Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[aws-ec2] Add way to filter VPC subnets by tags
See original GitHub issueA way to filter VPC subnets by tags. This is important to allow proper setup of systems with the CDK that have not been built with the CDK. No all systems are built with the best practices as these tend the change as the years go on anyways. Moving from Terraform, the VPC’s are not setup according to AWS standards (compared to the CDK) and this has some serious consequences as to “fix” the issue would require rebuilding system. That’s not ideal or really necessary if we had some control over which subnets to use VIA a filter.
Use Case
I am running into issues with codepipeline due to VPC subnets not being able to be filtered by a tag. I am coming from Terraform, having built most of our VPCs with: https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/2.25.0
This creates the subnets like:
olyott-sand-db-us-east-1a
olyott-sand-db-us-east-1b
olyott-sand-db-us-east-1c
olyott-sand-elasticache-us-east-1a
olyott-sand-elasticache-us-east-1b
olyott-sand-elasticache-us-east-1c
olyott-sand-private-us-east-1a
olyott-sand-private-us-east-1b
olyott-sand-private-us-east-1c
olyott-sand-public-us-east-1a
olyott-sand-public-us-east-1b
olyott-sand-public-us-east-1c
The issues I am having is that the db and elasticache subnets seem to be set to private. This leaves me with issues in the pipeline as this will build and deploy ECS to the DB and the cache subnets, which will always fail. These subnets behave as isolated but they are not identified as isolated.
It’s unrealistic to expect replacing all existing PROD VPCs with the new (proper) VPC using CDK. Especially since I cannot truly import like we can in Terraform. This leaves me in a state where I cannot use the CDK for codepipelines on any existing system. As the builds and deploys will work, at best. half the time.
What we need is a way to filter the subnets by the tag name, or any other tag for more control.
Proposed Solution
I am new to the CDK but perhaps a filterBy(tag, regexPattern|string) to the VPC for subnets.
What I would like to do is use it like:
const _privateSubnets = vpc.privateSubnets.filterByTag('Name', /*(private)*/);
I tried to see if I could build this myself but I don’t see the metric possible to filter by. Perhaps a CloudFormation limitation?
- 👋 I may be able to implement this feature request
- ⚠️ This feature might incur a breaking change
This is a 🚀 Feature Request
Issue Analytics
- State:
- Created 3 years ago
- Reactions:15
- Comments:7 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
That solution primarily works for subnets managed by CDK. I have a situation where the VPC was created by others. And now I want to filter by the name Tag. I believe this issue is still relevant. I can work a fix?
Here is the fix which works for me.
Firstly, Add a new tag to each subnet group as below.
Tag
For Private subnets
For DB subnets
Please follow the same for other subnets groups as well
Secondly, Use
ec2.Vpc.fromLookupto retrieve VPC object as belowuse above new subnet tag
KEYinsubnetGroupNameTagThirdly, Add
subnetGroupNameto vpc.selectSubnetuse above new subnet tag
VALUEinsubnetGroupNameReferred documents VpcLookupOptions SubnetSelection
Note: Please run
cdk context --clearto clear thecdk.context.jsonprior to verify this code