Revert "fix(asea): handle duplicate vpc names (#1286)" (#1296)

hickeydh-aws · web-flow · commit fc7b36835afd · 2025-07-21T14:44:13.000-05:00
This reverts commit 3934c7b.
diff --git a/package.json b/package.json
@@ -18,6 +18,5 @@
     "globals": "15.0.0",
     "prettier": "3.0.3",
     "typescript-eslint": "^7.6.0"
-  },
-  "packageManager": "pnpm@10.11.0+sha512.6540583f41cc5f628eb3d9773ecee802f4f9ef9923cc45b69890fb47991d4b092964694ec3a4f738a420c918a333062c8b925d312f42e4f0c263eb603551f977"
-}
+  }
+}
diff --git a/reference-artifacts/Custom-Scripts/lza-upgrade/src/asea-config/index.ts b/reference-artifacts/Custom-Scripts/lza-upgrade/src/asea-config/index.ts
@@ -11,7 +11,6 @@
  *  and limitations under the License.
  */
 import * as t from './types';
-import * as crypto from 'crypto';
 
 export const MandatoryAccountType = t.enums('MandatoryAccountType', [
   'master',
@@ -1324,12 +1323,10 @@ export class AcceleratorConfig {
     // Add mandatory account VPC configuration first
     for (const [accountKey, accountConfig] of this.getMandatoryAccountConfigs()) {
       for (const vpcConfig of accountConfig.vpc || []) {
-        const lzaVpcName = createLzaVpcName(vpcConfig.name, accountKey, vpcConfig.region);
         vpcConfigs.push({
           accountKey,
           vpcConfig,
           ouKey: accountConfig.ou,
-          lzaVpcName 
         });
       }
     }
@@ -1349,14 +1346,13 @@ export class AcceleratorConfig {
                 continue;
               }
             }
-            vpcConfig.lzaVpcName = createLzaVpcName(vpcConfig.name, accountKey, vpcConfig.region);
+            vpcConfig.lzaVpcName = `${vpcConfig.name}_${accountKey}`;
             if (vpcConfig['cidr-src'] === 'dynamic') {
-              const lzaVpcName = createLzaVpcName(vpcConfig.name, accountKey, vpcConfig.region);
               vpcConfigs.push({
                 ouKey,
                 accountKey,
                 vpcConfig,
-                lzaVpcName,
+                lzaVpcName: `${vpcConfig.name}_${accountKey}`,
               });
             }
           }
@@ -1365,7 +1361,6 @@ export class AcceleratorConfig {
               ouKey,
               vpcConfig,
               excludeAccounts,
-              lzaVpcName: createLzaVpcName(vpcConfig.name, ouKey, vpcConfig.region),
             });
           }
         } else {
@@ -1374,7 +1369,6 @@ export class AcceleratorConfig {
             ouKey,
             accountKey: destinationAccountKey,
             vpcConfig,
-            lzaVpcName: createLzaVpcName(vpcConfig.name, destinationAccountKey, vpcConfig.region)
           });
         }
       }
@@ -1387,7 +1381,6 @@ export class AcceleratorConfig {
           accountKey,
           vpcConfig,
           ouKey: accountConfig.ou,
-          lzaVpcName: createLzaVpcName(vpcConfig.name, accountKey, vpcConfig.region),
         });
       }
     }
@@ -1413,10 +1406,3 @@ export class AcceleratorConfig {
       }));
   }
 }
-
-export function createLzaVpcName(vpcName: string, accountKey: string, region: string): string {
-  const md5Hash = crypto.createHash('md5').update(`${vpcName}_${accountKey}_${region}`).digest('hex');
-  const vpcNameWithType = vpcName.endsWith('_vpc') ? vpcName : `${vpcName}_vpc`;
-  const lzaVpcName = `${vpcNameWithType}..${md5Hash.substring(0,5)}`;
-  return lzaVpcName;
-}
diff --git a/reference-artifacts/Custom-Scripts/lza-upgrade/src/convert-config.ts b/reference-artifacts/Custom-Scripts/lza-upgrade/src/convert-config.ts
@@ -35,7 +35,6 @@ import {
   TransitGatewayRouteConfig,
   VpcConfig,
   VpcFlowLogsDestinationConfig,
-  createLzaVpcName,
