Feat outposts (#964)

* initial commit for subnets

* Added custom route targets

* fixed vpx cfn route logic

* fixed merge conflict

* Fixed config naming

* fixed AZ references and ts errors

* fixed az reference

* small changes

* Added logging for subnets

* tweak en.ts descriptions

* prettier

Co-authored-by: hickeydh-aws <hickeydh@amazon.com>
Co-authored-by: Brian969 <56414362+Brian969@users.noreply.github.com>

Author: hickeydh-aws

src/core/runtime/src/get-baseline-step.ts

@@ -241,14 +241,15 @@ async function assignDynamicCidrs(input: AssignCidrInput) {
         }
 
         if (existingSubnet['account-ou-key'] === `organizational-unit/${ouKey}`) {
+          const az = subnetDef.az;
           await updateSubnetCidr(subnetCidrPoolAssignedTable, uuidv4(), {
             accountOuKey: `account/${accountKey}`,
             cidr: existingSubnet.cidr,
             pool: existingSubnet['sub-pool'],
             region: vpcConfig.region,
             vpc: vpcConfig.name,
             subnet: subnetConfig.name,
-            az: subnetDef.az,
+            az,
             accountKey,
           });
         }
@@ -351,14 +352,15 @@ async function assignDynamicCidrs(input: AssignCidrInput) {
             );
           }
           console.log(`Dynamic CIDR for "${subnetConfig.name}.${subnetDef.az}" is "${subnetCidr}"`);
+          const az = subnetDef.az;
           await updateSubnetCidr(subnetCidrPoolAssignedTable, uuidv4(), {
             accountOuKey: `account/${accountKey}`,
             cidr: subnetCidr,
             pool: subnetDef.cidr.pool,
             region: vpcConfig.region,
             vpc: vpcConfig.name,
             subnet: subnetConfig.name,
-            az: subnetDef.az,
+            az,
             accountKey,
           });
         } else {

src/deployments/cdk/src/common/vpc.ts

@@ -254,6 +254,13 @@ export class Vpc extends cdk.Construct implements constructs.Vpc {
         : ec2.DefaultInstanceTenancy.DEFAULT,
     });
     this.vpcId = vpcObj.ref;
+    const lgw = props.vpcProps.vpcConfig['lgw-route-table-id'];
+    if (lgw) {
+      new ec2.CfnLocalGatewayRouteTableVPCAssociation(this, `${vpcName}-${lgw}`, {
+        localGatewayRouteTableId: lgw,
+        vpcId: this.vpcId,
+      });
+    }
 
     const extendVpc: ec2.CfnVPCCidrBlock[] = [];
     this.cidr2Block.forEach((additionalCidr, index) => {
@@ -325,6 +332,7 @@ export class Vpc extends cdk.Construct implements constructs.Vpc {
     const subnetsConfig = props.vpcProps.vpcConfig.subnets || [];
     for (const subnetConfig of subnetsConfig) {
       const subnetName = subnetConfig.name;
+      console.log(`Deploying Subnet ${subnetName}`);
       for (const subnetDefinition of subnetConfig.definitions.values()) {
         if (subnetDefinition.disabled) {
           continue;
@@ -345,26 +353,35 @@ export class Vpc extends cdk.Construct implements constructs.Vpc {
           subnetCidr = subnetDefinition.cidr?.value?.toCidrString()!;
         }
         if (!subnetCidr) {
-          console.warn(`Subnet with name "${subnetName}" and AZ "${subnetDefinition.az}" does not have a CIDR block`);
+          console.log(`Subnet with name "${subnetName}" and AZ "${subnetDefinition.az}" does not have a CIDR block`);
           continue;
         }
-
+        let availabilityZone = subnetDefinition.az;
+        if (availabilityZone.length === 1) {
+          availabilityZone = `${this.region}${subnetDefinition.az}`;
+        }
         const subnetId = `${subnetName}_${vpcName}_az${subnetDefinition.az}`;
+        console.log(`Creating subnet ${subnetId}`);
         const subnet = new ec2.CfnSubnet(this, subnetId, {
           cidrBlock: subnetCidr,
           vpcId: vpcObj.ref,
-          availabilityZone: `${this.region}${subnetDefinition.az}`,
+          availabilityZone,
+          outpostArn: subnetDefinition['outpost-arn'],
         });
+        if (availabilityZone.length > 1) {
+          console.log(subnet);
+        }
         for (const extensions of extendVpc) {
           subnet.addDependsOn(extensions);
         }
+
         this.azSubnets.push({
           subnet,
           subnetName,
           id: subnet.ref,
           name: subnetName,
-          az: subnetDefinition.az,
           cidrBlock: subnetCidr,
+          az: subnetDefinition.az,
         });
 
