Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding VPC Gateway Endpoint to VPC created fromLookup fails #3472

Closed
1 of 5 tasks
vaneek opened this issue Jul 29, 2019 · 8 comments · Fixed by #3509
Closed
1 of 5 tasks

Adding VPC Gateway Endpoint to VPC created fromLookup fails #3472

vaneek opened this issue Jul 29, 2019 · 8 comments · Fixed by #3509
Labels
bug This issue is a bug. language/python Related to Python bindings needs-reproduction This issue needs reproduction.

Comments

@vaneek
Copy link

vaneek commented Jul 29, 2019

Note: for support questions, please first reference our documentation, then use Stackoverflow. This repository's issues are intended for feature requests and bug reports.

  • I'm submitting a ...

    • 🪲 bug report
    • 🚀 feature request
    • 📚 construct library gap
    • ☎️ security issue or vulnerability => Please see policy
    • ❓ support request => Please see note at the top of this template.

  • What is the current behavior?
    If the current behavior is a 🪲bug🪲: Please provide the steps to reproduce

Adding a VPC gateway type endpoint to a VPC referenced by Vpc.fromLookup fails with AttributeError: '_IVpcProxy' object has no attribute 'add_gateway_endpoint'

Python code;

vpc = ec2.Vpc.from_lookup(self, "VPC", is_default=True)

s3_endpoint = vpc.add_gateway_endpoint('S3Endpoint', 
    service=ec2.GatewayVpcEndpointAwsService('s3'))

Similar error message using vpc. add­_s3­_endpoint().

though ,

storage_gateway_endpoint = vpc.add_interface_endpoint('StorageGatewayEndpoint', 
            service=ec2.InterfaceVpcEndpointAwsService('storagegateway'))

is successful.

  • What is the expected behavior (or behavior of feature suggested)?

  • What is the motivation / use case for changing the behavior or adding this feature?

  • Please tell us about your environment:

    • CDK CLI Version: 1.2.0
    • Module Version: xx.xx.xx
    • OS: [all | Windows 10 | OSX Mojave | Ubuntu | etc... ]
    • Language: [ Python ]

  • Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, gitter, etc)
@vaneek vaneek added the needs-triage This issue or PR still needs to be triaged. label Jul 29, 2019
@vaneek vaneek changed the title Adding VPC Gateway Endpoint to VPC created fromLookup Adding VPC Gateway Endpoint to VPC created fromLookup fails Jul 29, 2019
@NGL321 NGL321 added bug This issue is a bug. needs-reproduction This issue needs reproduction. language/python Related to Python bindings service/vpc and removed needs-triage This issue or PR still needs to be triaged. labels Jul 29, 2019
@vaneek
Copy link
Author

vaneek commented Jul 30, 2019 

from aws_cdk import (
    aws_iam as iam,
    aws_ec2 as ec2,
    aws_autoscaling as autoscaling,
    core
)


class FileGatewayStack(core.Stack):

    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)
        vpc = ec2.Vpc.from_lookup(self, "VPC", is_default=True)
        # vpc = ec2.Vpc(self, "VPC")
        
        asg = autoscaling.AutoScalingGroup(
            self, "ASG",
            vpc=vpc,
            # vpc_subnets=vpc.select_subnets(subnet_type=ec2.SubnetType.PUBLIC, one_per_az=True),
            instance_type=ec2.InstanceType.of(
                ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.LARGE
            ),
            machine_image=ec2.GenericLinuxImage({
                'eu-west-2': 'ami-0b899ea99c9087f96',
                'eu-west-1': 'ami-02ea6e7d49330d41b',
            }),
        )
        
        storage_gateway_endpoint = vpc.add_interface_endpoint('StorageGatewayEndpoint', 
            service=ec2.InterfaceVpcEndpointAwsService('storagegateway'))
            
        s3_endpoint = vpc.add_s3_endpoint('S3Endpoint')

@jogold
Copy link
Contributor

jogold commented Jul 31, 2019

This is because gateway endpoints need route table ids and those were not available on imported VPCs when the feature was added (#2104). I can maybe have a look at this.

jogold added a commit to jogold/aws-cdk that referenced this issue Aug 1, 2019
@jogold
fix(ec2): allow adding gateway endpoints to imported VPC
8188088 
Move `addGatewayEndpoint()` to `IVpc` now that imported VPCs can have route table IDs populated (aws#3171).

Closes aws#3472
@jogold jogold mentioned this issue Aug 1, 2019
Merged
@mergify mergify bot closed this as completed in #3509 Aug 7, 2019
mergify bot pushed a commit that referenced this issue Aug 7, 2019
@jogold @mergify
fix(ec2): allow adding gateway endpoints to imported VPC (#3509)
b5db88d 
* fix(ec2): allow adding gateway endpoints to imported VPC

Move `addGatewayEndpoint()` to `IVpc` now that imported VPCs can have route table IDs populated (#3171).

Closes #3472

* deprecate addS3Endpoint() and addDynamoDbEndpoint()

* remove test on conveniance methods
@ozahavi
Copy link

ozahavi commented Jan 18, 2021
edited
Loading

Still having a problem when trying to add a gateway endpoint to a VPC that was imported using "vpc.fromLookup".
Error message: 'Can't add a gateway endpoint to VPC; route table IDs are not available'.

CDK 1.84, MacOS BigSur, Node 12.18.3.

@twitu
Copy link

twitu commented May 20, 2021
edited
Loading

I'm observing the same for CDK 1.102.0, Amazon Linux 2, Node v14.17.0

Has anybody found a fix for this?

@dnz-bdeboer
Copy link

Get exactly the same error even when the vpc is not imported.

@urosn74
Copy link

urosn74 commented Aug 30, 2021

For what is worth, in my case it helped when I deleted cdk.context.json.

@cyuste
Copy link
Contributor

cyuste commented Sep 2, 2021

In my scenario multiple subnets are sharing the same route table and this causes the gateway endpoint creation to fail. Using cfn resource solves the issue

@JoshMcCullough
Copy link

I'm running into this issue with an imported VPC (VPC.fromLookup), when creating an S3 Gateway endpoint:

  const vpc = Vpc.fromLookup(stack, ResourceIds.VPC.for(vpcName), {
    vpcName,
  });
  const interfaceServices = {
    ecr: InterfaceVpcEndpointAwsService.ECR,
    "ecr-dkr": InterfaceVpcEndpointAwsService.ECR_DOCKER,
    "ssm-messages": InterfaceVpcEndpointAwsService.SSM_MESSAGES,
    logs: InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS,
  };
  const gatewayServices = {
    "s3-gateway": GatewayVpcEndpointAwsService.S3,
  };

  Object
    .entries(interfaceServices)
    .forEach(([ name, service ]) => vpc.addInterfaceEndpoint(ResourceIds.VpcEndpoint.for(name), {
      service,
      subnets: {
        subnets,
      },
      securityGroups: [
        stack.securityGroups.vpcEndpoints,
      ],
    }));

  Object
    .entries(gatewayServices)
    .forEach(([ name, service ]) => vpc.addGatewayEndpoint(ResourceIds.VpcEndpoint.for(name), {
      service,
      subnets: [ {
        subnets,
      } ],
    }));

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. language/python Related to Python bindings needs-reproduction This issue needs reproduction.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(ec2): allow adding gateway endpoints to imported VPC jogold/aws-cdk
10 participants
@JoshMcCullough @NGL321 @vaneek @urosn74 @cyuste @jogold @SomayaB @twitu @ozahavi @dnz-bdeboer