-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(aws-docdb): should not try to validate list of subnets if they are unresolved #14262
Comments
The problem is that the construct cannot tell how many elements there are in the array because it's imported.
|
@rix0rrr Agree. The construct should check if it's unresolved or not. In the affirmative, assume it's ok otherwise do check. Quite painful now as need to create all using CfNs :-( |
We are unassigning and marking this issue as |
Not sure whether this is a related issue, but when using a VPC "looked up" (via tags) the builder for DocDB fails; while the very same code for RDS (Postgres) succeeds - in the sense that CDK runs it twice: the first time it looks up the VPC (and creates the The funny thing is, if I comment out the DocDB code and make the CDK run once with I cannot share the entire repo, as it's private, but here is the condensed version:
(incidentally we use the The VPC is deployed across 2 AZs and has only Unfortunately, this fails:
with this error:
When we run the exact same code (in the same class, pretty much all the same) but for RDS:
this works just fine. Not really sure whether this is a bug, or "works as intended" and I'm missing how to work around it. We're using CDK and Solutions versions Thanks! |
UPDATE So this is definitely a bug, somewhere.
then this works. Or something like that - it's really hard to figure out what's going on where. Bottom line, AFAICT, one cannot deploy a DocDB using CDK in a VPC with only ISOLATED subnets (well, it is possible, by doing some very hacky workaround to get the If this is a known/desired limitation, it should be documented somewhere, though. |
The issue also occurs, in the following setup:
As there is an incompleteSubnetDefinition in the LookedUpVpc. I expect changing the conditional check here accordingly would solve the issue. |
When importing a VPC information from CloudFormation Export (using fn.import) the cluster constructor does not work.
The VPC.fromVPCAttribute reference the subnets using one "ImportedSubnet". When the DocumentCluster is constructed there is a check for the number of subnets (>=2). However in this case, the array of subnets contains only one object.
tried to comment the test in cluster.js and the CF template is properly created
Reproduction Steps
Assuming there is a stack exporting the following
Networking-VPC-ID => "vpc-XXXX"
Networking-PrivateSubnets-IDs => "subnet-XXX,subnet-YYY,subnet-ZZZZ"
`
vpc=Vpc.fromVpcAttributes(this.scope, "ImportedVPC", {
vpcId: Fn.importValue("Networking-VPC-ID"),
availabilityZones: Fn.getAzs(Aws.REGION),
privateSubnetIds: Fn.split(",", Fn.importValue("Networking-PrivateSubnets-IDs")),
});
cluster = new DatabaseCluster(this,
DatabaseCluster
, {instanceType: InstanceType.of(InstanceClass.T3, InstanceSize.MEDIUM),
engineVersion: "4.0.0",
masterUser: {
username: 'masterUser' // NOTE: 'admin' is reserved by DocumentDB
},
vpc: vpc,
vpcSubnets: {
subnetType: SubnetType.PRIVATE
}
});
`
Generate the following error:
Error: Cluster requires at least 2 subnets, got 1 .....
What did you expect to happen?
I was expecting to create a stack with a SubnetGroup as follow
"Type": "AWS::DocDB::DBSubnetGroup", "Properties": { "DBSubnetGroupDescription": "Subnet group for DocumentDBConstruct-Database", "SubnetIds": { "Fn::Split": [ ",", { "Fn::ImportValue": "Networking-PrivateSubnets-IDs" } ] } },
What actually happened?
Does not generate the stack. The test in cluster.js
if (subnetIds.length < 2) { throw new Error(
Cluster requires at least 2 subnets, got ${subnetIds.length}); }
stop the synthetization of the stack
Environment
Other
Issue is not environement specific. I believe the test in cluster.js to prevent creating a cluster on a VPC with only one Subnet kinda make sense. However it does not take into account the case when the vpc is imported from a CloudFormation Import (Standard practice in CF)
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: