feat(vpcv2): implementation of add gateway method #31224
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -23,10 +23,10 @@ To create a VPC with both IPv4 and IPv6 support: | |
| ```ts | ||
|
|
||
| const stack = new Stack(); | ||
| new VpcV2(this, 'Vpc', { | ||
| primaryAddressBlock: IpAddresses.ipv4('10.0.0.0/24'), | ||
| secondaryAddressBlocks: [ | ||
| IpAddresses.amazonProvidedIpv6({cidrBlockName: 'AmazonProvidedIpv6'}), | ||
| ], | ||
| }); | ||
| ``` | ||
|
|
@@ -43,17 +43,17 @@ This new construct can be used to add subnets to a `VpcV2` instance: | |
| ```ts | ||
|
|
||
| const stack = new Stack(); | ||
| const myVpc = new VpcV2(this, 'Vpc', { | ||
| secondaryAddressBlocks: [ | ||
| IpAddresses.amazonProvidedIpv6({ cidrBlockName: 'AmazonProvidedIp'}), | ||
| ], | ||
| }); | ||
|
|
||
| new SubnetV2(this, 'subnetA', { | ||
| vpc: myVpc, | ||
| availabilityZone: 'us-east-1a', | ||
| ipv4CidrBlock: new IpCidr('10.0.0.0/24'), | ||
| ipv6CidrBlock: new IpCidr('2a05:d02c:25:4000::/60'), | ||
| subnetType: ec2.SubnetType.PRIVATE_ISOLATED, | ||
| }) | ||
| ``` | ||
|
|
@@ -73,28 +73,28 @@ const ipam = new Ipam(this, 'Ipam', { | |
| operatingRegion: ['us-west-1'] | ||
| }); | ||
| const ipamPublicPool = ipam.publicScope.addPool('PublicPoolA', { | ||
| addressFamily: AddressFamily.IP_V6, | ||
| awsService: AwsServiceName.EC2, | ||
| locale: 'us-west-1', | ||
| publicIpSource: IpamPoolPublicIpSource.AMAZON, | ||
| }); | ||
| ipamPublicPool.provisionCidr('PublicPoolACidrA', { netmaskLength: 52 } ); | ||
|
|
||
| const ipamPrivatePool = ipam.privateScope.addPool('PrivatePoolA', { | ||
| addressFamily: AddressFamily.IP_V4, | ||
| }); | ||
| ipamPrivatePool.provisionCidr('PrivatePoolACidrA', { netmaskLength: 8 } ); | ||
|
|
||
| new VpcV2(this, 'Vpc', { | ||
| primaryAddressBlock: IpAddresses.ipv4('10.0.0.0/24'), | ||
| secondaryAddressBlocks: [ | ||
| IpAddresses.amazonProvidedIpv6({ cidrBlockName: 'AmazonIpv6' }), | ||
| IpAddresses.ipv6Ipam({ | ||
| ipamPool: ipamPublicPool, | ||
| netmaskLength: 52, | ||
| cidrBlockName: 'ipv6Ipam', | ||
| }), | ||
| IpAddresses.ipv4Ipam({ | ||
| ipamPool: ipamPrivatePool, | ||
| netmaskLength: 8, | ||
| cidrBlockName: 'ipv4Ipam', | ||
|
|
@@ -112,11 +112,11 @@ Since `VpcV2` does not create subnets automatically, users have full control ove | |
|
|
||
| ```ts | ||
|
|
||
| const myVpc = new VpcV2(this, 'Vpc'); | ||
| const routeTable = new RouteTable(this, 'RouteTable', { | ||
| vpc: myVpc, | ||
| }); | ||
| const subnet = new SubnetV2(this, 'Subnet', { | ||
| vpc: myVpc, | ||
| routeTable, | ||
| availabilityZone: 'eu-west-2a', | ||
|
|
@@ -129,47 +129,65 @@ const subnet = new vpc_v2.SubnetV2(this, 'Subnet', { | |
|
|
||
| ```ts | ||
| const stack = new Stack(); | ||
| const myVpc = new VpcV2(this, 'Vpc'); | ||
| const routeTable = new RouteTable(this, 'RouteTable', { | ||
| vpc: myVpc, | ||
| }); | ||
| const subnet = new SubnetV2(this, 'Subnet', { | ||
| vpc: myVpc, | ||
| availabilityZone: 'eu-west-2a', | ||
| ipv4CidrBlock: new IpCidr('10.0.0.0/24'), | ||
| subnetType: ec2.SubnetType.PRIVATE_ISOLATED }); | ||
|
|
||
| const igw = new InternetGateway(this, 'IGW', { | ||
| vpc: myVpc, | ||
| }); | ||
| new Route(this, 'IgwRoute', { | ||
| routeTable, | ||
| destination: '0.0.0.0/0', | ||
| target: { gateway: igw }, | ||
| }); | ||
| ``` | ||
|
|
||
| Alternatively, `Route`s can be created via a method in the `RouteTable` class. An example using the `EgressOnlyInternetGateway` construct can be seen below: | ||
| Note: `EgressOnlyInternetGateway` can only be used to set up outbound IPv6 routing. | ||
|
|
||
| ```ts | ||
| import * as vpc_v2 from '@aws-cdk/aws-ec2-alpha'; | ||
|
|
||
| const myVpc = new VpcV2(stack, 'Vpc', {...}); | ||
| const routeTable = new RouteTable(stack, 'RouteTable', { | ||
| vpc: vpc.myVpc, | ||
| }); | ||
| const subnet = new SubnetV2(stack, 'Subnet', {...}); | ||
|
|
||
| const eigw = new EgressOnlyInternetGateway(stack, 'EIGW', { | ||
| vpcId: vpc.myVpc, | ||
| }); | ||
| routeTable.addRoute('::/0', { gateway: eigw }); | ||
| ``` | ||
|
|
||
| Other route targets may require a deeper set of parameters to set up properly. For instance, the example below illustrates how to set up a `NatGateway`: | ||
