Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-ec2: missing props in VpnConnection L2 construct #32519

Open
1 task
garysassano opened this issue Dec 13, 2024 · 3 comments
Open
1 task

aws-ec2: missing props in VpnConnection L2 construct #32519

garysassano opened this issue Dec 13, 2024 · 3 comments
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/medium Medium work item – several days of effort p2

Comments

@garysassano
Copy link

Describe the bug

The current VpnConnection L2 construct lacks critical configuration options, forcing you to resort to using the L1 CfnVPNConnection.

Specifically:

  • The tunnel type defaults to Static, with no option to set it to Dynamic.
  • There's no way to configure Phase 1 and Phase 2 settings for tunnels in VpnTunnelOption.

These limitations significantly restrict the usability of the VpnConnection construct for more advanced VPN setups.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

See above.

Current Behavior

See above.

Reproduction Steps

See above.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.172.0

Framework Version

No response

Node.js Version

22.11.0

OS

Ubuntu 24.04

Language

TypeScript

Language Version

No response

Other information

No response
@garysassano garysassano added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Dec 13, 2024
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Dec 13, 2024
@ashishdhingra ashishdhingra self-assigned this Dec 13, 2024
@ashishdhingra ashishdhingra added p2 investigating This issue is being investigated and/or work is in progress to resolve the issue. effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Dec 13, 2024
@ashishdhingra
Copy link
Contributor

ashishdhingra commented Dec 13, 2024
edited
Loading

AWS::EC2::VPNConnection VpnTunnelOptionsSpecification and CfnVPNConnection does support bunch of properties which are missing from VpnConnection L2 construct.

@garysassano Good afternoon. Thanks for opening the issue. As a workaround, you could use escape hatch to set missing properties on VpnConnection L2 construct. For the issue you mentioned The tunnel type defaults to Static, with no option to set it to Dynamic., could you please share more details, including reference to CloudFormation documentation (there is a Type for AWS::EC2::VPNConnection resource which allows only one value ipsec.1).

And as always, community contributed PR is welcome. :)

Thanks,
Ashish

@ashishdhingra ashishdhingra removed the investigating This issue is being investigated and/or work is in progress to resolve the issue. label Dec 13, 2024
@ashishdhingra ashishdhingra removed their assignment Dec 13, 2024
@garysassano
Copy link
Author

I'm not sure about the equivalent CloudFormation property, but I was referring to the Routing options setting available when creating a new VPN connection through the AWS Console. This setting is permanent: once you make a choice, you must delete the existing VPN connection and create a new one if you wish to change it.

image

@phuhung273
Copy link
Contributor

phuhung273 commented Dec 21, 2024
edited
Loading

This line shows that we can indirectly set VpnConnection as Dynamic by not passing staticRoutes

aws-cdk/packages/aws-cdk-lib/aws-ec2/lib/vpn.ts

Line 355 in ff57cc3

staticRoutesOnly: props.staticRoutes ? true : false,

This was referenced Jan 1, 2025
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/medium Medium work item – several days of effort p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@garysassano @phuhung273 @ashishdhingra