@aws-cdk/aws-neptune: CfnDBCluster not honoring dbSubnetGroupName property
See original GitHub issueWhen declaring a Neptune cluster using neptune.CfnDBCluster()
, I specify a custom subnet group via the dbSubnetGroupName
property, which references a neptune.CfnDBSubnetGroup()
resource.
However, when I look at the synthesized CloudFormation template, the template does not include any reference to this subnet group. Thus, the template attempts to deploy the cluster in the VPC default subnet which, in my case, does not exist.
Reproduction Steps
Launch the CDK stack shown below. When creating an instance of the stack, you must pass in a pre-existing VPC ID and two private subnets:
import * as cdk from '@aws-cdk/core';
import * as ec2 from '@aws-cdk/aws-ec2';
import * as neptune from '@aws-cdk/aws-neptune';
interface StackProps extends cdk.StackProps {
vpcId: string;
privateSubnet1Id: string;
privateSubnet2Id: string;
privateSubnet1AZ: string;
privateSubnet2AZ: string;
privateSubnet1RouteTableId: string;
privateSubnet2RouteTableId: string;
}
export class NeptuneDemoStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props: StackProps) {
super(scope, id, props);
const vpc = ec2.Vpc.fromLookup(this, 'ExistingVPC', {
vpcId: props.vpcId
});
const privateSubnet1 = ec2.Subnet.fromSubnetAttributes(this, "PrivateSubnet1", {
subnetId: props.privateSubnet1Id,
availabilityZone: props.privateSubnet1AZ,
routeTableId: props.privateSubnet1RouteTableId
});
const privateSubnet2 = ec2.Subnet.fromSubnetAttributes(this, "PrivateSubnet2", {
subnetId: props.privateSubnet2Id,
availabilityZone: props.privateSubnet2AZ,
routeTableId: props.privateSubnet2RouteTableId
});
const neptuneSubnetGroup = new neptune.CfnDBSubnetGroup(this, "NeptuneSubnetGroup", {
subnetIds: [
props.privateSubnet1Id,
props.privateSubnet2Id,
],
dbSubnetGroupDescription: "Private subnets",
});
const neptuneSecurityGroup = new ec2.SecurityGroup(this, "NeptuneSecurityGroup", {
vpc: vpc
});
// Allow all inbound access; if were using private subnets as suggested, only private
// resources will be able to reach this cluster:
neptuneSecurityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.allTraffic());
const neptuneCluster = new neptune.CfnDBCluster(this, "NeptuneCluster", {
dbSubnetGroupName: neptuneSubnetGroup.dbSubnetGroupName,
vpcSecurityGroupIds: [
neptuneSecurityGroup.securityGroupId
],
});
}
}
Run cdk deploy
and receive the following error:
7:07:48 PM | CREATE_FAILED | AWS::Neptune::DBCluster | NeptuneDemoStack/NeptuneCluster
No default subnet detected in VPC. Please contact AWS Support to recreate default Subnets. (Service: AmazonNeptune; Status Cod
e: 400; Error Code: InvalidSubnet; Request ID: 49d47a68-b717-4b66-b6a0-f0285c9ba312; Proxy: null)
Inspect the launched CloudFormation template and note that the properties of the AWS::Neptune::DBCluster
resource include no reference to the subnet group created above, even though the group is created as its own resource (AWS::Neptune::DBSubnetGroup
):
NeptuneSubnetGroup:
Type: AWS::Neptune::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Private subnets
SubnetIds:
- subnet-00cffda429f0df548
- subnet-0c6c99165c3d25c30
Metadata:
aws:cdk:path: NeptuneDemoStack/NeptuneSubnetGroup
NeptuneCluster:
Type: AWS::Neptune::DBCluster
Properties:
VpcSecurityGroupIds:
- Fn::GetAtt:
- NeptuneSecurityGroup84C55613
- GroupId
Metadata:
aws:cdk:path: NeptuneDemoStack/NeptuneCluster
For reference, here is the complete synthesized template:
Resources:
NeptuneSubnetGroup:
Type: AWS::Neptune::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Private subnets
SubnetIds:
- subnet-00cffda429f0df548
- subnet-0c6c99165c3d25c30
Metadata:
aws:cdk:path: NeptuneDemoStack/NeptuneSubnetGroup
NeptuneSecurityGroup84C55613:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: NeptuneDemoStack/NeptuneSecurityGroup
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
Description: Allow all outbound traffic by default
IpProtocol: "-1"
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
Description: from 0.0.0.0/0:ALL TRAFFIC
IpProtocol: "-1"
VpcId: vpc-0a2cad50c98aed83f
Metadata:
aws:cdk:path: NeptuneDemoStack/NeptuneSecurityGroup/Resource
NeptuneCluster:
Type: AWS::Neptune::DBCluster
Properties:
VpcSecurityGroupIds:
- Fn::GetAtt:
- NeptuneSecurityGroup84C55613
- GroupId
Metadata:
aws:cdk:path: NeptuneDemoStack/NeptuneCluster
CDKMetadata:
Type: AWS::CDK::Metadata
Properties:
Modules: aws-cdk=1.77.0,@aws-cdk/assets=1.80.0,@aws-cdk/aws-cloudwatch=1.80.0,@aws-cdk/aws-ec2=1.80.0,@aws-cdk/aws-events=1.80.0,@aws-cdk/aws-iam=1.80.0,@aws-cdk/aws-kms=1.80.0,@aws-cdk/aws-logs=1.80.0,@aws-cdk/aws-neptune=1.80.0,@aws-cdk/aws-s3=1.80.0,@aws-cdk/aws-s3-assets=1.80.0,@aws-cdk/aws-ssm=1.80.0,@aws-cdk/cloud-assembly-schema=1.80.0,@aws-cdk/core=1.80.0,@aws-cdk/cx-api=1.80.0,@aws-cdk/region-info=1.80.0,jsii-runtime=node.js/v12.19.0
Metadata:
aws:cdk:path: NeptuneDemoStack/CDKMetadata/Default
What did you expect to happen?
What actually happened?
Environment
- CDK CLI Version : 1.77
- Framework Version: 1.80
- Node.js Version: V12.09
- OS : MacOs
- Language (Version): Typescript
Other
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (1 by maintainers)
ty!
⚠️COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.