-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VPC: Isolated subnets lists subnets that are not isolated #26143
Comments
I would suggest using const vpc = getDefaultVpc(this);
const subnets = vpc.selectSubnets({ subnetType: SubnetType.PRIVATE_ISOLATED, });
new CfnOutput(this, 'subnets', { value: subnets.subnetIds.join(',')}) But filtering with Can you check the |
I've tried this way of filtering as well. It didn't changed anything. Can we elaborate the criteria on which the categorization is happening? |
I believe it is looked up with VpcNetworkContextProviderPlugin and this is how it determines isolated subnets. Did you see any subnets which you believe are NOT isolated subnets yet categorized as isolated ones in your |
Describe the bug
When iterating over
.isolatedSubnets
of a givenvpc
or filtering subnets by.selectSubnets({subnetGroupName: 'Isolated'}
I will get mixed results.Some of the retrieved subnets are isolated, they contain the cdk tags
aws-cdk:subnet-name: Isolated
aws-cdk:subnet-type: Isolated
But other results in this list are not Isolated, they e.g. were manually created and contain only one single
Name
tag that does not contain any phrase ofIsolated
. Also the Network ACL of this very specifics subnets are not similar to the real isolated subnets.Expected Behavior
Both ways of retrieving the isolated subnets should retriev only isolated subnets by at least being consistent with filtering the tag
aws-cdk:subnet-type: Isolated
Current Behavior
It's unclear which criteria are being used to determine a given subnet belongs to the
isolated
subnet category.Reproduction Steps
given a vpc
id=abc
abc
abc
inspect the results of
Possible Solution
as suggested, cdk should filter the subnets by the 2 tags below having the value
Isolated
aws-cdk:subnet-name
aws-cdk:subnet-type
otherwise document the criteria on how cdk determines the subnet type.
Additional Information/Context
No response
CDK CLI Version
2.65.0 (build 5862f7a)
Framework Version
No response
Node.js Version
v18.13.0
OS
linux | macos
Language
Typescript
Language Version
"typescript": "4.6.3"
Other information
The text was updated successfully, but these errors were encountered: