aws-ec2: Internet Gateway created when public subnets are reserved #28593
Description
Describe the bug
An internet gateway is created for a VPC where address space is reserved for public subnets, but the public subnets do not actually exist
Expected Behavior
An internet Gateway is not created for the Vpc when the address space for public subnets are reserved, but no public subnets actually exist
Current Behavior
An internet gateway is created for a VPC where address space is reserved for public subnets, but the public subnets do not actually exist
Reproduction Steps
import * as cdk from 'aws-cdk-lib';
import { SubnetType, Vpc } from 'aws-cdk-lib/aws-ec2';
export class MyStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
new Vpc(this, 'vpc', {
subnetConfiguration: [
{
name: 'Isolated',
subnetType: SubnetType.PRIVATE_ISOLATED,
cidrMask: 22,
},
{
name: 'Public',
subnetType: SubnetType.PUBLIC,
cidrMask: 26,
reserved: true,
},
],
});
}
};
const app = new cdk.App();
new MyStack(app, 'test');
app.synth();CloudFormation Output
Resources:
vpcA2121C38:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: test/vpc
Metadata:
aws:cdk:path: test/vpc/Resource
vpcIsolatedSubnet1Subnet8B28CEB3:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone:
Fn::Select:
- 0
- Fn::GetAZs: ""
CidrBlock: 10.0.0.0/22
MapPublicIpOnLaunch: false
Tags:
- Key: aws-cdk:subnet-name
Value: Isolated
- Key: aws-cdk:subnet-type
Value: Isolated
- Key: Name
Value: test/vpc/IsolatedSubnet1
VpcId:
Ref: vpcA2121C38
Metadata:
aws:cdk:path: test/vpc/IsolatedSubnet1/Subnet
vpcIsolatedSubnet1RouteTable0D6B2D3D:
Type: AWS::EC2::RouteTable
Properties:
Tags:
- Key: Name
Value: test/vpc/IsolatedSubnet1
VpcId:
Ref: vpcA2121C38
Metadata:
aws:cdk:path: test/vpc/IsolatedSubnet1/RouteTable
vpcIsolatedSubnet1RouteTableAssociation172210D4:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId:
Ref: vpcIsolatedSubnet1RouteTable0D6B2D3D
SubnetId:
Ref: vpcIsolatedSubnet1Subnet8B28CEB3
Metadata:
aws:cdk:path: test/vpc/IsolatedSubnet1/RouteTableAssociation
vpcIsolatedSubnet2Subnet2C6B375C:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone:
Fn::Select:
- 1
- Fn::GetAZs: ""
CidrBlock: 10.0.4.0/22
MapPublicIpOnLaunch: false
Tags:
- Key: aws-cdk:subnet-name
Value: Isolated
- Key: aws-cdk:subnet-type
Value: Isolated
- Key: Name
Value: test/vpc/IsolatedSubnet2
VpcId:
Ref: vpcA2121C38
Metadata:
aws:cdk:path: test/vpc/IsolatedSubnet2/Subnet
vpcIsolatedSubnet2RouteTable3455CBFC:
Type: AWS::EC2::RouteTable
Properties:
Tags:
- Key: Name
Value: test/vpc/IsolatedSubnet2
VpcId:
Ref: vpcA2121C38
Metadata:
aws:cdk:path: test/vpc/IsolatedSubnet2/RouteTable
vpcIsolatedSubnet2RouteTableAssociation8A8FAF70:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId:
Ref: vpcIsolatedSubnet2RouteTable3455CBFC
SubnetId:
Ref: vpcIsolatedSubnet2Subnet2C6B375C
Metadata:
aws:cdk:path: test/vpc/IsolatedSubnet2/RouteTableAssociation
vpcIGWE57CBDCA:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: test/vpc
Metadata:
aws:cdk:path: test/vpc/IGW
vpcVPCGW7984C166:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId:
Ref: vpcIGWE57CBDCA
VpcId:
Ref: vpcA2121C38
Metadata:
aws:cdk:path: test/vpc/VPCGW
CDKMetadata:
Type: AWS::CDK::Metadata
Properties:
Analytics: v2:deflate64:H4sIAAAAAAAA/02PTQ+CMAyGf4v3MYXExCvhYLwZMFzNGDWWj85sHcQQ/rtDSfDUt0+bp2ki4/gkDzs1ukjXbdRhJaeClW5FQHfQiZzKlxbZg8prJq4WB8VQ+IqAF7il3HiGm6o62PjGUueMRsVoaBlfiMGGhXOQjeq96tcu5XD/2QPxLHJwxlv9df7nzFCNi20WZGqQjdsP4ZH4GH5pHGJkPTH2IPNf/QDK5AK06AAAAA==
Metadata:
aws:cdk:path: test/CDKMetadata/Default
Condition: CDKMetadataAvailable
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.118.0 (build a40f2ec)
Framework Version
No response
Node.js Version
Node.js v18.15.0
OS
Osx
Language
TypeScript
Language Version
No response
Other information
No response