Tracking: Full Control VPC #30762
Assignees
Labels
Comments
shikha372
added
the
management/tracking
1 task
This was referenced Jul 8, 2024
mergify bot
pushed a commit
that referenced
this issue
Aug 7, 2024
### Issue # (if applicable) Closes [RFC#507](https://github.com/aws/aws-cdk-rfcs/blob/57fd92a7f20e242b96885264c12567493f5e867f/text/0507-subnets.md). Issue#[5927](#5927) Tracking Ticket #30762 ### Reason for this change This PR implements below RFC for Full Control VPC configuration Implementing RFC [Full Control VPC](https://github.com/aws/aws-cdk-rfcs/blob/57fd92a7f20e242b96885264c12567493f5e867f/text/0507-subnets.md) ### Description of changes Experimental API for VPC Lifecycle Doc: https://github.com/cdklabs/team-internal/blob/main/docs/construct-library-lifecycle.md - Introduced a new alpha module for VPCV2 - Both new class VPCV2 and SubnetV2 implement IVPC and ISubnet for compatibility with other constructs - Introduced a new IPAM class to support IP address alllocation through IPAM pool. - Validations of IP ranges assigned to subnet. - L2 class(Route) to define custom routes under the subnet - L2s for gateways like Egress only IGW and NATGW. ### Next Steps: Iterate on the API with the feedback from community and team to make it ergonomic. Close on the features listed in [tracking ticket](#30762) Will follow the exit criteria for this experimental API as outlined in below doc: https://github.com/cdklabs/team-internal/blob/main/docs/construct-library-lifecycle.md ### Description of how you validated changes Added unit tests with current coverage ~70% Added integration tests for subnet, vpc and routing features. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 task
mergify bot
pushed a commit
that referenced
this issue
Sep 12, 2024
### Issue # (if applicable) Tracking #[30762](#30762). ### Reason for this change implementing below methods for vpcV2. `routeTable.addroute(destination, target)`: Adds a new route to the existing route table of the subnet. `vpc.enableVpnGatewayV2()`: added a new function for the customer to add VPNGateway to their VPC. In the options, user can specify list of subnets for VPNRoutePropogation. This is similar to previous implementation, only difference is with VPNGateway L2, it is now creating VPNGatewayV2 which implements IRouteTarget and hence can be used a destination to be set up in route tables. `addInternetGateway` : adds internetGW to the VPC. **Default behaviour:** add default route with destination set to ‘0.0.0.0’ and ‘::0’(in case of subnet with ipv6). Also a check in place to verify SubnetType is set to public as IGW is meant to be added to public subnets. `addNatGateway`: NatGateways are subnet specific and are usually associated with PRIVATE_WITH_EGRESS or PUBLIC subnet. Also, one can’t attach NGW(Public) to subnet if VPC doesn’t have an IGW attached to it. This is validated in method implementation to prevent runtime deployment error. **No default behaviour** for the routes, it takes in the single subnet option and associates a NATGW with it. `vpc.addEgressOnlyInternetGateway()`: Egress Only internet GW are meant for outbound ipv6 traffic which can be custom or all ipv6(::/0). **Default behaviour:** Associates a EIGW to the vpc and takes optional input for subnets to define a default route in associated route Table, if a destination is not provided, then it is defined as all outbound ipv6 in subnet’s route table. **Additional changes:** -> Modify Readme -> Separate ipam related Tests ### Use Case Allows user to define gateways in their vpc with a simple method and an optional default route setup on provided subnets. Note: Breaking change since previously VPNGateway was released under route class, we’ve modified it to VPNGatewayV2. `vpc.enableVpnGateway` is marked as deprecated in vpcv2 base class. ### Description of how you validated changes Added unit tests and integration tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This was referenced Oct 10, 2024
mergify bot
added a commit
that referenced
this issue
Oct 29, 2024
### Issue # (if applicable) Tracking #30762. ### Reason for this change Allow users to define imports for a VPC or subnet defined outside current stack definition. ### Description of changes - Added new methods under VpcV2 and Subnet `VpcV2.fromVpcV2Attributes()` and `SubnetV2.fromSubnetV2Attributes()` - Added new L2 for VPCCidrBlock to allow import of secondary addresses. `VPCCidrBlock` - Added new integration test and unit test file to check import related functionality. - Updated Readme. - Fixed an earlier issue with subnet range check, fixed to include IPAM defined IPv4 address as well ### Description of how you validated changes Deployed and tested for below scenarios in account: 1. Import a VPC with primary IPv4 2. Import a subnet with primary IPv4 3. Import a VPC with multiple secondary IPv4 4. Import a VPC with Amazon provided IPV6 5. Import a VPC with Ipam provided IPv6/IPv4 7. Import subnet individually using fromSubnetV2attributes 8. Imported different type of multiple subnets 9. Add gateways/endpoint to imported vpc ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) BREAKING CHANGE: The new `VpcCidrBlock` L2 construct replaces `CfnVPCCidrBlock`. This change alters the logical ID of `AWS::EC2::VPCCidrBlock` resources in CloudFormation templates. Existing deployments will see errors like `CIDR range conflicts with x.xx.xx.xx/xx with association ID vpc-cidr-assoc-ABCD`. To resolve this, you must recreate your existing stacks to use the new module. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
mergify bot