         // Attach Subnet to Route-Table
@@ -686,11 +703,25 @@ export class Vpc extends cdk.Construct implements constructs.Vpc {
             };
             new ec2.CfnRoute(this, constructName, routeParams);
             continue;
+          } else if (route.target === 'customer') {
+            if (!route.type || !route['target-id']) {
+              console.warn(
+                `type and target-id are required when using customer as target for route for the route ${route.name}`,
+              );
+              continue;
+            }
+            const constructName = `${routeTableName}_${route.type}_${route['target-id']}`;
+            const routeParams: ec2.CfnRouteProps = {
+              routeTableId: routeTableObj,
+              [route.type]: route['target-id'],
+              destinationCidrBlock: route.destination as string,
+            };
+            new ec2.CfnRoute(this, constructName, routeParams);
+            continue;
           } else {
             // Need to add for different Routes
             continue;
           }
-
           const params: ec2.CfnRouteProps = {
             routeTableId: routeTableObj,
             destinationCidrBlock: route.destination as string,

src/lib/common-outputs/src/elb.ts

@@ -79,7 +79,7 @@ export const LoadBalancerEndpointOutputFinder = createStructuredOutputFinder(Loa
     accountKey: string;
     region: string;
     vpcName: string;
-    az: string;
+    az: string | undefined;
     elbAccountKey?: string;
   }) =>
     finder.tryFindOne({

src/lib/config-i18n/src/en.ts

@@ -460,7 +460,7 @@ translate(c.SubnetDefinitionConfig, {
   fields: {
     az: {
       title: 'Availability Zone',
-      description: 'Availability Zone to create the subnet in',
+      description: 'Availability Zone to create the subnet.',
     },
     cidr: {
       title: 'Subnet CIDR Definition',
@@ -475,6 +475,10 @@ translate(c.SubnetDefinitionConfig, {
       description:
         'Define the subnet in the Accelerator to reserve the address space, but do not create it at this time.  Used to define a 3 AZ config, but deploy a 2 AZ config.',
     },
+    'outpost-arn': {
+      title: 'Outpost ARN',
+      description: 'The ARN of the Outpost to create the subnet.',
+    },
   },
 });
 
