0iH6DvoDjDj3GRJlDMj7esGBnvhduSv1Spgj+OyHo1DUpI0aOpk2gYc9zzPycXw0Q9xlcQNJUIaqtwID5cDYce7Ukeps2LLdf2aXUSoiImVhrRNjf9BRrO6kU9AQAA"
   },
   "Metadata": {
    "aws:cdk:path": "CdktestStackNew/CDKMetadata/Default"
   }
  }
 },
 "Parameters": {
  "BootstrapVersion": {
   "Type": "AWS::SSM::Parameter::Value<String>",
   "Default": "/cdk-bootstrap/hnb659fds/version",
   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
  }
 },
 "Rules": {
  "CheckBootstrapVersion": {
   "Assertions": [
    {
     "Assert": {
      "Fn::Not": [
       {
        "Fn::Contains": [
         [
          "1",
          "2",
          "3",
          "4",
          "5"
         ],
         {
          "Ref": "BootstrapVersion"
         }
        ]
       }
      ]
     },
     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
    }
   ]
  }
 }
}

Clearly it has aws-cdk:subnet-name and aws-cdk:subnet-type tags in the template.

You mentioned that your VPC is generated from IPAM. Was it created outside CDK earlier? Please share concrete steps to reproduce the issue.

Thanks,
Ashish

@ashishdhingra ashishdhingra added p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Dec 20, 2024
@ashishdhingra ashishdhingra self-assigned this Dec 20, 2024
@github2023spring
Copy link
Author

@ashishdhingra Sorry, this seems to be related to another internal library that is built on top of aws-cdk that caused the problem. So, I will resolve this issue now. Thank you!

@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 20, 2024
@ashishdhingra
Copy link
Contributor

@ashishdhingra Sorry, this seems to be related to another internal library that is built on top of aws-cdk that caused the problem. So, I will resolve this issue now. Thank you!

@github2023spring Thanks for confirming it as no-issue. Also just FYI, looks like CDK package 2.171.2 is no longer available (it might been delisted from npm due to some potential regression).

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ashishdhingra ashishdhingra

Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. p2 potential-regression Marking this issue as a potential regression to be checked by team member response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ashishdhingra @github2023spring