VPC“fromLookup”导致所有私有子网和没有公共子网

Question

Using CDK v1.1.0 I'm trying to create an internet-facing Application Load Balancer.

When I call ec2.vpc.fromLookup using my vpcId , I get all my subnets, but all of them are marked as PRIVATE Subnets. Due to this I get an error that there are no Public Subnets Available.

If I try using ec2.vpc.fromVpcAttributes using my vpcId , availabilityZones and SubnetIDs , I get the error "Cannot read property 'selectSubnets' of undefined".

Route Table of My Subnets: Within the Subnets, my RouteTable has two Routes:

• Destination: 10.140.0.0/16, Target: Local, Status Active
• Destination: 0.0.0.0/0, Target: internet-gateway, Status Active

I'm not sure whether my subnet/VPC configuration are incorrect or aws-cdk has a bug.

I've manually tried creating an Application Load Balancer with the public subnets and was able to create is successfully. So I can't say my subnet configs are incorrect.

Answer 1

Took me a while, but i figured it out. For my Public Subnet, the attribute: Auto-assign public IPv4 address needed to be enabled (set to YES).

But that led to a weird requirement, I have to have the same number of public and private Subnets in all of the supported AZs. I don't understand why. Otherwise i get the error:
Not all subnets in VPC have the same AZs: ap-southeast-2a,ap-southeast-2b vs ap-southeast-2a,ap-southeast-2a,ap-southeast-2a,ap-southeast-2a,ap-southeast-2b,ap-southeast-2b,ap-southeast-2b,ap-southeast-2b,ap-southeast-2c,ap-southeast-2c,ap-southeast-2c

Answer 2

The easiest way to import and control how your subnets are categorized is to use ec2.Vpc.fromVpcAttributes :

// Import existing VPC
const vpc = ec2.Vpc.fromVpcAttributes(this, 'Vpc', {
  vpcId: 'vpc-xxxxxx',
  availabilityZones: ['eu-west-1a', 'eu-west-1b', 'eu-west-1c'],
  publicSubnetIds: ['subnet-xxxxxx', 'subnet-xxxxxx', 'subnet-xxxxxx'],
  privateSubnetIds: ['subnet-xxxxxx', 'subnet-xxxxxx', 'subnet-xxxxxx'],
});

Subnet order and length matters and must match availability zones.