Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(ec2): rename SubnetTypes to improve clarity with EC2 conventions #16348

Merged
merged 3 commits into from
Sep 3, 2021

Conversation

njlynch
Copy link
Contributor

@njlynch njlynch commented Sep 2, 2021

Early on in the CDK history, a decision was made to delineate between subnets
with Internet access (i.e., those with a NAT) and those without. The convention
chosen at that time was to label the subnets as PRIVATE and ISOLATED,
respectively. The intent was to make it clear that subnets without a NAT were
completely isolated from the broader Internet (unless connected through another
subnet).

However, this introduction of a new subnet type that does not match EC2
documentation and naming conventions can cause confusion. Most critically, a
user may select a PRIVATE subnet without realizing that it automatically
requires one (or more) NAT gateways. As NAT gateways are not free, this can
lead to unintended charges.

To realign to the EC2 terminology -- while retaining the existing logic
surrounding SubnetTypes -- the existing types of PRIVATE and ISOLATED are
being renamed to PRIVATE_WITH_NAT and PRIVATE_ISOLATED, respectively.

fixes #15929


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

Early on in the CDK history, a decision was made to delineate between subnets
with Internet access (i.e., those with a NAT) and those without. The convention
chosen at that time was to label the subnets as `PRIVATE` and `ISOLATED`,
respectively. The intent was to make it clear that subnets without a NAT were
completely isolated from the broader Internet (unless connected through another
subnet).

However, this introduction of a new subnet type that does not match EC2
documentation and naming conventions can cause confusion. Most critically, a
user may select a `PRIVATE` subnet without realizing that it automatically
requires one (or more) NAT gateways. As NAT gateways are not free, this can
lead to unintended charges.

To realign to the EC2 terminology -- while retaining the existing logic
surrounding SubnetTypes -- the existing types of `PRIVATE` and `ISOLATED` are
being renamed to `PRIVATE_WITH_NAT` and `PRIVATE_ISOLATED`, respectively.

fixes #15929
@njlynch njlynch requested a review from a team September 2, 2021 16:04
@njlynch njlynch self-assigned this Sep 2, 2021
@gitpod-io
Copy link

gitpod-io bot commented Sep 2, 2021

@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Sep 2, 2021
Copy link
Contributor

@eladb eladb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor

packages/@aws-cdk/aws-ec2/README.md Outdated Show resolved Hide resolved
@eladb eladb added the pr/do-not-merge This PR should not be merged at this time. label Sep 3, 2021
Co-authored-by: Elad Ben-Israel <benisrae@amazon.com>
@njlynch njlynch removed the pr/do-not-merge This PR should not be merged at this time. label Sep 3, 2021
@mergify
Copy link
Contributor

mergify bot commented Sep 3, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: 826e4e3
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 2023004 into master Sep 3, 2021
@mergify mergify bot deleted the njlynch/rename_subnet_types branch September 3, 2021 10:01
@mergify
Copy link
Contributor

mergify bot commented Sep 3, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this pull request Sep 6, 2021
…aws#16348)

Early on in the CDK history, a decision was made to delineate between subnets
with Internet access (i.e., those with a NAT) and those without. The convention
chosen at that time was to label the subnets as `PRIVATE` and `ISOLATED`,
respectively. The intent was to make it clear that subnets without a NAT were
completely isolated from the broader Internet (unless connected through another
subnet).

However, this introduction of a new subnet type that does not match EC2
documentation and naming conventions can cause confusion. Most critically, a
user may select a `PRIVATE` subnet without realizing that it automatically
requires one (or more) NAT gateways. As NAT gateways are not free, this can
lead to unintended charges.

To realign to the EC2 terminology -- while retaining the existing logic
surrounding SubnetTypes -- the existing types of `PRIVATE` and `ISOLATED` are
being renamed to `PRIVATE_WITH_NAT` and `PRIVATE_ISOLATED`, respectively.

fixes aws#15929


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
david-doyle-as24 pushed a commit to david-doyle-as24/aws-cdk that referenced this pull request Sep 7, 2021
…aws#16348)

Early on in the CDK history, a decision was made to delineate between subnets
with Internet access (i.e., those with a NAT) and those without. The convention
chosen at that time was to label the subnets as `PRIVATE` and `ISOLATED`,
respectively. The intent was to make it clear that subnets without a NAT were
completely isolated from the broader Internet (unless connected through another
subnet).

However, this introduction of a new subnet type that does not match EC2
documentation and naming conventions can cause confusion. Most critically, a
user may select a `PRIVATE` subnet without realizing that it automatically
requires one (or more) NAT gateways. As NAT gateways are not free, this can
lead to unintended charges.

To realign to the EC2 terminology -- while retaining the existing logic
surrounding SubnetTypes -- the existing types of `PRIVATE` and `ISOLATED` are
being renamed to `PRIVATE_WITH_NAT` and `PRIVATE_ISOLATED`, respectively.

fixes aws#15929


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

(aws-ec2): Why are NAT gateways required for private subnets?
3 participants