 } from './asea-config';
 import { loadAseaConfig } from './asea-config/load';
 import * as WriteToSourcesTypes from './common//utils/types/writeToSourcesTypes';
@@ -540,9 +539,9 @@ export class ConvertAseaConfig {
         name: createNetworkFirewallName(firewallConfigName, this.aseaPrefix),
         subnetChangeProtection: false,
         tags: [],
-        vpc: lzaVpcName!,
+        vpc: createVpcName(lzaVpcName ?? vpcConfig.name),
         subnets: this.getAzSubnets(vpcConfig, networkFirewallConfig.subnet.name).map((subnet) =>
-          createSubnetName(vpcConfig.name, subnet.subnetName, subnet.az),
+          createSubnetName(lzaVpcName ?? vpcConfig.name, subnet.subnetName, subnet.az),
         ),
       });
     }
@@ -1777,7 +1776,7 @@ export class ConvertAseaConfig {
               name: instanceNameWithAz,
               account,
               launchTemplate,
-              vpc: firewallScopedVpcConfig?.lzaVpcName!,
+              vpc: `${vpcName}_vpc`,
               terminationProtection,
               detailedMonitoring,
               tags,
@@ -2433,7 +2432,7 @@ export class ConvertAseaConfig {
     const setConfigRulesConfig = async () => {
       if (!globalOptions['aws-config']) return;
       // TODO: Consider account regions for deploymentTargets
-      const currentNodeRuntime = 'nodejs20.x';
+      const currentNodeRuntime = 'nodejs18.x';
       const rulesWithTarget: (AwsConfigRule & {
         deployTo?: string[];
         excludedAccounts?: string[];
@@ -2801,7 +2800,7 @@ export class ConvertAseaConfig {
         if (route['target-vpc']) {
           return {
             account: this.getAccountKeyforLza(globalOptions, route['target-account'] || accountKey),
-            vpcName: this.getLzaVpcName(route['target-vpc']),
+            vpcName: createVpcName(route['target-vpc']),
           };
         } else if (route['target-vpn']) {
           return {
@@ -2968,9 +2967,9 @@ export class ConvertAseaConfig {
             sources: [],
           };
           for (const source of rule.source) {
-            let sourceVpcConfig: ResolvedVpcConfig | undefined;
+            let sourceVpcAccountKey: string | undefined = undefined;
             if (SubnetSourceConfig.is(source)) {
-              sourceVpcConfig = this.vpcConfigs.find(({ vpcConfig }) => vpcConfig.name === source.vpc);
+              sourceVpcAccountKey = this.vpcConfigs.find(({ vpcConfig }) => vpcConfig.name === source.vpc)?.accountKey;
             }
             if (SecurityGroupSourceConfig.is(source)) {
               lzaRule.sources.push({
@@ -2981,14 +2980,14 @@ export class ConvertAseaConfig {
                 //account: this.getAccountKeyforLza(globalOptions, source.account || accountKey || ''),
                 account: this.getAccountKeyforLza(
                   globalOptions,
-                  sourceVpcConfig?.accountKey || source.account || accountKey || '',
+                  sourceVpcAccountKey || source.account || accountKey || '',
                 ),
                 subnets: source.subnet.flatMap((sourceSubnet) =>
                   aseaConfig
-                    .getAzSubnets(sourceVpcConfig?.accountKey || source.account || accountKey || '', source.vpc, sourceSubnet)
+                    .getAzSubnets(sourceVpcAccountKey || source.account || accountKey || '', source.vpc, sourceSubnet)
                     .map((s) => createSubnetName(source.vpc, s.subnetName, s.az)),
                 ),
-                vpc: sourceVpcConfig?.lzaVpcName ?? source.vpc,
+                vpc: createVpcName(source.vpc),
               });
             } else {
