Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Be able to change AZ count on already deployed VPC (constructs need to be able to keep state) #6683

Open
ranrotx opened this issue Mar 11, 2020 · 21 comments
Open

Be able to change AZ count on already deployed VPC (constructs need to be able to keep state) #6683

ranrotx opened this issue Mar 11, 2020 · 21 comments
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud effort/large Large work item – several weeks of effort feature-request A feature should be added or improved. p1

Comments

@ranrotx
Copy link

ranrotx commented Mar 11, 2020

When (in my case) increasing the maxAzs specified using the VPC construct from 3 to 4 and running cdk deploy, the CloudFormation stack update fails with an error code of InvalidSubnet.Conflict;

Reproduction Steps

Changing

const vpc = new ec2.Vpc(this, 'VPC', {
      cidr: "172.21.0.0/16",
      maxAzs: 3,
      natGateways: 1,
      subnetConfiguration: [
        {
          cidrMask: 24,
          name: 'public',
          subnetType: ec2.SubnetType.PUBLIC,
        },
        {
          cidrMask: 24,
          name: 'private',
          subnetType: ec2.SubnetType.PRIVATE,
        }
      ]
    });

to

const vpc = new ec2.Vpc(this, 'VPC', {
      cidr: "172.21.0.0/16",
      maxAzs: 4,
      natGateways: 1,
      subnetConfiguration: [
        {
          cidrMask: 24,
          name: 'public',
          subnetType: ec2.SubnetType.PUBLIC,
        },
        {
          cidrMask: 24,
          name: 'private',
          subnetType: ec2.SubnetType.PRIVATE,
        }
      ]
    });

produces the error below.

Error Log

1/28 | 5:55:19 PM | CREATE_FAILED        | AWS::EC2::Subnet                      | VPC/publicSubnet4/Subnet (VPCpublicSubnet4Subnet46529D45) The CIDR '172.21.3.0/24' conflicts with another subnet (Service: AmazonEC2; Status Code: 400; Error Code: InvalidSubnet.Conflict; Request ID: 41f1d4ed-b249-4cfa-bb1e-c0148a4ddc30)
        new Subnet (/Users/username/workspace/cdk-vpc-transitgateway/node_modules/@aws-cdk/aws-ec2/lib/vpc.ts:1373:20)
        \_ new PublicSubnet (/Users/username/workspace/cdk-vpc-transitgateway/node_modules/@aws-cdk/aws-ec2/lib/vpc.ts:1588:5)
        \_ /Users/username/workspace/cdk-vpc-transitgateway/node_modules/@aws-cdk/aws-ec2/lib/vpc.ts:1239:32
        \_ Array.forEach (<anonymous>)
        \_ Vpc.createSubnetResources (/Users/username/workspace/cdk-vpc-transitgateway/node_modules/@aws-cdk/aws-ec2/lib/vpc.ts:1221:28)
        \_ Vpc.createSubnets (/Users/username/workspace/cdk-vpc-transitgateway/node_modules/@aws-cdk/aws-ec2/lib/vpc.ts:1210:12)
        \_ new Vpc (/Users/username/workspace/cdk-vpc-transitgateway/node_modules/@aws-cdk/aws-ec2/lib/vpc.ts:1076:10)
        \_ new CdkVpcTransitgatewayStack (/Users/username/workspace/cdk-vpc-transitgateway/lib/cdk-vpc-transitgateway-stack.ts:8:17)
        \_ Object.<anonymous> (/Users/username/workspace/cdk-vpc-transitgateway/bin/cdk-vpc-transitgateway.ts:10:1)
        \_ Module._compile (internal/modules/cjs/loader.js:1147:30)
        \_ Module.m._compile (/Users/username/workspace/cdk-vpc-transitgateway/node_modules/ts-node/src/index.ts:814:23)
        \_ Module._extensions..js (internal/modules/cjs/loader.js:1167:10)
        \_ Object.require.extensions.<computed> [as .ts] (/Users/username/workspace/cdk-vpc-transitgateway/node_modules/ts-node/src/index.ts:817:12)
        \_ Module.load (internal/modules/cjs/loader.js:996:32)
        \_ Function.Module._load (internal/modules/cjs/loader.js:896:14)
        \_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)
        \_ main (/Users/username/workspace/cdk-vpc-transitgateway/node_modules/ts-node/src/bin.ts:226:14)
        \_ Object.<anonymous> (/Users/username/workspace/cdk-vpc-transitgateway/node_modules/ts-node/src/bin.ts:485:3)
        \_ Module._compile (internal/modules/cjs/loader.js:1147:30)
        \_ Object.Module._extensions..js (internal/modules/cjs/loader.js:1167:10)
        \_ Module.load (internal/modules/cjs/loader.js:996:32)
        \_ Function.Module._load (internal/modules/cjs/loader.js:896:14)
        \_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)
        \_ /usr/local/lib/node_modules/npm/node_modules/libnpx/index.js:268:14

Environment

  • CLI Version : 1.27.0 (build a98c0b3)
  • Framework Version: node --version v13.10.1
  • OS : macOS 10.14.6
  • Language : us-english

Other

At first glance, it appears that on subsequent deployments the VPC construct is not aware of what CIDR ranges may already be in-use.

This is 🐛 Bug Report
@ranrotx ranrotx added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Mar 11, 2020
@SomayaB SomayaB added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Mar 31, 2020
@rix0rrr
Copy link
Contributor

rix0rrr commented Apr 1, 2020

This is true, and solving this will require CDK applications to be able to keep state between runs.

We can use this use case as a motivating example for that feature.

@rix0rrr rix0rrr added effort/large Large work item – several weeks of effort @aws-cdk/core Related to core CDK functionality and removed bug This issue is a bug. labels Apr 1, 2020
@rix0rrr rix0rrr changed the title Modifying increasing maxAzs results in InvalidSubnet.Conflict error on subsequent cdk deploy Be able to change AZ count on already deployed VPC (constructs need to be able to keep state) Apr 1, 2020
@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label May 19, 2020
@joeyaurel
Copy link

joeyaurel commented May 21, 2020
edited by SomayaB
Loading

Got the same issue today, while setting my maxAzs from 1 to 2 for the CIDR 10.1.0.0/16 using the CLI in version 1.39.0.

Any updates on this? @rix0rrr

@SomayaB SomayaB added the feature-request A feature should be added or improved. label Jun 22, 2020
@ghost
Copy link

ghost commented Jun 30, 2020

It looks like that the same happens if you increase the number of subnets in the following way

const vpc = new Vpc(this, `base-vpc`, {
    cidr: "11.0.0.0/16",
    subnetConfiguration: [
        {
            name: "public",
            subnetType: SubnetType.PUBLIC,
        },
        {
            name: "myPrivateSubnet",
            subnetType: SubnetType.PRIVATE,
        },
    ],
    maxAzs,
});

if you add another subnet after a deployment like

const vpc = new Vpc(this, `base-vpc`, {
    cidr: "11.0.0.0/16",
    subnetConfiguration: [
        {
            name: "public",
            subnetType: SubnetType.PUBLIC,
        },
        {
            name: "myPrivateSubnet",
            subnetType: SubnetType.PRIVATE,
        },
        {
            name: "myOtherPrivateSubnet",
            subnetType: SubnetType.PRIVATE,
        },
    ],
    maxAzs,
});

=> conflicts with another subnet error

@rix0rrr rix0rrr added the p1 label Aug 12, 2020
@rix0rrr
Copy link
Contributor

rix0rrr commented Aug 12, 2020

Related to #5927 (and other issues in that area)

@carlomorelli
Copy link

this happened to me today, when reducing maxazs from 2 to 1.
Is there a workaround to do this ?

@sunshineo
Copy link

Happened to me when set maxAzs to 1. I had to destroy the stack and create again. Good thing we have nothing else in the VPC. I guess in production, one have to create a new VPC and move everything

@chadnash
Copy link

chadnash commented Jul 2, 2021
edited
Loading

This is true, and solving this will require CDK applications to be able to keep state between runs.

We can use this use case as a motivating example for that feature.

that state is held in AWS and it should be cloudformations to job to cope

@patones
Copy link

patones commented Jul 2, 2021

suffering from the same issue. increase or decrease :(

@Jordhan-Carvalho
Copy link

Having the same problem adding another subnet

@tobias-nawa
Copy link

tobias-nawa commented Aug 22, 2021
edited
Loading

I'm trying to remove my Isolated subnet and am running into the same issue. CDK deployment wants to create all subnets from scratch, rather than just removing the one I want to get rid of. This causes the issue with the CIDRs already in use.

This is the code where I just removed the first subnet:


            subnet_configuration=[
                ec2.SubnetConfiguration(
                    name="Isolated",
                    cidr_mask=24,
                    reserved=False,
                    subnet_type=ec2.SubnetType.ISOLATED,
                ),
                ec2.SubnetConfiguration(
                    name="Private",
                    cidr_mask=22,
                    reserved=False,
                    subnet_type=ec2.SubnetType.PRIVATE,
                ),
                ec2.SubnetConfiguration(
                    name="Public",
                    cidr_mask=23,
                    reserved=False,
                    subnet_type=ec2.SubnetType.PUBLIC,
                ),
            ],

@SoccerBoyMalloy
Copy link

Different but related, I received the same error when trying to change NatGateways from 1 to 0.

@carlomorelli
Copy link

It's unfortunate that devs don't give priority to fix this Vpc construct; without these problems fixed, relying on it is very dangerous.

@benjaminwhire
Copy link

Is there any workaround? I encountered the same issue without tweaking the AZ.

@zachgoll
Copy link

zachgoll commented Apr 29, 2022
edited
Loading

I've encountered this issue several times. It doesn't really matter what you're changing--if you attempt to change the subnet structure of an already-created VPC with CDK, you'll get this error.

Has anyone come up with a workaround, or even an order of operations for making changes to a VPC? My thought is that the previous VPC subnets would have to be completely destroyed prior to an update (since the CIDR reservations are not editable, even in the console)

@damshenas
Copy link

+1

@yogeshchopra yogeshchopra mentioned this issue Oct 19, 2022
Closed
4 tasks
@yogeshchopra yogeshchopra mentioned this issue Oct 30, 2022
Merged
4 tasks
@comcalvi comcalvi mentioned this issue Jan 25, 2023
Open
2 tasks
@comcalvi
Copy link
Contributor

Related to the tracking state between deployments issue: #13676.

@zippocage
Copy link

Would also like to be able to change AZ count.

@joeyvmason
Copy link

Also experiencing this issue. Not uncommon to need to tweak VPC and if that means having to tear down your entire stack that is a huge dealbreaker for using this in production

@peterwoodworth peterwoodworth removed the @aws-cdk/core Related to core CDK functionality label May 15, 2023
@mikelane
Copy link

I just ran into this issue today too. Would be nice to not have to destroy the stack in order to update this.

@bataras
Copy link

bataras commented Jul 7, 2024

same issue here. has aws ever phsically added an AZ to a Region? I would think if they did that, lots of CDK users would not be happy

@ran-isenberg
Copy link

bumping this again. This is a major issue for us. I can't destroy the VPC as it's connected to an Aurora DB.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud effort/large Large work item – several weeks of effort feature-request A feature should be added or improved. p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ec2): support reserving azs space in VPCs yogeshchopra/aws-cdk