feat(core): Fix NATGW/improve VPC multi-cidr support (#705)

* Added support for multiple cidr blocks
* updated lock files
* improving build
* snapshot
* harmonizing deps
* fixed packages
* Creating NATGW routes based on configuration
* Using static construct name for cidr2 zero
* Fixing NATGW assignment for route
* Fixing test using user provided definition
* (doc)update sample snippets

Co-authored-by: Rohit Verma <rohit.verma@nslhub.com>
Co-authored-by: Brian969 <56414362+Brian969@users.noreply.github.com>

Author: 3 people

.dockerignore

@@ -0,0 +1,6 @@
+*.log
+**/dist/
+**/cdk.out/**
+**/cdk.json
+**/node_modules/**
+**/.prettierrc

.gitattributes

@@ -0,0 +1,11 @@
+# Don't allow people to merge changes to these generated files, because the result
+# may be invalid.  You need to run "rush update" again.
+pnpm-lock.yaml               merge=binary
+
+# Rush's JSON config files use JavaScript-style code comments.  The rule below prevents pedantic
+# syntax highlighters such as GitHub's from highlighting these comments as errors.  Your text editor
+# may also require a special configuration to allow comments in JSON.
+#
+# For more information, see this issue: https://github.com/microsoft/rushstack/issues/1088
+#
+*.json                       linguist-language=JSON-with-Comments

.gitignore

@@ -1,7 +1,8 @@
-cdk.out
-node_modules
-.DS_Store
-*.log
-config.json
-aws-landing-zone-configuration.zip
-
+cdk.out
+node_modules
+.DS_Store
+*.log
+config.json
+aws-landing-zone-configuration.zip
+**/dist
+.idea

pnpm-lock.yaml

@@ -454,99 +454,29 @@
       ]
     },
     {
-      "name": "SandboxVPC_a"
-    },
-    {
-      "name": "SandboxVPC_b"
-    }
-  ]
-```
-
----
-
-- Sample NATGW - NOT PREFERED, but works: (uses first AZ)
-
-```
-"natgw": {
-    "subnet": {
-      "name": "Web"
-    }
-  },
-  "subnets": [
-    {
-      "name": "Web",
-      "share-to-ou-accounts": false,
-      "share-to-specific-accounts": [],
-      "definitions": [
-        {
-          "az": "a",
-          "route-table": "SandboxVPC_IGW",
-          "cidr": "10.6.32.0/20"
-        },
-        {
-          "az": "b",
-          "route-table": "SandboxVPC_IGW",
-          "cidr": "10.6.128.0/20"
-        }
-      ]
-    },
-    {
-      "name": "App",
-      "share-to-ou-accounts": false,
-      "share-to-specific-accounts": [],
-      "definitions": [
-        {
-          "az": "a",
-          "route-table": "SandboxVPC_Common",
-          "cidr": "10.6.0.0/19"
-        },
-        {
-          "az": "b",
-          "route-table": "SandboxVPC_Common",
-          "cidr": "10.6.96.0/19"
-        }
-      ]
-    },
-    {
-      "name": "Data",
-      "share-to-ou-accounts": false,
-      "share-to-specific-accounts": [],
-      "definitions": [
-        {
-          "az": "a",
-          "route-table": "SandboxVPC_Common",
-          "cidr": "10.6.48.0/20"
-        },
-        {
-          "az": "b",
-          "route-table": "SandboxVPC_Common",
-          "cidr": "10.6.144.0/20"
-        }
-      ]
-    }
-  ],
-  "route-tables": [
-    {
-      "name": "SandboxVPC_IGW",
+      "name": "SandboxVPC_a",
       "routes": [
         {
           "destination": "0.0.0.0/0",
-          "target": "IGW"
+          "target": "NATGW_Web_azA"
         }
       ]
     },
     {
-      "name": "SandboxVPC_Common",
+      "name": "SandboxVPC_b",
       "routes": [
         {
           "destination": "0.0.0.0/0",
-          "target": "NATGW_Web_azA"
+          "target": "NATGW_Web_azB"
         }
       ]
     }
   ]
 ```
 
+---
+
+
 ---
 
 - TGW Route tables plus Multiple TGWs

reference-artifacts/SAMPLE_CONFIGS/sample_snippets.md

@@ -28,7 +28,7 @@
     "jest": "25.2.4",
     "prettier": "2.2.0",
     "ts-jest": "25.3.0",
-    "ts-node": "6.2.0",
+    "ts-node": "8.8.1",
     "eslint": "7.10.0",
     "@typescript-eslint/eslint-plugin": "4.4.0",
     "@typescript-eslint/parser": "4.4.0",

src/core/runtime/package.json

@@ -312,7 +312,14 @@ async function saveVpcOutputs(props: {
     vpcUtil.parameters.push('cidr');
   }
   if (!vpcUtil.parameters.includes('cidr2') && vpcConfig.cidr2) {
-    await ssm.putParameter(`/${acceleratorPrefix}/network/${vpcPrefix}/${index}/cidr2`, vpcConfig.cidr2.toCidrString());
+    for (const cidrIndex in vpcConfig.cidr2) {
+      if (vpcConfig.cidr2[cidrIndex]) {
+        await ssm.putParameter(
+          `/${acceleratorPrefix}/network/${vpcPrefix}/${index}/cidr2/${cidrIndex}`,
+          vpcConfig.cidr2[cidrIndex].toCidrString(),
+        );
+      }
+    }
     vpcUtil.parameters.push('cidr2');
   }
   let subnetsConfig = vpcConfig.subnets;

src/core/runtime/src/save-outputs-to-ssm/network-outputs.ts

@@ -3,3 +3,4 @@ config.json
 context.json
 outputs.json
 limits.json
+organizations.json

src/deployments/cdk/.gitignore

@@ -138,8 +138,10 @@
     "colors": "1.4.0",
     "constructs": "2.0.1",
     "generate-password": "1.5.1",
+    "hash-sum": "2.0.0",
     "io-ts": "2.1.2",
     "io-ts-types": "0.5.6",
+    "ip-num": "1.3.1",
     "pascal-case": "3.1.1",
     "semver": "7.3.2",
     "tempy": "0.5.0",

src/deployments/cdk/package.json

@@ -75,9 +75,10 @@ export class Nacl extends cdk.Construct {
               if (subnetDefinition.disabled) {
                 continue;
               }
-              const cidrBlock = subnetDefinition.cidr
-                ? subnetDefinition.cidr.toCidrString()
-                : subnetDefinition.cidr2?.toCidrString();
+              if (!subnetDefinition.cidr) {
+                throw new Error(`Please Declare cidr using cidr block only`);
+              }
+              const cidrBlock = subnetDefinition.cidr.toCidrString();
               const aclEntryProps: ec2.CfnNetworkAclEntryProps = {
                 networkAclId: nacl.ref,
                 protocol: rules.protocol,