-
Notifications
You must be signed in to change notification settings - Fork 4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(ec2): Vpc supports allocating CIDR from AWS IPAM (#22458)
Allows Vpc to Use [Aws IPAM](https://docs.aws.amazon.com/vpc/latest/ipam/what-it-is-ipam.html) for Ip address assignment: ```ts import { IpAddresses } from '@aws-cdk/aws-ec2'; declare const pool: ec2.CfnIPAMPool; new ec2.Vpc(stack, 'TheVPC', { ipAddresses: ec2.IpAddresses.awsIpamAllocation({ ipv4IpamPoolId: pool.ref, ipv4NetmaskLength: 18, defaultSubnetIpv4NetmaskLength: 24 }) }); ``` This is useful for enterprise users that wish to adopt the benefits of centralised IP address management. It introduces `ipAddresses` property to allow the new configuration. ---- Thanks to @rix0rrr for support on this. --- closes #21333 ---- #22443 - Issue adds a fix to allow the clean up of the AWS Ipam resource used in ingeg-test testing. Would be better to implement something like this later. for now disclaimer added to integ-test clean up needed on Ipam. ---- ### All Submissions: * [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### New Features * [X] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- Loading branch information
Showing
24 changed files
with
2,893 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
/** | ||
* Return the splits necessary to allocate the given sequence of cidrs in the given order | ||
* | ||
* The entire block is of size 'rootNetmask', and subsequent blocks will be allocated | ||
* from it sized according to the sizes in the 'netmasks' array. | ||
* | ||
* The return value is a list of `CidrSplit` objects, which represent | ||
* invocations of a pair of `Fn.select(Fn.cidr(...))` operations. | ||
* | ||
* Strategy: walk through the IP block space, clipping to the next possible | ||
* start of a block of the given size, then allocate it. Here is an unrealistic | ||
* example (with a weird ordering of the netmasks to show how clipping and hence | ||
* space wasting plays out in practice): | ||
* | ||
* root space /16 | ||
* ┌──────────────────────────────────────────────────────────────────────────────────────────────┐ | ||
* │ │ | ||
* A /21 B /19 | ||
* ┌───┬───┬───┬───┬───────────────┬───────────────┬───┬───────────┬───────────────┬──────────────┐ | ||
* │ A │ A │ A │###│ B │ B │ A │###########│ B │ .... │ | ||
* └───┴───┴───┴───┴───────────────┴───────────────┴───┴───────────┴───────────────┴──────────────┘ | ||
* ^^^______ wasted space _________________^^^^^^ | ||
*/ | ||
export function calculateCidrSplits(rootNetmask: number, netmasks: number[]): CidrSplit[] { | ||
const ret = new Array<CidrSplit>(); | ||
|
||
let offset = 0; | ||
for (const netmask of netmasks) { | ||
const size = Math.pow(2, 32 - netmask); | ||
|
||
// Clip offset to the next block of the given size | ||
offset = nextMultiple(offset, size); | ||
|
||
const count = Math.pow(2, netmask - rootNetmask); | ||
ret.push({ | ||
count, | ||
netmask, | ||
index: offset / size, | ||
}); | ||
|
||
// Consume | ||
offset += size; | ||
} | ||
|
||
if (offset > Math.pow(2, 32 - rootNetmask)) { | ||
throw new Error(`IP space of size /${rootNetmask} not big enough to allocate subnets of sizes ${netmasks.map(x => `/${x}`)}`); | ||
} | ||
|
||
return ret; | ||
} | ||
|
||
function nextMultiple(current: number, multiple: number) { | ||
return Math.ceil(current / multiple) * multiple; | ||
} | ||
|
||
/** | ||
* A representation of a pair of `Fn.select(Fn.cidr())` invocations | ||
*/ | ||
export interface CidrSplit { | ||
/** | ||
* The netmask of this block size | ||
* | ||
* This is the inverse number of what you need to pass to Fn.cidr (pass `32 - | ||
* netmask` to Fn.cidr)`. | ||
*/ | ||
readonly netmask: number; | ||
|
||
/** | ||
* How many parts the mask needs to be split into | ||
*/ | ||
readonly count: number; | ||
|
||
/** | ||
* What subnet index to select from the split | ||
*/ | ||
readonly index: number; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.