fix(ec2): Internet connectivity not established for private subnets (#…

…21495) Because private subnets rely on a NAT Gateway for internet connectivity, it is important that the NAT Gateway have the necessary dependencies for its own internet connectivity. Otherwise, `internetConnectivityEstablished` on a private subnet may not be true during stack creation and deletion. This is most notable for CloudFormaton Custom Resources; however, it can result in other dependency failures during stack deletion, especially if resources within a private subnet take a long time to delete. Ensuring that the NAT Gateway depends on its public subnet having internet connectivity completes the chain of dependencies and ensures that all resources will correctly have internet connectivity. Because of the layers of abstraction around subnets and NAT gateways, unit tests for this feature are challenging (because there isn't a clear means to get the CloudFormaton Logical ID of the AWS::EC2::Route that establishes the connectivity); however, NAT Gateways are included in several integration tests so this dependency can be tested there. Closes: #21348 ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Aug 22, 2022 · 5b1488d · 5b1488d
1 parent 62cbcde
commit 5b1488d
Show file tree

Hide file tree

Showing 713 changed files with 14,061 additions and 12,413 deletions.
diff --git a/...s/ecs-service-extensions/test/all-service-addons.integ.snapshot/aws-ecs-integ.assets.json b/...s/ecs-service-extensions/test/all-service-addons.integ.snapshot/aws-ecs-integ.assets.json
@@ -1,19 +1,19 @@
 {
-  "version": "17.0.0",
+  "version": "20.0.0",
   "files": {
-    "9220951fe280727c8695ca9cd06f929712e6c44319ad69591a87f7ce6a931b6b": {
+    "ad006ddc477f947f0d63b6eb67b02371ef18c9f3cb86353a3cab3704778a8be1": {
       "source": {
         "path": "aws-ecs-integ.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "9220951fe280727c8695ca9cd06f929712e6c44319ad69591a87f7ce6a931b6b.json",
+          "objectKey": "ad006ddc477f947f0d63b6eb67b02371ef18c9f3cb86353a3cab3704778a8be1.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
     }
   },
   "dockerImages": {}
-}
+}
diff --git a/...ecs-service-extensions/test/all-service-addons.integ.snapshot/aws-ecs-integ.template.json b/...ecs-service-extensions/test/all-service-addons.integ.snapshot/aws-ecs-integ.template.json
@@ -124,7 +124,11 @@
       "Value": "aws-ecs-integ/production-environment-vpc/PublicSubnet1"
      }
     ]
-   }
+   },
+   "DependsOn": [
+    "productionenvironmentvpcPublicSubnet1DefaultRoute524C894D",
+    "productionenvironmentvpcPublicSubnet1RouteTableAssociationA8117374"
+   ]
   },
   "productionenvironmentvpcPublicSubnet2Subnet298E6C31": {
    "Type": "AWS::EC2::Subnet",
@@ -228,7 +232,11 @@
       "Value": "aws-ecs-integ/production-environment-vpc/PublicSubnet2"
      }
     ]
-   }
+   },
+   "DependsOn": [
+    "productionenvironmentvpcPublicSubnet2DefaultRoute92CD697D",
+    "productionenvironmentvpcPublicSubnet2RouteTableAssociation0A7549F3"
+   ]
   },
   "productionenvironmentvpcPrivateSubnet1Subnet53F632E6": {
    "Type": "AWS::EC2::Subnet",
@@ -2133,7 +2141,9 @@
    },
    "DependsOn": [
     "productionenvironmentvpcPublicSubnet1DefaultRoute524C894D",
-    "productionenvironmentvpcPublicSubnet2DefaultRoute92CD697D"
+    "productionenvironmentvpcPublicSubnet1RouteTableAssociationA8117374",
+    "productionenvironmentvpcPublicSubnet2DefaultRoute92CD697D",
+    "productionenvironmentvpcPublicSubnet2RouteTableAssociation0A7549F3"
    ]
   },
   "greeterloadbalancerSecurityGroupEE1B20F3": {

diff --git a/...@aws-cdk-containers/ecs-service-extensions/test/all-service-addons.integ.snapshot/cdk.out b/...@aws-cdk-containers/ecs-service-extensions/test/all-service-addons.integ.snapshot/cdk.out
@@ -1 +1 @@
-{"version":"17.0.0"}
+{"version":"20.0.0"}
diff --git a/...s-cdk-containers/ecs-service-extensions/test/all-service-addons.integ.snapshot/integ.json b/...s-cdk-containers/ecs-service-extensions/test/all-service-addons.integ.snapshot/integ.json
@@ -0,0 +1,14 @@
+{
+  "version": "20.0.0",
+  "testCases": {
+    "integ.all-service-addons": {
+      "stacks": [
+        "aws-ecs-integ"
+      ],
+      "diffAssets": false,
+      "stackUpdateWorkflow": true
+    }
+  },
+  "synthContext": {},
+  "enableLookups": false
+}
diff --git a/...dk-containers/ecs-service-extensions/test/all-service-addons.integ.snapshot/manifest.json b/...dk-containers/ecs-service-extensions/test/all-service-addons.integ.snapshot/manifest.json
@@ -1,5 +1,5 @@
 {
-  "version": "17.0.0",
+  "version": "20.0.0",
   "artifacts": {
     "Tree": {
       "type": "cdk:tree",