aws-cdk/ec2 token resolve issues

[cmckni3]

Note: for support questions, please first reference our documentation, then use Stackoverflow. This repository's issues are intended for feature requests and bug reports.

• I'm submitting a ...

  • 🪲 bug report
  • 🚀 feature request
  • 📚 construct library gap
  • ☎️ security issue or vulnerability => Please see policy
  • ❓ support request => Please see note at the top of this template.

• What is the current behavior?
  If the current behavior is a 🪲bug🪲: Please provide the steps to reproduce

I am using Fn.findInMap to resolve availability zones and private subnets to create a vpc. Problem arises from the use of tokens. For some reason, the subnet token is not resolved correctly and is placed into the synthesized template as an array of each character of the token name.

    const vpc = ec2.Vpc.fromVpcAttributes(this, 'VPC', {
      vpcId: Fn.findInMap(accountResourceMapping.logicalId, this.accountId, 'vpcId'),
      availabilityZones: [...Fn.findInMap(accountResourceMapping.logicalId, this.accountId, 'vpcAvailabilityZones')],
      privateSubnetIds: [...Fn.findInMap(accountResourceMapping.logicalId, this.accountId, 'privateAppSubnets')]
    });

Another problem arises from the use of Token it seems. I can place the literal array with subnet ids for privateSubnetIds but then I get an error that privateSubnetIds (2) must a multiple of availability zones (18). I only have 2 availability zones. I believe .length is called on the Token string itself which is of form the ${Token[Token.89]}.

• What is the expected behavior (or behavior of feature suggested)?

Should resolve the availability zone and private subnet ids as string arrays.

• What is the motivation / use case for changing the behavior or adding this feature?

Using this to deploy multiple environments.

• Please tell us about your environment:

  • CDK CLI Version: 0.33.0
  • EC2 Module Version: 0.33.0
  • OS: OSX Mojave
  • Language: TypeScript

• Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, gitter, etc)

Might be related to #168?

#817

[cmckni3]

@NGL321 do I need to provide an example other than the code snippet I provided?

[NGL321]

@cmckni3 That looks like it should be sufficient for repro, thank you for asking!

I'll let you know if I need any more information as soon as I am able to look into this in more depth!

[rix0rrr]

Not sure that your use case (deploy-time resolution of a list of subnet IDs) is going to work. There are some cases in which we need to know the number of availability zones at the time CDK code is executing, for example, and given that this construction makes it so that the AZs are only known at deploy time, that can never work properly. We would recommend doing the lookup at CDK execution time rather than CloudFormation deployment time.

Now, it might be that for your use case, you won't hit any of the problematic code paths, so you might still want to proceed with your approach.

The immediate issue you're hitting is that Fn.findInMap() is typed to return a string, and the string is subsequently treated as a collection of characters which are exploded into the array.

Converting to a list token will stop that from happening:

      availabilityZones: [...Token.asList(Fn.findInMap(accountResourceMapping.logicalId, this.accountId, 'vpcAvailabilityZones'))],

Closing this issue. If you feel this is closed in error, please reopen.

[cmckni3]

Thanks! That's what I needed. I am doing the lookup at CDK execution time.