Skip to content

Commit ba6a8ef

Browse files
encronencron
authoredDec 1, 2021
fix(aws-ec2): imported VPC subnets never recognized as PRIVATE_ISOLATED (#17496)
fixes #17035 I do want to note that this does not cover all cases. For example, it could also be that there is a NAT instance used for internet routing instead of a NAT gateway. It's however near impossible to figure out if a route to an instance is a route to a NAT instance or just a random EC2 instance. Next to that, it can also be that the NAT gateway is running in a private subnet to do routing between different VPCs instead of the internet. In that case, the subnet would not match any of the current "variations" that are defined in the `aws-cdk` documentation (https://docs.aws.amazon.com/cdk/api/latest/docs/aws-ec2-readme.html). But since the types are referred to as `PRIVATE_WITH_NAT` and `PRIVATE_WITHOUT_NAT`, I assume this implementation to be sufficient. I did add an extra check on the destination CIDR block being `0.0.0.0/0` since that is what someone would commonly use if the purpose of the NAT gateway is internet routing in any case. See f.e. https://docs.aws.amazon.com/vpc/latest/userguide/route-table-options.html#route-tables-nat. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
·
v2.185.0v1.135.0
1 parent a75d5fd commit ba6a8ef

File tree

3 files changed

+469
-23
lines changed

3 files changed

+469
-23
lines changed
 

‎packages/aws-cdk/lib/context-providers/vpcs.ts

+18-4
Original file line numberDiff line numberDiff line change
@@ -56,8 +56,12 @@ export class VpcNetworkContextProviderPlugin implements ContextProviderPlugin {
5656
// Now comes our job to separate these subnets out into AZs and subnet groups (Public, Private, Isolated)
5757
// We have the following attributes to go on:
5858
// - Type tag, we tag subnets with their type. In absence of this tag, we
59-
// fall back to MapPublicIpOnLaunch => must be a Public subnet, anything
60-
// else is considered Priate.
59+
// determine the subnet must be Public if either:
60+
// a) it has the property MapPublicIpOnLaunch
61+
// b) it has a route to an Internet Gateway
62+
// If both of the above is false but the subnet has a route to a NAT Gateway
63+
// and the destination CIDR block is "0.0.0.0/0", we assume it to be a Private subnet.
64+
// Anything else is considered Isolated.
6165
// - Name tag, we tag subnets with their subnet group name. In absence of this tag,
6266
// we use the type as the name.
6367

@@ -68,7 +72,8 @@ export class VpcNetworkContextProviderPlugin implements ContextProviderPlugin {
6872
let type = getTag('aws-cdk:subnet-type', subnet.Tags);
6973
if (type === undefined && subnet.MapPublicIpOnLaunch) { type = SubnetType.Public; }
7074
if (type === undefined && routeTables.hasRouteToIgw(subnet.SubnetId)) { type = SubnetType.Public; }
71-
if (type === undefined) { type = SubnetType.Private; }
75+
if (type === undefined && routeTables.hasRouteToNatGateway(subnet.SubnetId)) { type = SubnetType.Private; }
76+
if (type === undefined) { type = SubnetType.Isolated; }
7277

7378
if (!isValidSubnetType(type)) {
7479
// eslint-disable-next-line max-len
@@ -154,11 +159,20 @@ class RouteTables {
154159
return (table && table.RouteTableId) || (this.mainRouteTable && this.mainRouteTable.RouteTableId);
155160
}
156161

162+
/**
163+
* Whether the given subnet has a route to a NAT Gateway
164+
*/
165+
public hasRouteToNatGateway(subnetId: string | undefined): boolean {
166+
const table = this.tableForSubnet(subnetId) || this.mainRouteTable;
167+
168+
return !!table && !!table.Routes && table.Routes.some(route => !!route.NatGatewayId && route.DestinationCidrBlock === '0.0.0.0/0');
169+
}
170+
157171
/**
158172
* Whether the given subnet has a route to an IGW
159173
*/
160174
public hasRouteToIgw(subnetId: string | undefined): boolean {
161-
const table = this.tableForSubnet(subnetId);
175+
const table = this.tableForSubnet(subnetId) || this.mainRouteTable;
162176

163177
return !!table && !!table.Routes && table.Routes.some(route => !!route.GatewayId && route.GatewayId.startsWith('igw-'));
164178
}

