Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Control over VPC AZs

See original GitHub issue

❓ General Issue

Attempting to create a VPC in ap-northeast-1 with 2 AZs and one NatGateway. Upon deploy the stack fails with the error “Nat Gateway is not available in this availability zone”

apne1-az3 in this region does not have NATGateway support, unfortunately it is mapped to AZ ap-northeast-1a in my account.

example:

vpc = aws_ec2.Vpc(
            self,
            id='prod_vpc',
            cidr='10.199.0.0/16',
            enable_dns_hostnames=False,
            enable_dns_support=True,
            nat_gateways=1,
            max_azs=2,
            subnet_configuration=[
                aws_ec2.SubnetConfiguration(
                    cidr_mask=24,
                    name='public',
                    subnet_type=aws_ec2.SubnetType.PUBLIC
                ),
                aws_ec2.SubnetConfiguration(
                    cidr_mask=20,
                    name='application',
                    subnet_type=aws_ec2.SubnetType.PRIVATE
                )
            ]
        )

Running this in a different account in the same region can also have the same issue.

expected behavior:

If a NATGateway is requested then the CDK should check for support in the AZ before selection. It appears that the CDK is processing in logical order?

question:

Is there a workaround for this?

Environment

CDK CLI Version: 1.21
OS: OSX Catalina
Language: Python

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:10 (2 by maintainers)

Top GitHub Comments

3reactions

hljadmincommented, Jan 18, 2020

As an infrastructure designer having the ability to determine a list of AZs to use in a VPC would be invaluable. This is especially important in situations where deployments across accounts as well as regions come into play.

2reactions

hljadmincommented, Jan 23, 2020

Thank you. Unfortunately my skills in node are not up to doing this task. Hopefully someone can pick up this request. I think it would be clearer if the AZ was a param in the create of the VPC.

Had to do some digging but finally figured out one way to do this in python:

#only use these availability zones
self.node.set_context(
    key=f'availability-zones:account={self.account}:region={self.region}',
    value=['zone-1b', 'zone-1c']
)

Top Results From Across the Web

Use consistent Availability Zones in VPCs across different ...

Evaluate how many Availability Zones are needed to support your VPC requirements in the Region. Identify and record the AZ ID for each...

What is Amazon VPC - Hava.io

AWS VPC allows you to create a private virtual network in the AWS cloud which uses the same concepts and constructs as on...

Using AWS VPC | Crosswalk - Pulumi

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources...

VPC and Subnet Considerations - EKS Best Practices Guides

The Elastic Load Balancer controller uses tags to discover the subnets. ELB controller requires a minimum of two availability zones (AZs) to provision...

AWS VPC Security Group vs NACLs

A Network ACLs (NACLs) is an optional layer of security for the VPC that acts as a firewall for controlling traffic in and...