pushed a commit
that referenced
this issue
Nov 21, 2024
### Issue # (if applicable) Contributes to closing [RFC#507](https://github.com/aws/aws-cdk-rfcs/blob/57fd92a7f20e242b96885264c12567493f5e867f/text/0507-subnets.md?plain=1#L252) Tracking: #30762 ### Reason for this change This PR implements a new L2 construct to setup VPC Peering Connection. ### Description of changes - L2 class(VPCPeeringConnection) - Function `validateVpcCidrOverlap` to ensure IPv4 CIDR blocks don't overlap for subnets in the VPCs ### Description of how you validated changes - Unit tests to test combination of accounts (cross account & cross region, default same account & same region) - Unit tests to see simulate when CIDR blocks overlap - Primary CIDR block overlaps - Secondary CIDR block overlaps - Primary and secondary CIDR block overlaps - Integration test for peering connection ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 task
mergify bot
pushed a commit
that referenced
this issue
Jan 7, 2025
### Issue # (if applicable) Closes [RFC#507](https://github.com/aws/aws-cdk-rfcs/blob/main/text/0507-subnets.md). Tracking (#30762 ) ### Reason for this change Added Name tag for VPC and related components. ### Description of changes Tag fields not supported in CFN schema for Route and Egress-only-IGW. ### Description of how you validated changes Added unit test and integration tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
iankhou
pushed a commit
that referenced
this issue
Jan 13, 2025
### Issue # (if applicable) Closes [RFC#507](https://github.com/aws/aws-cdk-rfcs/blob/main/text/0507-subnets.md). Tracking (#30762 ) ### Reason for this change Added Name tag for VPC and related components. ### Description of changes Tag fields not supported in CFN schema for Route and Egress-only-IGW. ### Description of how you validated changes Added unit test and integration tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 task
mergify bot
pushed a commit
that referenced
this issue
Jan 27, 2025
### Issue # (if applicable) Closes #30762 . ### Reason for this change Adding more unit tests to meet the global coverage before module graduation to `developer-preview`. ### Description of changes - Add more unit test case to cover all `if branches` test cases. - As per the discussion with service team, added optional field under IGW to allow users to choose the subnets for gateway routing, as there can be Public Subnet without an IGW attached( eg. using VPNGW to access internet). - Update IPAM README to higlight the problem of IPAM pool deletion as discussed with service team. - Update SubnetV2 README to higlight that a custom route table is being created through CDK. ### Describe any new or updated permissions being added No changes to IAM permissions. ### Description of how you validated changes `yarn build` `yarn test` ``` yarn run v1.22.21 $ cdk-test PASS test/ipam.test.ts PASS test/subnet-v2.test.ts PASS test/vpc-tagging.test.ts PASS test/util.test.ts PASS test/route.test.ts PASS test/vpc-add-method.test.ts PASS test/vpcv2-import.test.ts PASS test/vpc-v2.test.ts =============================== Coverage summary =============================== Statements : 89.88% ( 640/712 ) Branches : 81.68% ( 223/273 ) Functions : 82.6% ( 133/161 ) Lines : 89.89% ( 614/683 ) ================================================================================ Test Suites: 8 passed, 8 total Tests: 126 passed, 126 total Snapshots: 0 total Time: 2.244 s Ran all test suites. Verifying integration test snapshots... UNCHANGED integ.byoip-ipv6 0.888s UNCHANGED integ.ipam 0.928s UNCHANGED integ.subnet-v2 1.036s UNCHANGED integ.vpc-v2-alpha 1.047s UNCHANGED integ.test-import 1.053s UNCHANGED integ.peering-cross-account 1.101s UNCHANGED integ.vpc-v2-tagging 1.264s UNCHANGED integ.route-v2 1.29s Snapshot Results: Tests: 8 passed, 8 total Tests successful. Total time (4.5s) | /Users/shikagg/vpc_peering/aws-cdk/node_modules/jest/bin/jest.js (2.7s) | integ-runner (1.8s) ✨ Done in 4.87s. ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) BREAKING CHANGE: `operatingRegion` property under IPAM class is now renamed to `operatingRegions`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Comments on closed issues and PRs are hard for our team to see. |
mazyu36
pushed a commit
to mazyu36/aws-cdk
that referenced
this issue
Jan 28, 2025