‎packages/aws-cdk/test/context-providers/asymmetric-vpcs.test.ts

+265-15
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,42 @@ test('looks up the requested (symmetric) VPC', async () => {
2121
{ SubnetId: 'sub-789012', AvailabilityZone: 'bermuda-triangle-1337', MapPublicIpOnLaunch: false, CidrBlock: '1.1.2.1/24' },
2222
],
2323
routeTables: [
24-
{ Associations: [{ SubnetId: 'sub-123456' }], RouteTableId: 'rtb-123456' },
25-
{ Associations: [{ SubnetId: 'sub-789012' }], RouteTableId: 'rtb-789012' },
24+
{
25+
Associations: [{ SubnetId: 'sub-123456' }],
26+
RouteTableId: 'rtb-123456',
27+
Routes: [
28+
{
29+
DestinationCidrBlock: '1.1.1.1/24',
30+
GatewayId: 'local',
31+
Origin: 'CreateRouteTable',
32+
State: 'active',
33+
},
34+
{
35+
DestinationCidrBlock: '0.0.0.0/0',
36+
GatewayId: 'igw-xxxxxx',
37+
Origin: 'CreateRoute',
38+
State: 'active',
39+
},
40+
],
41+
},
42+
{
43+
Associations: [{ SubnetId: 'sub-789012' }],
44+
RouteTableId: 'rtb-789012',
45+
Routes: [
46+
{
47+
DestinationCidrBlock: '1.1.2.1/24',
48+
GatewayId: 'local',
49+
Origin: 'CreateRouteTable',
50+
State: 'active',
51+
},
52+
{
53+
DestinationCidrBlock: '0.0.0.0/0',
54+
NatGatewayId: 'nat-xxxxxx',
55+
Origin: 'CreateRoute',
56+
State: 'active',
57+
},
58+
],
59+
},
2660
],
2761
vpnGateways: [{ VpnGatewayId: 'gw-abcdef' }],
2862

@@ -115,8 +149,42 @@ test('uses the VPC main route table when a subnet has no specific association',
115149
{ SubnetId: 'sub-789012', AvailabilityZone: 'bermuda-triangle-1337', MapPublicIpOnLaunch: false, CidrBlock: '1.1.2.1/24' },
116150
],
117151
routeTables: [
118-
{ Associations: [{ SubnetId: 'sub-123456' }], RouteTableId: 'rtb-123456' },
119-
{ Associations: [{ Main: true }], RouteTableId: 'rtb-789012' },
152+
{
153+
Associations: [{ SubnetId: 'sub-123456' }],
154+
RouteTableId: 'rtb-123456',
155+
Routes: [
156+
{
157+
DestinationCidrBlock: '1.1.1.1/24',
158+
GatewayId: 'local',
159+
Origin: 'CreateRouteTable',
160+
State: 'active',
161+
},
162+
{
163+
DestinationCidrBlock: '0.0.0.0/0',
164+
GatewayId: 'igw-xxxxxx',
165+
Origin: 'CreateRoute',
166+
State: 'active',
167+
},
168+
],
169+
},
170+
{
171+
Associations: [{ Main: true }],
172+
RouteTableId: 'rtb-789012',
173+
Routes: [
174+
{
175+
DestinationCidrBlock: '1.1.2.1/24',
176+
GatewayId: 'local',
177+
Origin: 'CreateRouteTable',
178+
State: 'active',
179+
},
180+
{
181+
DestinationCidrBlock: '0.0.0.0/0',
182+
NatGatewayId: 'nat-xxxxxx',
183+
Origin: 'CreateRoute',
184+
State: 'active',
185+
},
186+
],
187+
},
120188
],
121189
vpnGateways: [{ VpnGatewayId: 'gw-abcdef' }],
122190
});
@@ -189,7 +257,7 @@ test('Recognize public subnet by route table', async () => {
189257
VpcPeeringConnectionId: 'pcx-xxxxxx',
190258
},
191259
{
192-
DestinationCidrBlock: '10.0.1.0/24',
260+
DestinationCidrBlock: '1.1.1.1/24',
193261
GatewayId: 'local',
194262
Origin: 'CreateRouteTable',
195263
State: 'active',
@@ -245,6 +313,142 @@ test('Recognize public subnet by route table', async () => {
245313
});
246314
});
247315

