aws-cdk: VPC with only private subnet fails with error

❓ General Issue

The Question

Because creating a VPC with default settings creates a public and private subnets that default to a NAT gateway for each public subnet, i am running out of EIP. My application doesnt even need a NAT gateways, its just an app that uses dax to connect to dynamodb. Anyways, i tried creating a vpc with just private subnet and add dynamo as a gateway endpoint:

const daxVpc = new Vpc(this, 'daxVpc', {
      cidr: Vpc.DEFAULT_CIDR_RANGE,
      subnetConfiguration: [{
        subnetType: SubnetType.PRIVATE,
        name: defaultSubnetName(SubnetType.PRIVATE)
      }],
      gatewayEndpoints: {
        DYNAMODB: {
          service: GatewayVpcEndpointAwsService.DYNAMODB
        }
      }
    });

but it errors out during deployment:

8/31 | 16:24:34 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | daxVpc/IsolatedSubnet1/Subnet (daxVpcIsolatedSubnet1SubnetA090FC82) Resource creation Initiated
  8/31 | 16:24:34 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | daxVpc/IsolatedSubnet2/Subnet (daxVpcIsolatedSubnet2Subnet469D29C8) Resource creation Initiated
  9/31 | 16:24:34 | CREATE_COMPLETE      | AWS::EC2::RouteTable                  | daxVpc/IsolatedSubnet2/RouteTable (daxVpcIsolatedSubnet2RouteTableE102F846) 
 10/31 | 16:24:34 | CREATE_COMPLETE      | AWS::EC2::RouteTable                  | daxVpc/IsolatedSubnet1/RouteTable (daxVpcIsolatedSubnet1RouteTable5B90AC7F) 
 11/31 | 16:24:36 | CREATE_FAILED        | AWS::EC2::Route                       | daxVpc/IsolatedSubnet1/DefaultRoute (daxVpcIsolatedSubnet1DefaultRoute54F632D7) Exactly one of [EgressOnlyInternetGatewayId, InstanceId, NatGatewayId, TransitGatewayId, GatewayId, VpcPeeringConnectionId, NetworkInterfaceId] must be specified and not empty

What configuration am i missing ??

Environment

CDK CLI Version: 1.3.0
Module Version: 1.3.0
OS:
Language: TypeScript

Other information

About this issue

Original URL
State: closed
Created 5 years ago
Reactions: 6
Comments: 16 (7 by maintainers)

Links to this issue

amazon vpc - Is there a way to not allocate an elastic IP (EIP) when creating a VPC using aws-cdk - Stack Overflow

Commits related to this issue

docs(vpc): update VPC documentation in README and API Try to address common gotchas with the VPC component in the package documentation. Addresses part of #3704. — committed to aws/aws-cdk by rix0rrr 5 years ago
docs(vpc): update VPC documentation in README and API (#3810) Try to address common gotchas with the VPC component in the package documentation. Addresses part of #3704. — committed to aws/aws-cdk by rix0rrr 5 years ago
feat(vpc): additional validation around Subnet Types Try to improve the usability around VPCs and certain Subnet Type configurations. - Make clear that ISOLATED does not mean "no Internet access at ... — committed to aws/aws-cdk by rix0rrr 5 years ago
feat(vpc): additional validation around Subnet Types (#4668) Try to improve the usability around VPCs and certain Subnet Type configurations. - Make clear that ISOLATED does not mean "no Internet ac... — committed to aws/aws-cdk by rix0rrr 5 years ago

Most upvoted comments

yea, na, that wouldnt work. it needs to connect to dynamo which resides outside the vpc…

just having

const daxVpc = new Vpc(this, 'daxVpc', {
      cidr: Vpc.DEFAULT_CIDR_RANGE,
      // maxAzs: 1
      subnetConfiguration: [{
        subnetType: SubnetType.ISOLATED,
        name: defaultSubnetName(SubnetType.ISOLATED)
      }],
      gatewayEndpoints: {
        DYNAMODB: {
          service: GatewayVpcEndpointAwsService.DYNAMODB
        }
      }
    });

errors out:

There are no ‘Private’ subnets in this VPC. Use a different VPC subnet selection. Subprocess exited with error 1

harmohan-a on Aug 20, 2019