### Issue # (if applicable) Closes aws#30762 . ### Reason for this change Adding more unit tests to meet the global coverage before module graduation to `developer-preview`. ### Description of changes - Add more unit test case to cover all `if branches` test cases. - As per the discussion with service team, added optional field under IGW to allow users to choose the subnets for gateway routing, as there can be Public Subnet without an IGW attached( eg. using VPNGW to access internet). - Update IPAM README to higlight the problem of IPAM pool deletion as discussed with service team. - Update SubnetV2 README to higlight that a custom route table is being created through CDK. ### Describe any new or updated permissions being added No changes to IAM permissions. ### Description of how you validated changes `yarn build` `yarn test` ``` yarn run v1.22.21 $ cdk-test PASS test/ipam.test.ts PASS test/subnet-v2.test.ts PASS test/vpc-tagging.test.ts PASS test/util.test.ts PASS test/route.test.ts PASS test/vpc-add-method.test.ts PASS test/vpcv2-import.test.ts PASS test/vpc-v2.test.ts =============================== Coverage summary =============================== Statements : 89.88% ( 640/712 ) Branches : 81.68% ( 223/273 ) Functions : 82.6% ( 133/161 ) Lines : 89.89% ( 614/683 ) ================================================================================ Test Suites: 8 passed, 8 total Tests: 126 passed, 126 total Snapshots: 0 total Time: 2.244 s Ran all test suites. Verifying integration test snapshots... UNCHANGED integ.byoip-ipv6 0.888s UNCHANGED integ.ipam 0.928s UNCHANGED integ.subnet-v2 1.036s UNCHANGED integ.vpc-v2-alpha 1.047s UNCHANGED integ.test-import 1.053s UNCHANGED integ.peering-cross-account 1.101s UNCHANGED integ.vpc-v2-tagging 1.264s UNCHANGED integ.route-v2 1.29s Snapshot Results: Tests: 8 passed, 8 total Tests successful. Total time (4.5s) | /Users/shikagg/vpc_peering/aws-cdk/node_modules/jest/bin/jest.js (2.7s) | integ-runner (1.8s) ✨ Done in 4.87s. ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) BREAKING CHANGE: `operatingRegion` property under IPAM class is now renamed to `operatingRegions`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
mazyu36
pushed a commit
to mazyu36/aws-cdk
that referenced
this issue
Jan 28, 2025
### Issue # (if applicable) Closes aws#30762 . ### Reason for this change Adding more unit tests to meet the global coverage before module graduation to `developer-preview`. ### Description of changes - Add more unit test case to cover all `if branches` test cases. - As per the discussion with service team, added optional field under IGW to allow users to choose the subnets for gateway routing, as there can be Public Subnet without an IGW attached( eg. using VPNGW to access internet). - Update IPAM README to higlight the problem of IPAM pool deletion as discussed with service team. - Update SubnetV2 README to higlight that a custom route table is being created through CDK. ### Describe any new or updated permissions being added No changes to IAM permissions. ### Description of how you validated changes `yarn build` `yarn test` ``` yarn run v1.22.21 $ cdk-test PASS test/ipam.test.ts PASS test/subnet-v2.test.ts PASS test/vpc-tagging.test.ts PASS test/util.test.ts PASS test/route.test.ts PASS test/vpc-add-method.test.ts PASS test/vpcv2-import.test.ts PASS test/vpc-v2.test.ts =============================== Coverage summary =============================== Statements : 89.88% ( 640/712 ) Branches : 81.68% ( 223/273 ) Functions : 82.6% ( 133/161 ) Lines : 89.89% ( 614/683 ) ================================================================================ Test Suites: 8 passed, 8 total Tests: 126 passed, 126 total Snapshots: 0 total Time: 2.244 s Ran all test suites. Verifying integration test snapshots... UNCHANGED integ.byoip-ipv6 0.888s UNCHANGED integ.ipam 0.928s UNCHANGED integ.subnet-v2 1.036s UNCHANGED integ.vpc-v2-alpha 1.047s UNCHANGED integ.test-import 1.053s UNCHANGED integ.peering-cross-account 1.101s UNCHANGED integ.vpc-v2-tagging 1.264s UNCHANGED integ.route-v2 1.29s Snapshot Results: Tests: 8 passed, 8 total Tests successful. Total time (4.5s) | /Users/shikagg/vpc_peering/aws-cdk/node_modules/jest/bin/jest.js (2.7s) | integ-runner (1.8s) ✨ Done in 4.87s. ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) BREAKING CHANGE: `operatingRegion` property under IPAM class is now renamed to `operatingRegions`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Overview
Full Control VPC provides feasibility to add custom route table and subnets to your network with the support of creating your VPC with Ipv6 Addresses.
The main components of this VPC construct is:
Link to the service’s CDK Construct Library API reference page.
https://github.com/aws/aws-cdk-rfcs/blob/57fd92a7f20e242b96885264c12567493f5e867f/text/0507-subnets.md
Maturity: CloudFormation Resources Only
Experimental
Implementation
###Features and Support
VPC
Subnet
Routing
Issue list
The text was updated successfully, but these errors were encountered: