[aws-ec2] Add way to filter VPC subnets by tags
See original GitHub issueA way to filter VPC subnets by tags. This is important to allow proper setup of systems with the CDK that have not been built with the CDK. No all systems are built with the best practices as these tend the change as the years go on anyways. Moving from Terraform, the VPC’s are not setup according to AWS standards (compared to the CDK) and this has some serious consequences as to “fix” the issue would require rebuilding system. That’s not ideal or really necessary if we had some control over which subnets to use VIA a filter.
Use Case
I am running into issues with codepipeline due to VPC subnets not being able to be filtered by a tag. I am coming from Terraform, having built most of our VPCs with: https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/2.25.0
This creates the subnets like:
olyott-sand-db-us-east-1a
olyott-sand-db-us-east-1b
olyott-sand-db-us-east-1c
olyott-sand-elasticache-us-east-1a
olyott-sand-elasticache-us-east-1b
olyott-sand-elasticache-us-east-1c
olyott-sand-private-us-east-1a
olyott-sand-private-us-east-1b
olyott-sand-private-us-east-1c
olyott-sand-public-us-east-1a
olyott-sand-public-us-east-1b
olyott-sand-public-us-east-1c
The issues I am having is that the db
and elasticache
subnets seem to be set to private. This leaves me with issues in the pipeline as this will build and deploy ECS to the DB and the cache subnets, which will always fail. These subnets behave as isolated but they are not identified as isolated.
It’s unrealistic to expect replacing all existing PROD VPCs with the new (proper) VPC using CDK. Especially since I cannot truly import like we can in Terraform. This leaves me in a state where I cannot use the CDK for codepipelines on any existing system. As the builds and deploys will work, at best. half the time.
What we need is a way to filter the subnets by the tag name, or any other tag for more control.
Proposed Solution
I am new to the CDK but perhaps a filterBy(tag, regexPattern|string)
to the VPC for subnets.
What I would like to do is use it like:
const _privateSubnets = vpc.privateSubnets.filterByTag('Name', /*(private)*/);
I tried to see if I could build this myself but I don’t see the metric possible to filter by. Perhaps a CloudFormation limitation?
- 👋 I may be able to implement this feature request
- ⚠️ This feature might incur a breaking change
This is a 🚀 Feature Request
Issue Analytics
- State:
- Created 3 years ago
- Reactions:15
- Comments:7 (2 by maintainers)
Top GitHub Comments
That solution primarily works for subnets managed by CDK. I have a situation where the VPC was created by others. And now I want to filter by the name Tag. I believe this issue is still relevant. I can work a fix?
Here is the fix which works for me.
Firstly, Add a new tag to each subnet group as below.
Tag
For Private subnets
For DB subnets
Please follow the same for other subnets groups as well
Secondly, Use
ec2.Vpc.fromLookup
to retrieve VPC object as belowuse above new subnet tag
KEY
insubnetGroupNameTag
Thirdly, Add
subnetGroupName
to vpc.selectSubnetuse above new subnet tag
VALUE
insubnetGroupName
Referred documents VpcLookupOptions SubnetSelection
Note: Please run
cdk context --clear
to clear thecdk.context.json
prior to verify this code