Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Control over VPC AZs #5847

Closed
hljadmin opened this issue Jan 17, 2020 · 11 comments · Fixed by #20562
Closed

Control over VPC AZs #5847

hljadmin opened this issue Jan 17, 2020 · 11 comments · Fixed by #20562
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md p2

Comments

@hljadmin
Copy link

❓ General Issue

Attempting to create a VPC in ap-northeast-1 with 2 AZs and one NatGateway. Upon deploy the stack fails with the error "Nat Gateway is not available in this availability zone"

apne1-az3 in this region does not have NATGateway support, unfortunately it is mapped to AZ ap-northeast-1a in my account.

example:

vpc = aws_ec2.Vpc(
            self,
            id='prod_vpc',
            cidr='10.199.0.0/16',
            enable_dns_hostnames=False,
            enable_dns_support=True,
            nat_gateways=1,
            max_azs=2,
            subnet_configuration=[
                aws_ec2.SubnetConfiguration(
                    cidr_mask=24,
                    name='public',
                    subnet_type=aws_ec2.SubnetType.PUBLIC
                ),
                aws_ec2.SubnetConfiguration(
                    cidr_mask=20,
                    name='application',
                    subnet_type=aws_ec2.SubnetType.PRIVATE
                )
            ]
        )

Running this in a different account in the same region can also have the same issue.

expected behavior:

If a NATGateway is requested then the CDK should check for support in the AZ before selection. It appears that the CDK is processing in logical order?

question:

Is there a workaround for this?

Environment

  • CDK CLI Version: 1.21
  • OS: OSX Catalina
  • Language: Python
@hljadmin
Copy link
Author

hljadmin commented Jan 17, 2020
edited
Loading

Same issue with add_interface_endpoint

Not all regions/az are created equally it seems. Some control over what AZ to put use with a VPC into would be helpful.

@SomayaB SomayaB added guidance Question that needs advice or information. package/vpc labels Jan 17, 2020
@SomayaB SomayaB added needs-triage This issue or PR still needs to be triaged. bug This issue is a bug. labels Jan 17, 2020
@hljadmin
Copy link
Author

As an infrastructure designer having the ability to determine a list of AZs to use in a VPC would be invaluable. This is especially important in situations where deployments across accounts as well as regions come into play.

@rix0rrr rix0rrr added the feature-request A feature should be added or improved. label Jan 20, 2020
@rix0rrr rix0rrr changed the title Nat Gateway is not available in this availability zone Control over VPC AZs Jan 20, 2020
@rix0rrr rix0rrr removed the bug This issue is a bug. label Jan 20, 2020
@rix0rrr
Copy link
Contributor

rix0rrr commented Jan 20, 2020

It would entail adding an availabilityZones?: string[] construction parameter to the construct props. I will accept a PR adding this.

As a workaround, you can edit the AZs saved in cdk.context.json, or set them on the stack in the source code using setContext.

@hljadmin
Copy link
Author

hljadmin commented Jan 23, 2020
edited
Loading

Thank you. Unfortunately my skills in node are not up to doing this task. Hopefully someone can pick up this request. I think it would be clearer if the AZ was a param in the create of the VPC.

Had to do some digging but finally figured out one way to do this in python:

#only use these availability zones
self.node.set_context(
    key=f'availability-zones:account={self.account}:region={self.region}',
    value=['zone-1b', 'zone-1c']
)

@rix0rrr rix0rrr added effort/small Small work item – less than a day of effort good first issue Related to contributions. See CONTRIBUTING.md and removed guidance Question that needs advice or information. labels Jan 23, 2020
@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label Mar 4, 2020
@SomayaB SomayaB added @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud and removed package/vpc labels May 27, 2020
@johnschultz
Copy link

Could we allow specifying physical zones here as well? The use case is trying to use PrivateLinks to communicate across accounts and needing to guarantee that subnets are brought up in the same physical zones (e.g. use1-az1).

@martinnabhan
Copy link

We're having the same issue in the ap-northeast-1 region.
Following @hljadmin's example, here's the same thing in TypeScript (with ap-northeast-1a being the culprit):

if (this.region === 'ap-northeast-1') {
  this.node.setContext(`availability-zones:account=${this.account}:region=ap-northeast-1`, [
    'ap-northeast-1b',
    'ap-northeast-1c',
    'ap-northeast-1d',
  ]);
}
``

@rix0rrr
Copy link
Contributor

rix0rrr commented Aug 12, 2020

Also somewhat related to #5927

@rix0rrr rix0rrr added the p2 label Aug 12, 2020
@lengebre
Copy link

lengebre commented Jan 24, 2021
edited
Loading

Use the following to take control of the VPC AZ. The example will create a subnets in the us-east-1d, us-east-1e availability zones.

