vpc: when `natGateways` Inconsistent Route Table Configuration for Private Subnets in VPC with Multiple NAT Gateways

Question

vpc: when `natGateways` Inconsistent Route Table Configuration for Private Subnets in VPC with Multiple NAT Gateways

waltervargas opened this issue 16 days ago · comments

Describe the bug

When creating a VPC with multiple NAT Gateways using the AWS CDK, the automatic route table configuration for private subnets does not consistently assign routes for internet access (0.0.0.0/0) to the corresponding NAT Gateways.

Expected Behavior

All private subnets should have a route (0.0.0.0/0) pointing to their corresponding NAT Gateway

Current Behavior

Only one of the private subnets had the correct route to the NAT Gateway. The other private subnets lacked this route, causing connectivity issues.

Reproduction Steps

Define a VPC with multiple private and public subnets.
Configure the VPC to use multiple NAT Gateways (one per AZ) with property natGateways
Deploy the stack.
Here is the relevant CDK code used to create the VPC:

import * as cdk from 'aws-cdk-lib';
import { Vpc, SubnetType, IpAddresses } from 'aws-cdk-lib/aws-ec2';
import { Construct } from 'constructs';
import { ExtendedStackProps } from '../constants';

export class VPCStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props: ExtendedStackProps) {
    super(scope, id, props);

    new Vpc(this, props.envConfig.BackendVpc.name, {
      ipAddresses: IpAddresses.cidr(props.envConfig.BackendVpc.cidr),
      maxAzs: props.envConfig.BackendVpc.maxAzs,
      natGateways: props.envConfig.BackendVpc.natGateways,
      subnetConfiguration: [
        {
          cidrMask: props.envConfig.BackendVpc.publicSubnetMask,
          name: 'pab-public',
          subnetType: SubnetType.PUBLIC,
        },
        {
          cidrMask: props.envConfig.BackendVpc.privateSubnetMask,
          name: 'pab-private',
          subnetType: SubnetType.PRIVATE_WITH_EGRESS,
        },
      ],
    });
  }
}

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.144.0 (build 5fb15bc)

Framework Version

No response

Node.js Version

Node.js v20.14.0

OS

Linux avril 6.5.0-41-generic #41-Ubuntu SMP PREEMPT_DYNAMIC Mon May 20 15:55:15 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Language

TypeScript

Language Version

No response

Other information

No response

Pahud Hsieh · Answer 1 · Tue Jun 25 2024 03:49:37 GMT+0800 (China Standard Time)

I can't see some values from your provided snippet but this works perfect for me.

    new ec2.Vpc(this, 'Vpc', {
      ipAddresses: ec2.IpAddresses.cidr('10.0.0.0/16'),
      maxAzs: 3,
      natGateways: 3,
      subnetConfiguration: [
        {
          cidrMask: 19,
          name: 'pab-public',
          subnetType: SubnetType.PUBLIC,
        },
        {
          cidrMask: 19,
          name: 'pab-private',
          subnetType: SubnetType.PRIVATE_WITH_EGRESS,
        },
      ],
    });

Can you verify if my provided sample good with you?

github-actions · Answer 2 · Thu Jun 27 2024 04:05:52 GMT+0800 (China Standard Time)

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

Walter Vargas · Answer 3 · Mon Jul 01 2024 03:59:33 GMT+0800 (China Standard Time)

any update on this?