316+
test('Recognize isolated subnet by route table', async () => {
317+
// GIVEN
318+
mockVpcLookup({
319+
subnets: [
320+
{ SubnetId: 'sub-123456', AvailabilityZone: 'bermuda-triangle-1337', MapPublicIpOnLaunch: false },
321+
],
322+
routeTables: [
323+
{
324+
Associations: [{ SubnetId: 'sub-123456' }],
325+
RouteTableId: 'rtb-123456',
326+
Routes: [
327+
{
328+
DestinationCidrBlock: '1.1.2.1/24',
329+
GatewayId: 'local',
330+
Origin: 'CreateRouteTable',
331+
State: 'active',
332+
},
333+
],
334+
},
335+
],
336+
});
337+
338+
// WHEN
339+
const result = await new VpcNetworkContextProviderPlugin(mockSDK).getValue({
340+
account: '1234',
341+
region: 'us-east-1',
342+
filter: { foo: 'bar' },
343+
returnAsymmetricSubnets: true,
344+
});
345+
346+
// THEN
347+
expect(result).toEqual({
348+
availabilityZones: [],
349+
vpcCidrBlock: '1.1.1.1/16',
350+
isolatedSubnetIds: undefined,
351+
isolatedSubnetNames: undefined,
352+
isolatedSubnetRouteTableIds: undefined,
353+
privateSubnetIds: undefined,
354+
privateSubnetNames: undefined,
355+
privateSubnetRouteTableIds: undefined,
356+
publicSubnetIds: undefined,
357+
publicSubnetNames: undefined,
358+
publicSubnetRouteTableIds: undefined,
359+
subnetGroups: [
360+
{
361+
name: 'Isolated',
362+
type: 'Isolated',
363+
subnets: [
364+
{
365+
subnetId: 'sub-123456',
366+
availabilityZone: 'bermuda-triangle-1337',
367+
routeTableId: 'rtb-123456',
368+
cidr: undefined,
369+
},
370+
],
371+
},
372+
],
373+
vpcId: 'vpc-1234567',
374+
vpnGatewayId: undefined,
375+
});
376+
});
377+
378+
test('Recognize private subnet by route table', async () => {
379+
// GIVEN
380+
mockVpcLookup({
381+
subnets: [
382+
{ SubnetId: 'sub-123456', AvailabilityZone: 'bermuda-triangle-1337', MapPublicIpOnLaunch: false },
383+
],
384+
routeTables: [
385+
{
386+
Associations: [{ SubnetId: 'sub-123456' }],
387+
RouteTableId: 'rtb-123456',
388+
Routes: [
389+
{
390+
DestinationCidrBlock: '10.0.2.0/26',
391+
Origin: 'CreateRoute',
392+
State: 'active',
393+
VpcPeeringConnectionId: 'pcx-xxxxxx',
394+
},
395+
{
396+
DestinationCidrBlock: '1.1.2.1/24',
397+
GatewayId: 'local',
398+
Origin: 'CreateRouteTable',
399+
State: 'active',
400+
},
401+
{
402+
DestinationCidrBlock: '0.0.0.0/0',
403+
NatGatewayId: 'nat-xxxxxx',
404+
Origin: 'CreateRoute',
405+
State: 'active',
406+
},
407+
],
408+
},
409+
],
410+
});
411+
412+
// WHEN
413+
const result = await new VpcNetworkContextProviderPlugin(mockSDK).getValue({
414+
account: '1234',
415+
region: 'us-east-1',
416+
filter: { foo: 'bar' },
417+
returnAsymmetricSubnets: true,
418+
});
419+
420+
// THEN
421+
expect(result).toEqual({
422+
availabilityZones: [],
423+
vpcCidrBlock: '1.1.1.1/16',
424+
isolatedSubnetIds: undefined,
425+
isolatedSubnetNames: undefined,
426+
isolatedSubnetRouteTableIds: undefined,
427+
privateSubnetIds: undefined,
428+
privateSubnetNames: undefined,
429+
privateSubnetRouteTableIds: undefined,
430+
publicSubnetIds: undefined,
431+
publicSubnetNames: undefined,
432+
publicSubnetRouteTableIds: undefined,
433+
subnetGroups: [
434+
{
435+
name: 'Private',
436+
type: 'Private',
437+
subnets: [
438+
{
439+
subnetId: 'sub-123456',
440+
availabilityZone: 'bermuda-triangle-1337',
441+
routeTableId: 'rtb-123456',
442+
cidr: undefined,
443+
},
444+
],
445+
},
446+
],
447+
vpcId: 'vpc-1234567',
448+
vpnGatewayId: undefined,
449+
});
450+
});
451+
248452
test('works for asymmetric subnets (not spanning the same Availability Zones)', async () => {
249453
// GIVEN
250454
mockVpcLookup({
@@ -255,7 +459,30 @@ test('works for asymmetric subnets (not spanning the same Availability Zones)',
255459
{ SubnetId: 'pub-sub-in-1a', AvailabilityZone: 'us-west-1a', MapPublicIpOnLaunch: true, CidrBlock: '1.1.4.1/24' },
256460
],
257461
routeTables: [
258-
{ Associations: [{ Main: true }], RouteTableId: 'rtb-123' },
462+
{
463+
Associations: [{ SubnetId: 'pri-sub-in-1b' }],
464+
RouteTableId: 'rtb-123456',
465+
Routes: [
466+
{
467+
DestinationCidrBlock: '0.0.0.0/0',
468+
NatGatewayId: 'nat-xxxxxx',
469+
Origin: 'CreateRoute',
470+
State: 'active',
471+
},
472+
],
473+
},
474+
{
475+
Associations: [{ Main: true }],
476+
RouteTableId: 'rtb-789012',
477+
Routes: [
478+
{
479+
DestinationCidrBlock: '0.0.0.0/0',
480+
GatewayId: 'igw-xxxxxx',
481+
Origin: 'CreateRoute',
482+
State: 'active',
483+
},
484+
],
485+
},
259486
],
260487
});
261488

@@ -288,7 +515,7 @@ test('works for asymmetric subnets (not spanning the same Availability Zones)',
288515
{
289516
subnetId: 'pri-sub-in-1b',
290517
availabilityZone: 'us-west-1b',
291-
routeTableId: 'rtb-123',
518+
routeTableId: 'rtb-123456',
292519
cidr: '1.1.1.1/24',
293520
},
294521
],
@@ -300,19 +527,19 @@ test('works for asymmetric subnets (not spanning the same Availability Zones)',
300527
{
301528
subnetId: 'pub-sub-in-1a',
302529
availabilityZone: 'us-west-1a',
303-
routeTableId: 'rtb-123',
530+
routeTableId: 'rtb-789012',
304531
cidr: '1.1.4.1/24',
305532
},
306533
{
307534
subnetId: 'pub-sub-in-1b',
308535
availabilityZone: 'us-west-1b',
309-
routeTableId: 'rtb-123',
536+
routeTableId: 'rtb-789012',
310537
cidr: '1.1.3.1/24',
311538
},
312539
{
313540
subnetId: 'pub-sub-in-1c',
314541
availabilityZone: 'us-west-1c',
315-
routeTableId: 'rtb-123',
542+
routeTableId: 'rtb-789012',
316543
cidr: '1.1.2.1/24',
317544
},
318545
],
@@ -361,7 +588,30 @@ test('allows specifying the subnet group name tag', async () => {
361588
},
362589
],
363590
routeTables: [
364-
{ Associations: [{ Main: true }], RouteTableId: 'rtb-123' },
591+
{
592+
Associations: [{ SubnetId: 'pri-sub-in-1b' }],
593+
RouteTableId: 'rtb-123456',
594+
Routes: [
595+
{
596+
DestinationCidrBlock: '0.0.0.0/0',
597+
NatGatewayId: 'nat-xxxxxx',
598+
Origin: 'CreateRoute',
599+
State: 'active',
600+
},
601+
],
602+
},
603+
{
604+
Associations: [{ Main: true }],
605+
RouteTableId: 'rtb-789012',
606+
Routes: [
607+
{
608+
DestinationCidrBlock: '0.0.0.0/0',
609+
GatewayId: 'igw-xxxxxx',
610+
Origin: 'CreateRoute',
611+
State: 'active',
612+
},
613+
],
614+
},
365615
],
366616
});
367617

@@ -393,7 +643,7 @@ test('allows specifying the subnet group name tag', async () => {
393643
{
394644
subnetId: 'pri-sub-in-1b',
395645
availabilityZone: 'us-west-1b',
396-
routeTableId: 'rtb-123',
646+
routeTableId: 'rtb-123456',
397647
cidr: undefined,
398648
},
399649
],
@@ -405,19 +655,19 @@ test('allows specifying the subnet group name tag', async () => {
405655
{
406656
subnetId: 'pub-sub-in-1a',
407657
availabilityZone: 'us-west-1a',
408-
routeTableId: 'rtb-123',
658+
routeTableId: 'rtb-789012',
409659
cidr: undefined,
410660
},
411661
{
412662
subnetId: 'pub-sub-in-1b',
413663
availabilityZone: 'us-west-1b',
414-
routeTableId: 'rtb-123',
664+
routeTableId: 'rtb-789012',
415665
cidr: undefined,
416666
},
417667
{
418668
subnetId: 'pub-sub-in-1c',
419669
availabilityZone: 'us-west-1c',
420-
routeTableId: 'rtb-123',
670+
routeTableId: 'rtb-789012',
421671
cidr: undefined,
422672
},
423673
],

‎packages/aws-cdk/test/context-providers/vpcs.test.ts

+186-4
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,42 @@ test('looks up the requested VPC', async () => {
2525
{ SubnetId: 'sub-789012', AvailabilityZone: 'bermuda-triangle-1337', MapPublicIpOnLaunch: false },
2626
],
2727
routeTables: [
28-
{ Associations: [{ SubnetId: 'sub-123456' }], RouteTableId: 'rtb-123456' },
29-
{ Associations: [{ SubnetId: 'sub-789012' }], RouteTableId: 'rtb-789012' },
28+
{
29+
Associations: [{ SubnetId: 'sub-123456' }],
30+
RouteTableId: 'rtb-123456',
31+
Routes: [
32+
{
33+
DestinationCidrBlock: '1.1.1.1/24',
34+
GatewayId: 'local',
35+
Origin: 'CreateRouteTable',
36+
State: 'active',
37+
},
38+
{
39+
DestinationCidrBlock: '0.0.0.0/0',
40+
GatewayId: 'igw-xxxxxx',
41+
Origin: 'CreateRoute',
42+
State: 'active',
43+
},
44+
],
45+
},
46+
{
47+
Associations: [{ SubnetId: 'sub-789012' }],
48+
RouteTableId: 'rtb-789012',
49+
Routes: [
50+
{
51+
DestinationCidrBlock: '1.1.2.1/24',
52+
GatewayId: 'local',
53+
Origin: 'CreateRouteTable',
54+
State: 'active',
55+
},
56+
{
57+
DestinationCidrBlock: '0.0.0.0/0',
58+
NatGatewayId: 'nat-xxxxxx',
59+
Origin: 'CreateRoute',
60+
State: 'active',
61+
},
62+
],
63+
},
3064
],
3165
vpnGateways: [{ VpnGatewayId: 'gw-abcdef' }],
3266

@@ -105,8 +139,42 @@ test('uses the VPC main route table when a subnet has no specific association',
105139
{ SubnetId: 'sub-789012', AvailabilityZone: 'bermuda-triangle-1337', MapPublicIpOnLaunch: false },
106140
],
107141
routeTables: [
108-
{ Associations: [{ SubnetId: 'sub-123456' }], RouteTableId: 'rtb-123456' },
109-
{ Associations: [{ Main: true }], RouteTableId: 'rtb-789012' },
142+
{
143+
Associations: [{ SubnetId: 'sub-123456' }],
144+
RouteTableId: 'rtb-123456',
145+
Routes: [
146+
{
147+
DestinationCidrBlock: '1.1.1.1/24',
148+
GatewayId: 'local',
149+
Origin: 'CreateRouteTable',
150+
State: 'active',
151+
},
152+
{
153+
DestinationCidrBlock: '0.0.0.0/0',
154+
GatewayId: 'igw-xxxxxx',
155+
Origin: 'CreateRoute',
156+
State: 'active',
157+
},
158+
],
159+
},
160+
{
161+
Associations: [{ Main: true }],
162+
RouteTableId: 'rtb-789012',
163+
Routes: [
164+
{
165+
DestinationCidrBlock: '1.1.2.1/24',
166+
GatewayId: 'local',
167+
Origin: 'CreateRouteTable',
168+
State: 'active',
169+
},
170+
{
171+
DestinationCidrBlock: '0.0.0.0/0',
172+
NatGatewayId: 'nat-xxxxxx',
173+
Origin: 'CreateRoute',
174+
State: 'active',
175+
},
176+
],
177+
},
110178
],
111179
vpnGateways: [{ VpnGatewayId: 'gw-abcdef' }],
112180
});
@@ -200,6 +268,120 @@ test('Recognize public subnet by route table', async () => {
200268
});
201269
});
202270

271+
test('Recognize private subnet by route table', async () => {
272+
// GIVEN
273+
const filter = { foo: 'bar' };
274+
const provider = new VpcNetworkContextProviderPlugin(mockSDK);
275+
276+
mockVpcLookup({
277+
subnets: [
278+
{ SubnetId: 'sub-123456', AvailabilityZone: 'bermuda-triangle-1337', MapPublicIpOnLaunch: false },
279+
],
280+
routeTables: [
281+
{
282+
Associations: [{ SubnetId: 'sub-123456' }],
283+
RouteTableId: 'rtb-123456',
284+
Routes: [
285+
{
286+
DestinationCidrBlock: '10.0.2.0/26',
287+
Origin: 'CreateRoute',
288+
State: 'active',
289+
VpcPeeringConnectionId: 'pcx-xxxxxx',
290+
},
291+
{
292+
DestinationCidrBlock: '10.0.1.0/24',
293+
GatewayId: 'local',
294+
Origin: 'CreateRouteTable',
295+
State: 'active',
296+
},
297+
{
298+
DestinationCidrBlock: '0.0.0.0/0',
299+
NatGatewayId: 'nat-xxxxxx',
300+
Origin: 'CreateRoute',
301+
State: 'active',
302+
},
303+
],
304+
},
305+
],
306+
});
307+
308+
// WHEN
309+
const result = await provider.getValue({
310+
account: '1234',
311+
region: 'us-east-1',
312+
filter,
313+
});
314+
315+
// THEN
316+
expect(result).toEqual({
317+
vpcId: 'vpc-1234567',
318+
vpcCidrBlock: '1.1.1.1/16',
319+
availabilityZones: ['bermuda-triangle-1337'],
320+
isolatedSubnetIds: undefined,
321+
isolatedSubnetNames: undefined,
322+
isolatedSubnetRouteTableIds: undefined,
323+
privateSubnetIds: ['sub-123456'],
324+
privateSubnetNames: ['Private'],
325+
privateSubnetRouteTableIds: ['rtb-123456'],
326+
publicSubnetIds: undefined,
327+
publicSubnetNames: undefined,
328+
publicSubnetRouteTableIds: undefined,
329+
vpnGatewayId: undefined,
330+
subnetGroups: undefined,
331+
});
332+
});
333+
334+
test('Recognize isolated subnet by route table', async () => {
335+
// GIVEN
336+
const filter = { foo: 'bar' };
337+
const provider = new VpcNetworkContextProviderPlugin(mockSDK);
338+
339+
mockVpcLookup({
340+
subnets: [
341+
{ SubnetId: 'sub-123456', AvailabilityZone: 'bermuda-triangle-1337', MapPublicIpOnLaunch: false },
342+
],
343+
routeTables: [
344+
{
345+
Associations: [{ SubnetId: 'sub-123456' }],
346+
RouteTableId: 'rtb-123456',
347+
Routes: [
348+
{
349+
DestinationCidrBlock: '10.0.1.0/24',
350+
GatewayId: 'local',
351+
Origin: 'CreateRouteTable',
352+
State: 'active',
353+
},
354+
],
355+
},
356+
],
357+
});
358+
359+
// WHEN
360+
const result = await provider.getValue({
361+
account: '1234',
362+
region: 'us-east-1',
363+
filter,
364+
});
365+
366+
// THEN
367+
expect(result).toEqual({
368+
vpcId: 'vpc-1234567',
369+
vpcCidrBlock: '1.1.1.1/16',
370+
availabilityZones: ['bermuda-triangle-1337'],
371+
isolatedSubnetIds: ['sub-123456'],
372+
isolatedSubnetNames: ['Isolated'],
373+
isolatedSubnetRouteTableIds: ['rtb-123456'],
374+
privateSubnetIds: undefined,
375+
privateSubnetNames: undefined,
376+
privateSubnetRouteTableIds: undefined,
377+
publicSubnetIds: undefined,
378+
publicSubnetNames: undefined,
379+
publicSubnetRouteTableIds: undefined,
380+
vpnGatewayId: undefined,
381+
subnetGroups: undefined,
382+
});
383+
});
384+
203385
interface VpcLookupOptions {
204386
subnets: aws.EC2.Subnet[];
205387
routeTables: aws.EC2.RouteTable[];

0 commit comments

Comments
 (0)
Please sign in to comment.