feat(ec2): subnet ipv4 cidr blocks on imported vpc

When using `Vpc.fromVpcAttributes()` to import a VPC, it is possible to specify all subnet properties except for the IPv4 CIDR block. This means that any attempt to read the `ipv4CidrBlock` property of a subnet on such a VPC will throw with the message:

> You cannot reference an imported Subnet's IPv4 CIDR if it was not supplied. Add the ipv4CidrBlock when importing using Subnet.fromSubnetAttributes()

This commit extends the `VpcAttributes` interface to allow for subnet IPv4 CIDR blocks to be passed in alongside the IDs, names and route table IDs for each subnet group (public, private, isolated).

Author: schourode

packages/@aws-cdk/aws-ec2/lib/util.ts

@@ -46,20 +46,24 @@ export class ImportSubnetGroup {
   private readonly subnetIds: string[];
   private readonly names: string[];
   private readonly routeTableIds: string[];
+  private readonly ipv4CidrBlocks: string[];
   private readonly groups: number;
 
   constructor(
     subnetIds: string[] | undefined,
     names: string[] | undefined,
     routeTableIds: string[] | undefined,
+    ipv4CidrBlocks: string[] | undefined,
     type: SubnetType,
     private readonly availabilityZones: string[],
     idField: string,
     nameField: string,
-    routeTableIdField: string) {
+    routeTableIdField: string,
+    ipv4CidrBlockField: string) {
 
     this.subnetIds = subnetIds || [];
     this.routeTableIds = routeTableIds || [];
+    this.ipv4CidrBlocks = ipv4CidrBlocks || [];
     this.groups = this.subnetIds.length / this.availabilityZones.length;
 
     if (Math.floor(this.groups) !== this.groups) {
@@ -71,6 +75,11 @@ export class ImportSubnetGroup {
       /* eslint-disable max-len */
       throw new Error(`Number of ${routeTableIdField} (${this.routeTableIds.length}) must be equal to the amount of ${idField} (${this.subnetIds.length}).`);
     }
+    if (this.ipv4CidrBlocks.length !== this.subnetIds.length && ipv4CidrBlocks != null) {
+      // We don't err if no ipv4CidrBlocks were provided to maintain backwards-compatibility. See https://github.com/aws/aws-cdk/pull/3171
+      /* eslint-disable max-len */
+      throw new Error(`Number of ${ipv4CidrBlockField} (${this.ipv4CidrBlocks.length}) must be equal to the amount of ${idField} (${this.subnetIds.length}).`);
+    }
 
     this.names = this.normalizeNames(names, defaultSubnetName(type), nameField);
   }
@@ -82,6 +91,7 @@ export class ImportSubnetGroup {
         availabilityZone: this.pickAZ(i),
         subnetId: this.subnetIds[i],
         routeTableId: this.routeTableIds[i],
+        ipv4CidrBlock: this.ipv4CidrBlocks[i],
       });
     });
   }

packages/@aws-cdk/aws-ec2/lib/vpc.ts

@@ -718,6 +718,15 @@ export interface VpcAttributes {
    */
   readonly publicSubnetRouteTableIds?: string[];
 
+  /**
+   * List of IPv4 CIDR blocks for the public subnets.
+   *
+   * Must be undefined or have an entry for every public subnet group.
+   *
+   * @default - Retrieving the CIDR from a public subnet will fail
+   */
+  readonly publicSubnetIpv4CidrBlocks?: string[];
+
   /**
    * List of private subnet IDs
    *
@@ -739,6 +748,15 @@ export interface VpcAttributes {
    */
   readonly privateSubnetRouteTableIds?: string[];
 
+  /**
+   * List of IPv4 CIDR blocks for the private subnets.
+   *
+   * Must be undefined or have an entry for every private subnet group.
+   *
+   * @default - Retrieving the CIDR from a private subnet will fail
+   */
+  readonly privateSubnetIpv4CidrBlocks?: string[];
+
   /**
    * List of isolated subnet IDs
    *
@@ -760,6 +778,15 @@ export interface VpcAttributes {
    */
   readonly isolatedSubnetRouteTableIds?: string[];
 
+  /**
+   * List of IPv4 CIDR blocks for the isolated subnets.
+   *
+   * Must be undefined or have an entry for every isolated subnet group.
+   *
+   * @default - Retrieving the CIDR from an isolated subnet will fail
+   */
+  readonly isolatedSubnetIpv4CidrBlocks?: string[];
+
   /**
    * VPN gateway's identifier
    */
@@ -2084,9 +2111,9 @@ class ImportedVpc extends VpcBase {
     }
 
     /* eslint-disable max-len */
-    const pub = new ImportSubnetGroup(props.publicSubnetIds, props.publicSubnetNames, props.publicSubnetRouteTableIds, SubnetType.PUBLIC, this.availabilityZones, 'publicSubnetIds', 'publicSubnetNames', 'publicSubnetRouteTableIds');
-    const priv = new ImportSubnetGroup(props.privateSubnetIds, props.privateSubnetNames, props.privateSubnetRouteTableIds, SubnetType.PRIVATE_WITH_EGRESS, this.availabilityZones, 'privateSubnetIds', 'privateSubnetNames', 'privateSubnetRouteTableIds');
-    const iso = new ImportSubnetGroup(props.isolatedSubnetIds, props.isolatedSubnetNames, props.isolatedSubnetRouteTableIds, SubnetType.PRIVATE_ISOLATED, this.availabilityZones, 'isolatedSubnetIds', 'isolatedSubnetNames', 'isolatedSubnetRouteTableIds');
+    const pub = new ImportSubnetGroup(props.publicSubnetIds, props.publicSubnetNames, props.publicSubnetRouteTableIds, props.publicSubnetIpv4CidrBlocks, SubnetType.PUBLIC, this.availabilityZones, 'publicSubnetIds', 'publicSubnetNames', 'publicSubnetRouteTableIds', 'ipv4CidrBlocks');
+    const priv = new ImportSubnetGroup(props.privateSubnetIds, props.privateSubnetNames, props.privateSubnetRouteTableIds, props.privateSubnetIpv4CidrBlocks, SubnetType.PRIVATE_WITH_EGRESS, this.availabilityZones, 'privateSubnetIds', 'privateSubnetNames', 'privateSubnetRouteTableIds', 'ipv4CidrBlocks');
+    const iso = new ImportSubnetGroup(props.isolatedSubnetIds, props.isolatedSubnetNames, props.isolatedSubnetRouteTableIds, props.isolatedSubnetIpv4CidrBlocks, SubnetType.PRIVATE_ISOLATED, this.availabilityZones, 'isolatedSubnetIds', 'isolatedSubnetNames', 'isolatedSubnetRouteTableIds', 'ipv4CidrBlocks');
     /* eslint-enable max-len */
 
     this.publicSubnets = pub.import(this);

packages/@aws-cdk/aws-ec2/test/vpc.test.ts

@@ -1676,6 +1676,44 @@ describe('vpc', () => {
 
     });
 
+    test('subnet IPv4 CIDR blocks are available on imported subnets', () => {
+      // GIVEN
+      const stack = new Stack();
+      const vpc = Vpc.fromVpcAttributes(stack, 'VPC', {
+        vpcId: 'vpc-1234',
+        availabilityZones: ['dummy1a', 'dummy1b', 'dummy1c'],
+        publicSubnetIds: ['pub-1', 'pub-2', 'pub-3'],
+        publicSubnetIpv4CidrBlocks: ['10.0.0.0/18', '10.0.64.0/18', '10.0.128.0/18'],
+        privateSubnetIds: ['pri-1', 'pri-2', 'pri-3'],
+        privateSubnetIpv4CidrBlocks: ['10.10.0.0/18', '10.10.64.0/18', '10.10.128.0/18'],
+        isolatedSubnetIds: ['iso-1', 'iso-2', 'iso-3'],
+        isolatedSubnetIpv4CidrBlocks: ['10.20.0.0/18', '10.20.64.0/18', '10.20.128.0/18'],
+      });
+
+      // WHEN
+      const public1 = vpc.publicSubnets.find(({ subnetId }) => subnetId === 'pub-1');
+      const public2 = vpc.publicSubnets.find(({ subnetId }) => subnetId === 'pub-2');
+      const public3 = vpc.publicSubnets.find(({ subnetId }) => subnetId === 'pub-3');
+      const private1 = vpc.privateSubnets.find(({ subnetId }) => subnetId === 'pri-1');
+      const private2 = vpc.privateSubnets.find(({ subnetId }) => subnetId === 'pri-2');
+      const private3 = vpc.privateSubnets.find(({ subnetId }) => subnetId === 'pri-3');
+      const isolated1 = vpc.isolatedSubnets.find(({ subnetId }) => subnetId === 'iso-1');
+      const isolated2 = vpc.isolatedSubnets.find(({ subnetId }) => subnetId === 'iso-2');
+      const isolated3 = vpc.isolatedSubnets.find(({ subnetId }) => subnetId === 'iso-3');
+
+      // THEN
+      expect(public1?.ipv4CidrBlock).toEqual('10.0.0.0/18');
+      expect(public2?.ipv4CidrBlock).toEqual('10.0.64.0/18');
+      expect(public3?.ipv4CidrBlock).toEqual('10.0.128.0/18');
+      expect(private1?.ipv4CidrBlock).toEqual('10.10.0.0/18');
+      expect(private2?.ipv4CidrBlock).toEqual('10.10.64.0/18');
+      expect(private3?.ipv4CidrBlock).toEqual('10.10.128.0/18');
+      expect(isolated1?.ipv4CidrBlock).toEqual('10.20.0.0/18');
+      expect(isolated2?.ipv4CidrBlock).toEqual('10.20.64.0/18');
+      expect(isolated3?.ipv4CidrBlock).toEqual('10.20.128.0/18');
+
+    });
+
     test('selecting subnets by name fails if the name is unknown', () => {
       // GIVEN
       const stack = new Stack();