@@ -588,27 +592,38 @@ translate(c.PcxRouteConfigType, {
 
 translate(c.RouteConfig, {
   title: 'Route Config',
-  description: 'The configuration routes that are added to the route tables',
+  description: 'The configuration for routes to be added to a route table',
   fields: {
     destination: {
       title: '',
-      description: 'Destination IP subnet or VPC Gateway endpoint',
+      description: 'Destination CIDR or either "s3", "DynamoDB" for a VPC Gateway endpoint.',
     },
     target: {
       title: '',
-      description: 'Next-hop address for the route',
+      description:
+        'The target type for the next-hop, includes TGW, IGW, VGW, pcx, NATGW_subnet_azX, NFW_subnet_azX, s3, DynamoDB, and customer. If target is set to customer, the target-id and type are required.',
     },
     name: {
       title: '',
-      description: 'Name of the route',
+      description: 'Route table name.',
     },
     az: {
       title: '',
-      description: 'Availability Zone',
+      description: 'Availability Zone (only used when targeting EC2 based firewall appliances)',
     },
     port: {
       title: '',
-      description: 'When routing traffic to ports of 3rd party virtual appliances',
+      description:
+        'Subnet name containing the targeted virtual appliance port (only used when targeting EC2 based firewall appliances)',
+    },
+    'target-id': {
+      title: 'Target ID',
+      description: 'The ID of the specified target, i.e. igw-12345678901234567.',
+    },
+    type: {
+      title: 'Target Type',
+      description:
+        'The target type for the next hop, when created external to the ASEA. Valid values: "egressOnlyInternetGatewayId", "gatewayId", "instanceId", "localGatewayId","natGatewayId", "networkInterfaceId", "transitGatewayId", "vpcEndpointId", "vpcPeeringConnectionId".',
     },
   },
 });
@@ -1032,6 +1047,10 @@ translate(c.VpcConfigType, {
       title: '',
       description: 'Use central endpoints for this VPC',
     },
+    'lgw-route-table-id': {
+      title: 'Local Gateway Route Table ID',
+      description: 'The route table ID to associate a VPC to a local zone.',
+    },
   },
 });
 

src/lib/config-i18n/src/fr.ts

@@ -388,6 +388,9 @@ translate(c.SubnetDefinitionConfig, {
       title: '',
       description: '',
     },
+    'outpost-arn': {
+      title: '',
+    },
   },
 });
 
@@ -520,6 +523,12 @@ translate(c.RouteConfig, {
       title: '',
       description: '',
     },
+    'target-id': {
+      title: '',
+    },
+    type: {
+      title: '',
+    },
   },
 });
 
@@ -935,6 +944,9 @@ translate(c.VpcConfigType, {
       title: '',
       description: '',
     },
+    'lgw-route-table-id': {
+      title: '',
+    },
   },
 });
 

src/lib/config/src/config.v2.ts

@@ -99,7 +99,8 @@ export const CidrConfigType = t.interface({
 export type CidrConfig = t.TypeOf<typeof CidrConfigType>;
 
 export const SubnetDefinitionConfig = t.interface({
-  az: t.availabilityZone,
+  az: t.union([t.availabilityZone, t.nonEmptyString]),
+  'outpost-arn': t.optional(t.nonEmptyString),
   cidr: t.optional(CidrConfigType),
   'route-table': t.nonEmptyString,
   disabled: t.defaulted(t.boolean, false),
@@ -152,12 +153,28 @@ export const AccountVpcConfigType = t.interface({
 
 export type AccountVpcConfigType = t.TypeOf<typeof AccountVpcConfigType>;
 
+export const RouteTargetType = t.enums('RouteTargetType', [
+  'egressOnlyInternetGatewayId',
+  'gatewayId',
+  'instanceId',
+  'localGatewayId',
+  'natGatewayId',
+  'networkInterfaceId',
+  'transitGatewayId',
+  'vpcEndpointId',
+  'vpcPeeringConnectionId',
+]);
+
+export type RouteTargetType = t.TypeOf<typeof RouteTargetType>;
+
 export const RouteConfig = t.interface({
   destination: t.union([t.nonEmptyString, PcxRouteConfigType]), // TODO Can be string or destination in another account
   target: t.nonEmptyString,
   name: t.optional(t.nonEmptyString),
   az: t.optional(t.nonEmptyString),
   port: t.optional(t.nonEmptyString),
+  type: t.optional(RouteTargetType),
+  'target-id': t.optional(t.nonEmptyString),
 });
 
 export const RouteTableConfigType = t.interface({
@@ -308,6 +325,7 @@ export const VpcConfigType = t.interface({
   'security-groups': t.optional(t.array(SecurityGroupConfigType)),
   zones: t.optional(ZoneNamesConfigType),
   'central-endpoint': t.defaulted(t.boolean, false),
+  'lgw-route-table-id': t.optional(t.nonEmptyString),
 });
 
 export type VpcConfig = t.TypeOf<typeof VpcConfigType>;