Best regards,
Mo

@property
def availability_zones(self):
    return ['us-east-1d', 'us-east-1e']

def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None:
    super().__init__(scope, construct_id, **kwargs)

    # The code that defines your stack goes here
    vpc = ec2.Vpc(
        self, "TestVpc",
        max_azs=2,
        cidr="10.0.0.0/16",
    )

@rix0rrr rix0rrr removed their assignment Jun 3, 2021
@fabiopaiva
Copy link

Could we allow specifying physical zones here as well? The use case is trying to use PrivateLinks to communicate across accounts and needing to guarantee that subnets are brought up in the same physical zones (e.g. use1-az1).

I had the same questions and found out that it's possible to check the AZ zone name/id mapping in AWS Resource Access Manager Console.
For eu-west-1 for example:

eu-west-1a | euw1-az3
eu-west-1b | euw1-az1
eu-west-1c | euw1-az2

philipmw added a commit to philipmw/aws-cdk that referenced this issue Jun 1, 2022
@philipmw
feat(aws-ec2): Control over VPC AZs
12b5e9d 
With this change, the `Vpc` construct gains a new constructor prop,
`availabilityZones`, which gives more control over AZs than the existing
`maxAzs` prop.

closes aws#5847
philipmw added a commit to philipmw/aws-cdk that referenced this issue Jun 1, 2022
@philipmw
feat(aws-ec2): control over VPC AZs
8672d51 
With this change, the `Vpc` construct gains a new constructor prop,
`availabilityZones`, which gives more control over AZs than the existing
`maxAzs` prop.

closes aws#5847
@philipmw philipmw mentioned this issue Jun 1, 2022
Merged
4 tasks
philipmw added a commit to philipmw/aws-cdk that referenced this issue Jun 3, 2022
@philipmw
feat(aws-ec2): control over VPC AZs
31316e1 
With this change, the `Vpc` construct gains a new constructor prop,
`availabilityZones`, which gives more control over AZs than the existing
`maxAzs` prop.

closes aws#5847
philipmw added a commit to philipmw/aws-cdk that referenced this issue Jun 3, 2022
@philipmw
feat(aws-ec2): control over VPC AZs
da25a1f 
With this change, the `Vpc` construct gains a new constructor prop,
`availabilityZones`, which gives more control over AZs than the existing
`maxAzs` prop.

closes aws#5847
philipmw added a commit to philipmw/aws-cdk that referenced this issue Jun 6, 2022
@philipmw
feat(aws-ec2): control over VPC AZs
e3d3dd4 
With this change, the `Vpc` construct gains a new constructor prop,
`availabilityZones`, which gives more control over AZs than the existing
`maxAzs` prop.

closes aws#5847
@mergify mergify bot closed this as completed in #20562 Jun 6, 2022
mergify bot pushed a commit that referenced this issue Jun 6, 2022
@philipmw
feat(aws-ec2): control over VPC AZs (#20562)
58dffd8 
With this change, the `Vpc` construct gains a new constructor prop,
`availabilityZones`, which gives more control over AZs than the existing
`maxAzs` prop.

closes #5847


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

github-actions bot commented Jun 6, 2022

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

daschaa pushed a commit to daschaa/aws-cdk that referenced this issue Jul 9, 2022
@philipmw @daschaa
feat(aws-ec2): control over VPC AZs (aws#20562)
3d3feed 
With this change, the `Vpc` construct gains a new constructor prop,
`availabilityZones`, which gives more control over AZs than the existing
`maxAzs` prop.

closes aws#5847


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@m17kea
Copy link

m17kea commented May 3, 2023

For anyone looking for consistency across availability zones I came across the following repo https://github.com/aws-samples/multi-account-az-mapping

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(aws-ec2): control over VPC AZs philipmw/aws-cdk
8 participants
@rix0rrr @fabiopaiva @hljadmin @johnschultz @martinnabhan @lengebre @SomayaB @m17kea