               lzaRule.sources.push(source);
@@ -3012,6 +3011,7 @@ export class ConvertAseaConfig {
         rules: NaclConfig[],
         vpcConfig: VpcConfig,
         accountKey?: string,
+        lzaVpcName?: string,
       ) => {
         const lzaRules: (ConvertConfigTypes.LzaNaclInboundRuleType | ConvertConfigTypes.LzaNaclOutboundRuleType)[] = [];
         for (const rule of rules) {
@@ -3055,17 +3055,18 @@ export class ConvertAseaConfig {
                   });
                 } else {
                   // determine which vpc the nacl rule references
+                  // use the lzaVpcName when the config is from ou
                   let destination: string;
                   if (dest.vpc === vpcConfig.name) {
-                    destination = vpcConfig.name;
+                    destination = createVpcName(lzaVpcName ?? vpcConfig.name);
                   } else {
-                    destination = dest.vpc;
+                    destination = createVpcName(dest.vpc);
                   }
-                  const destinationAccountKey = destinationVpcKey ? this.getAccountKeyforLza(globalOptions, destinationVpcKey): undefined;
                   target = {
-                    account: destinationAccountKey,
+                    account: destinationVpcKey ? this.getAccountKeyforLza(globalOptions, destinationVpcKey) : undefined,
                     subnet: createSubnetName(dest.vpc, ruleSubnet.subnetName, ruleSubnet.az),
-                    vpc: createLzaVpcName(destination, destinationAccountKey!, vpcConfig.region),
+                    //vpc: createVpcName(dest.vpc),
+                    vpc: destination,
                     region: targetRegion,
                   };
                 }
@@ -3085,7 +3086,7 @@ export class ConvertAseaConfig {
         }
         return lzaRules;
       };
-      const prepareNaclConfig = (vpcConfig: VpcConfig, accountKey?: string) => {
+      const prepareNaclConfig = (vpcConfig: VpcConfig, accountKey?: string, lzaVpcName?: string) => {
         const naclSubnetConfigs = vpcConfig.subnets?.filter((s) => !!s.nacls);
         if (!naclSubnetConfigs) return;
         const nacls = [];
@@ -3099,8 +3100,8 @@ export class ConvertAseaConfig {
             subnetAssociations: this.getAzSubnets(vpcConfig, subnetConfig.name).map((s) =>
               createSubnetName(vpcConfig.name, s.subnetName, s.az),
             ),
-            inboundRules: prepareNaclRules(inboundRules, vpcConfig, accountKey),
-            outboundRules: prepareNaclRules(outboundRules, vpcConfig, accountKey),
+            inboundRules: prepareNaclRules(inboundRules, vpcConfig, accountKey, lzaVpcName),
+            outboundRules: prepareNaclRules(outboundRules, vpcConfig, accountKey, lzaVpcName),
           });
         }
         return nacls;
@@ -3204,15 +3205,14 @@ export class ConvertAseaConfig {
         vpcConfig: VpcConfig,
         lzaEndpointsConfig: ConvertConfigTypes.ResolverEndpointsType[],
         lzaEndpointsRulesConfig: ConvertConfigTypes.ResolverEndpointRulesType[],
-        accountKey: string | undefined,
       ): ConvertConfigTypes.ResolverEndpointsType[] => {
         let inboundResolver = vpcConfig.resolvers!.inbound;
         let outboundResolver = vpcConfig.resolvers!.outbound;
         if (vpcConfig.resolvers) {
           if (inboundResolver) {
             lzaEndpointsConfig.push({
               name: `${vpcConfig.name}InboundEndpoint`,
-              vpc: createLzaVpcName(vpcConfig.name, accountKey!, vpcConfig.region),
+              vpc: createVpcName(vpcConfig.lzaVpcName ?? vpcConfig.name),
               subnets:
                 vpcConfig.subnets
                   ?.find((subnetItem) => subnetItem.name === vpcConfig.resolvers?.subnet)
@@ -3226,7 +3226,7 @@ export class ConvertAseaConfig {
           if (outboundResolver) {
             lzaEndpointsConfig.push({
               name: `${vpcConfig.name}OutboundEndpoint`,
-              vpc: createLzaVpcName(vpcConfig.name, accountKey!, vpcConfig.region),
+              vpc: createVpcName(vpcConfig.lzaVpcName ?? vpcConfig.name),
               subnets:
                 vpcConfig.subnets
                   ?.find((subnetItem) => subnetItem.name === vpcConfig.resolvers?.subnet)
@@ -3262,7 +3262,7 @@ export class ConvertAseaConfig {
         return lzaEndpointsRulesConfig;
       };
 
-      const prepareResolverConfig = (vpcConfig: VpcConfig, accountKey: string | undefined) => {
+      const prepareResolverConfig = (vpcConfig: VpcConfig) => {
         let lzaResolverConfig: {
           endpoints: ConvertConfigTypes.ResolverEndpointsType[] | undefined;
           queryLogs: { name: string; destinations: string[] } | undefined;
@@ -3274,7 +3274,7 @@ export class ConvertAseaConfig {
         let endpoints: any[] = [];
         if (vpcConfig.resolvers) {
           rules = prepareRulesConfig(vpcConfig, lzaEndpointsRulesConfig);
-          endpoints = prepareEndpointsConfig(vpcConfig, lzaEndpointsConfig, rules!, accountKey);
+          endpoints = prepareEndpointsConfig(vpcConfig, lzaEndpointsConfig, rules!);
         }
 
         lzaResolverConfig = {
@@ -3419,7 +3419,7 @@ export class ConvertAseaConfig {
 
       const prepareVpcConfig = ({ accountKey, ouKey, vpcConfig, excludeAccounts, lzaVpcName }: ResolvedVpcConfig) => {
         return {
-          name: lzaVpcName ?? createVpcName(vpcConfig.name),
+          name: createVpcName(lzaVpcName ?? vpcConfig.name),
           account: accountKey ? this.getAccountKeyforLza(globalOptions, accountKey) : undefined,
           deploymentTargets: !accountKey
             ? {
@@ -3458,13 +3458,13 @@ export class ConvertAseaConfig {
           useCentralEndpoints: vpcConfig['use-central-endpoints'],
           natGateways: prepareNatGatewayConfig(vpcConfig),
           securityGroups: prepareSecurityGroupsConfig(vpcConfig, accountKey),
-          networkAcls: prepareNaclConfig(vpcConfig, accountKey),
+          networkAcls: prepareNaclConfig(vpcConfig, accountKey, lzaVpcName),
           vpcFlowLogs: prepareVpcFlowLogs(vpcConfig['flow-logs']),
           subnets: prepareSubnetConfig(vpcConfig, ouKey, accountKey),
           transitGatewayAttachments: prepareTgwAttachConfig(vpcConfig),
           virtualPrivateGateway: vpcConfig.vgw,
           routeTables: prepareRouteTableConfig(vpcConfig, accountKey),
-          vpcRoute53Resolver: prepareResolverConfig(vpcConfig, accountKey),
+          vpcRoute53Resolver: prepareResolverConfig(vpcConfig),
         };
       };
 
@@ -3493,7 +3493,7 @@ export class ConvertAseaConfig {
         .filter(({ vpcConfig }) => !!vpcConfig.pcx)
         .map(({ vpcConfig }) => ({
           name: peeringConnectionName(vpcConfig.name, vpcConfig.pcx!['source-vpc']),
-          vpcs: [this.getLzaVpcName(vpcConfig.name), this.getLzaVpcName(vpcConfig.pcx!['source-vpc'])],
+          vpcs: [createVpcName(vpcConfig.lzaVpcName ?? vpcConfig.name), createVpcName(vpcConfig.pcx!['source-vpc'])],
         }));
     };
     await setCertificatesConfig();
@@ -3660,10 +3660,6 @@ export class ConvertAseaConfig {
     );
   }
 
-  private getLzaVpcName(vpcName: string): string {
-    return this.vpcConfigs.find((vc) => vc.vpcConfig.name === vpcName )?.lzaVpcName!
