Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

VPC with only private subnet fails with error

See original GitHub issue

❓ General Issue

The Question

Because creating a VPC with default settings creates a public and private subnets that default to a NAT gateway for each public subnet, i am running out of EIP. My application doesnt even need a NAT gateways, its just an app that uses dax to connect to dynamodb. Anyways, i tried creating a vpc with just private subnet and add dynamo as a gateway endpoint:

const daxVpc = new Vpc(this, 'daxVpc', {
      cidr: Vpc.DEFAULT_CIDR_RANGE,
      subnetConfiguration: [{
        subnetType: SubnetType.PRIVATE,
        name: defaultSubnetName(SubnetType.PRIVATE)
      }],
      gatewayEndpoints: {
        DYNAMODB: {
          service: GatewayVpcEndpointAwsService.DYNAMODB
        }
      }
    });

but it errors out during deployment:

8/31 | 16:24:34 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | daxVpc/IsolatedSubnet1/Subnet (daxVpcIsolatedSubnet1SubnetA090FC82) Resource creation Initiated
  8/31 | 16:24:34 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | daxVpc/IsolatedSubnet2/Subnet (daxVpcIsolatedSubnet2Subnet469D29C8) Resource creation Initiated
  9/31 | 16:24:34 | CREATE_COMPLETE      | AWS::EC2::RouteTable                  | daxVpc/IsolatedSubnet2/RouteTable (daxVpcIsolatedSubnet2RouteTableE102F846) 
 10/31 | 16:24:34 | CREATE_COMPLETE      | AWS::EC2::RouteTable                  | daxVpc/IsolatedSubnet1/RouteTable (daxVpcIsolatedSubnet1RouteTable5B90AC7F) 
 11/31 | 16:24:36 | CREATE_FAILED        | AWS::EC2::Route                       | daxVpc/IsolatedSubnet1/DefaultRoute (daxVpcIsolatedSubnet1DefaultRoute54F632D7) Exactly one of [EgressOnlyInternetGatewayId, InstanceId, NatGatewayId, TransitGatewayId, GatewayId, VpcPeeringConnectionId, NetworkInterfaceId] must be specified and not empty

What configuration am i missing ??

Environment

CDK CLI Version: 1.3.0
Module Version: 1.3.0
OS:
Language: TypeScript

Other information

Issue Analytics

State:
Created 4 years ago
Reactions:6
Comments:16 (7 by maintainers)

Top GitHub Comments

1reaction

harmohan-acommented, Aug 20, 2019

yea, na, that wouldnt work. it needs to connect to dynamo which resides outside the vpc…

just having

const daxVpc = new Vpc(this, 'daxVpc', {
      cidr: Vpc.DEFAULT_CIDR_RANGE,
      // maxAzs: 1
      subnetConfiguration: [{
        subnetType: SubnetType.ISOLATED,
        name: defaultSubnetName(SubnetType.ISOLATED)
      }],
      gatewayEndpoints: {
        DYNAMODB: {
          service: GatewayVpcEndpointAwsService.DYNAMODB
        }
      }
    });

errors out:

There are no ‘Private’ subnets in this VPC. Use a different VPC subnet selection. Subprocess exited with error 1

0reactions

mahmoudabidcommented, Oct 23, 2019

I have a similar issue, where whether using a NAT Gateway or not (i.e specifyng nat_gateways=0 or =1+) will result in a route with destination 0.0.0.0/0 but no target at all:

e.g.

vpc = ec2.Vpc(self, "VPC", 
           cidr=vpc_cidr,
           max_azs=2,
           subnet_configuration=[
                ec2.SubnetConfiguration(
                   name="subnet_group_%s" % i,
                   subnet_type=ec2.SubnetType.PRIVATE)
                for i in range(2)],
           nat_gateways=2,
        )

will create a route as follow for each of the Subnets created, with no target specified:

"VPCsubnetgroup1Subnet1DefaultRoute7E53BA71": {
      "Type": "AWS::EC2::Route",
      "Properties": {
        "RouteTableId": {
          "Ref": "VPCsubnetgroup1Subnet1RouteTableE6131C24"
        },
        "DestinationCidrBlock": "0.0.0.0/0"
      },
      "Metadata": {
       "..."
      }
    }