|
|
||
| ```ts | ||
|
|
||
| const myVpc = new VpcV2(this, 'Vpc'); | ||
| const routeTable = new RouteTable(this, 'RouteTable', { | ||
| vpc: myVpc, | ||
| }); | ||
| const subnet = new SubnetV2(this, 'Subnet', { | ||
| vpc: myVpc, | ||
| availabilityZone: 'eu-west-2a', | ||
| ipv4CidrBlock: new IpCidr('10.0.0.0/24'), | ||
| subnetType: ec2.SubnetType.PRIVATE_ISOLATED }); | ||
|
|
||
| const natgw = new NatGateway(this, 'NatGW', { | ||
| subnet: subnet, | ||
| vpc: myVpc, | ||
| connectivityType: NatConnectivityType.PRIVATE, | ||
| privateIpAddress: '10.0.0.42', | ||
| }); | ||
| new Route(this, 'NatGwRoute', { | ||
| routeTable, | ||
| destination: '0.0.0.0/0', | ||
| target: { gateway: natgw }, | ||
|
|
@@ -180,11 +198,11 @@ It is also possible to set up endpoints connecting other AWS services. For insta | |
|
|
||
| ```ts | ||
|
|
||
| const myVpc = new VpcV2(this, 'Vpc'); | ||
| const routeTable = new RouteTable(this, 'RouteTable', { | ||
| vpc: myVpc, | ||
| }); | ||
| const subnet = new SubnetV2(this, 'Subnet', { | ||
| vpc: myVpc, | ||
| availabilityZone: 'eu-west-2a', | ||
| ipv4CidrBlock: new IpCidr('10.0.0.0/24'), | ||
|
|
@@ -195,9 +213,37 @@ const dynamoEndpoint = new ec2.GatewayVpcEndpoint(this, 'DynamoEndpoint', { | |
| vpc: myVpc, | ||
| subnets: [subnet], | ||
| }); | ||
| new Route(this, 'DynamoDBRoute', { | ||
| routeTable, | ||
| destination: '0.0.0.0/0', | ||
| target: { endpoint: dynamoEndpoint }, | ||
| }); | ||
| ``` | ||
|
|
||
| ## Adding Egress-Only Internet Gateway to VPC | ||
|
|
||
| An egress-only internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet, and prevents the internet from initiating an IPv6 connection with your instances. For more information see@ https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html | ||
shikha372 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| VPCv2 supports adding an egress only internet gateway to VPC with the help of `addEgressOnlyInternetGateway` method as well. | ||
shikha372 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| By Default, it sets up a route to all outbound IPv6 Address ranges unless specified to a specific destination by the user. It can only be set up for IPv6 enabled VPCs. | ||
shikha372 marked this conversation as resolved.
Show resolved
Hide resolved
shikha372 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| `Subnets` takes in value of `SubnetFilter` which can be based on a SubnetType in VPCV2. A new route will be added to route tables of all subnets filtered out with this property. | ||
shikha372 marked this conversation as resolved.
Show resolved
Hide resolved
There was a problem hiding this comment. You explained There was a problem hiding this comment. Selecting a type of subnet is a |
||
|
|
||
| ```ts | ||
|
|
||
| const myVpc = new VpcV2(this, 'Vpc'); | ||
| const routeTable = new RouteTable(this, 'RouteTable', { | ||
| vpc: myVpc, | ||
| }); | ||
| const subnet = new SubnetV2(this, 'Subnet', { | ||
| vpc: myVpc, | ||
| availabilityZone: 'eu-west-2a', | ||
| ipv4CidrBlock: new IpCidr('10.0.0.0/24'), | ||
| subnetType: ec2.SubnetType.PRIVATE }); | ||
|
|
||
| myVpc.addEgressOnlyInternetGateway({ | ||
| subnets: [{SubnetType.PUBLIC}], | ||
|
There was a problem hiding this comment. Haven't looked into implementation but this already looks weird to me. There was a problem hiding this comment. This is as per the current implementations we have in place for addInterfaceEndpoint and addgatewayEndpoint and provides a better way for the users to select multiple subnets at once without forming an array list first and then pass it. This seems to be the best option for specifying multiple subnets as an input. |
||
| destination: '::/60', | ||
| }) | ||
|
|
||
| ``` | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Routes looks weird.routeTable.addRoute. Right now it's immediately followed withAn example using Egress...which doesn't have anything to do withRoutes can be created via ...`There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
routeTable.addRoute('::/0', { gateway: eigw });To make it more clear mentioned the method name