Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
@aws-cdk/aws-neptune: CfnDBCluster not honoring dbSubnetGroupName property
See original GitHub issueWhen declaring a Neptune cluster using neptune.CfnDBCluster(), I specify a custom subnet group via the dbSubnetGroupName property, which references a neptune.CfnDBSubnetGroup() resource.
However, when I look at the synthesized CloudFormation template, the template does not include any reference to this subnet group. Thus, the template attempts to deploy the cluster in the VPC default subnet which, in my case, does not exist.
Reproduction Steps
Launch the CDK stack shown below. When creating an instance of the stack, you must pass in a pre-existing VPC ID and two private subnets:
import * as cdk from '@aws-cdk/core';
import * as ec2 from '@aws-cdk/aws-ec2';
import * as neptune from '@aws-cdk/aws-neptune';
interface StackProps extends cdk.StackProps {
vpcId: string;
privateSubnet1Id: string;
privateSubnet2Id: string;
privateSubnet1AZ: string;
privateSubnet2AZ: string;
privateSubnet1RouteTableId: string;
privateSubnet2RouteTableId: string;
}
export class NeptuneDemoStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props: StackProps) {
super(scope, id, props);
const vpc = ec2.Vpc.fromLookup(this, 'ExistingVPC', {
vpcId: props.vpcId
});
const privateSubnet1 = ec2.Subnet.fromSubnetAttributes(this, "PrivateSubnet1", {
subnetId: props.privateSubnet1Id,
availabilityZone: props.privateSubnet1AZ,
routeTableId: props.privateSubnet1RouteTableId
});
const privateSubnet2 = ec2.Subnet.fromSubnetAttributes(this, "PrivateSubnet2", {
subnetId: props.privateSubnet2Id,
availabilityZone: props.privateSubnet2AZ,
routeTableId: props.privateSubnet2RouteTableId
});
const neptuneSubnetGroup = new neptune.CfnDBSubnetGroup(this, "NeptuneSubnetGroup", {
subnetIds: [
props.privateSubnet1Id,
props.privateSubnet2Id,
],
dbSubnetGroupDescription: "Private subnets",
});
const neptuneSecurityGroup = new ec2.SecurityGroup(this, "NeptuneSecurityGroup", {
vpc: vpc
});
// Allow all inbound access; if were using private subnets as suggested, only private
// resources will be able to reach this cluster:
neptuneSecurityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.allTraffic());
const neptuneCluster = new neptune.CfnDBCluster(this, "NeptuneCluster", {
dbSubnetGroupName: neptuneSubnetGroup.dbSubnetGroupName,
vpcSecurityGroupIds: [
neptuneSecurityGroup.securityGroupId
],
});
}
}
Run cdk deploy and receive the following error:
7:07:48 PM | CREATE_FAILED | AWS::Neptune::DBCluster | NeptuneDemoStack/NeptuneCluster
No default subnet detected in VPC. Please contact AWS Support to recreate default Subnets. (Service: AmazonNeptune; Status Cod
e: 400; Error Code: InvalidSubnet; Request ID: 49d47a68-b717-4b66-b6a0-f0285c9ba312; Proxy: null)
Inspect the launched CloudFormation template and note that the properties of the AWS::Neptune::DBCluster resource include no reference to the subnet group created above, even though the group is created as its own resource (AWS::Neptune::DBSubnetGroup):
NeptuneSubnetGroup:
Type: AWS::Neptune::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Private subnets
SubnetIds:
- subnet-00cffda429f0df548
- subnet-0c6c99165c3d25c30
Metadata:
aws:cdk:path: NeptuneDemoStack/NeptuneSubnetGroup
NeptuneCluster:
Type: AWS::Neptune::DBCluster
Properties:
VpcSecurityGroupIds:
- Fn::GetAtt:
- NeptuneSecurityGroup84C55613
- GroupId
Metadata:
aws:cdk:path: NeptuneDemoStack/NeptuneCluster
For reference, here is the complete synthesized template:
Resources:
NeptuneSubnetGroup:
Type: AWS::Neptune::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Private subnets
SubnetIds:
- subnet-00cffda429f0df548
- subnet-0c6c99165c3d25c30
Metadata:
aws:cdk:path: NeptuneDemoStack/NeptuneSubnetGroup
NeptuneSecurityGroup84C55613:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: NeptuneDemoStack/NeptuneSecurityGroup
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
Description: Allow all outbound traffic by default
IpProtocol: "-1"
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
Description: from 0.0.0.0/0:ALL TRAFFIC
IpProtocol: "-1"
VpcId: vpc-0a2cad50c98aed83f
Metadata:
aws:cdk:path: NeptuneDemoStack/NeptuneSecurityGroup/Resource
NeptuneCluster:
Type: AWS::Neptune::DBCluster
Properties:
VpcSecurityGroupIds:
- Fn::GetAtt:
- NeptuneSecurityGroup84C55613
- GroupId
Metadata:
aws:cdk:path: NeptuneDemoStack/NeptuneCluster
CDKMetadata:
Type: AWS::CDK::Metadata
Properties:
Modules: aws-cdk=1.77.0,@aws-cdk/assets=1.80.0,@aws-cdk/aws-cloudwatch=1.80.0,@aws-cdk/aws-ec2=1.80.0,@aws-cdk/aws-events=1.80.0,@aws-cdk/aws-iam=1.80.0,@aws-cdk/aws-kms=1.80.0,@aws-cdk/aws-logs=1.80.0,@aws-cdk/aws-neptune=1.80.0,@aws-cdk/aws-s3=1.80.0,@aws-cdk/aws-s3-assets=1.80.0,@aws-cdk/aws-ssm=1.80.0,@aws-cdk/cloud-assembly-schema=1.80.0,@aws-cdk/core=1.80.0,@aws-cdk/cx-api=1.80.0,@aws-cdk/region-info=1.80.0,jsii-runtime=node.js/v12.19.0
Metadata:
aws:cdk:path: NeptuneDemoStack/CDKMetadata/Default
What did you expect to happen?
What actually happened?
Environment
- CDK CLI Version : 1.77
- Framework Version: 1.80
- Node.js Version: V12.09
- OS : MacOs
- Language (Version): Typescript
Other
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
ty!
⚠️COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.