-  }
-
   private getVpcCidr({ accountKey, vpcConfig, ouKey }: { accountKey?: string; vpcConfig: VpcConfig; ouKey?: string }) {
     const cidrs: string[] = [];
     if (vpcConfig['cidr-src'] === 'provided') {
diff --git a/src/installer/cdk/src/index.ts b/src/installer/cdk/src/index.ts
@@ -279,7 +279,7 @@ class Installer extends cdk.Stack {
               nodejs: 22,
             },
             commands: [
-              'npm install --global pnpm@10.11.0',
+              'npm install --global pnpm@10.4.1',
               'pnpm install --frozen-lockfile',
               'pnpm recursive run build',
             ],
diff --git a/src/lib/cdk-accelerator/src/codebuild/cdk-deploy-project.ts b/src/lib/cdk-accelerator/src/codebuild/cdk-deploy-project.ts
@@ -194,7 +194,7 @@ export class PrebuiltCdkDeployProject extends CdkDeployProjectBase {
  */
 function installPackageManagerCommands(packageManager: PackageManager) {
   if (packageManager === 'pnpm') {
-    return ['npm install --global pnpm@10.11.0'];
+    return ['npm install --global pnpm@10.4.1'];
   }
   throw new Error(`Unsupported package manager ${packageManager}`);
 }

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,6 @@`
`11`	`11`	`* and limitations under the License.`
`12`	`12`	`*/`
`13`	`13`	`import * as t from './types';`
`14`		`-import * as crypto from 'crypto';`
`15`	`14`
`16`	`15`	`export const MandatoryAccountType = t.enums('MandatoryAccountType', [`
`17`	`16`	`'master',`
`@@ -1324,12 +1323,10 @@ export class AcceleratorConfig {`
`1324`	`1323`	`// Add mandatory account VPC configuration first`
`1325`	`1324`	`for (const [accountKey, accountConfig] of this.getMandatoryAccountConfigs()) {`
`1326`	`1325`	`for (const vpcConfig of accountConfig.vpc \|\| []) {`
`1327`		`- const lzaVpcName = createLzaVpcName(vpcConfig.name, accountKey, vpcConfig.region);`
`1328`	`1326`	`vpcConfigs.push({`
`1329`	`1327`	`accountKey,`
`1330`	`1328`	`vpcConfig,`
`1331`	`1329`	`ouKey: accountConfig.ou,`
`1332`		`- lzaVpcName`
`1333`	`1330`	`});`
`1334`	`1331`	`}`
`1335`	`1332`	`}`
`@@ -1349,14 +1346,13 @@ export class AcceleratorConfig {`
`1349`	`1346`	`continue;`
`1350`	`1347`	`}`
`1351`	`1348`	`}`
`1352`		`- vpcConfig.lzaVpcName = createLzaVpcName(vpcConfig.name, accountKey, vpcConfig.region);`
	`1349`	+ vpcConfig.lzaVpcName = `${vpcConfig.name}_${accountKey}`;
`1353`	`1350`	`if (vpcConfig['cidr-src'] === 'dynamic') {`
`1354`		`- const lzaVpcName = createLzaVpcName(vpcConfig.name, accountKey, vpcConfig.region);`
`1355`	`1351`	`vpcConfigs.push({`
`1356`	`1352`	`ouKey,`
`1357`	`1353`	`accountKey,`
`1358`	`1354`	`vpcConfig,`
`1359`		`- lzaVpcName,`
	`1355`	+ lzaVpcName: `${vpcConfig.name}_${accountKey}`,
`1360`	`1356`	`});`
`1361`	`1357`	`}`
`1362`	`1358`	`}`
`@@ -1365,7 +1361,6 @@ export class AcceleratorConfig {`
`1365`	`1361`	`ouKey,`
`1366`	`1362`	`vpcConfig,`
`1367`	`1363`	`excludeAccounts,`
`1368`		`- lzaVpcName: createLzaVpcName(vpcConfig.name, ouKey, vpcConfig.region),`
`1369`	`1364`	`});`
`1370`	`1365`	`}`
`1371`	`1366`	`} else {`
`@@ -1374,7 +1369,6 @@ export class AcceleratorConfig {`
`1374`	`1369`	`ouKey,`
`1375`	`1370`	`accountKey: destinationAccountKey,`
`1376`	`1371`	`vpcConfig,`
`1377`		`- lzaVpcName: createLzaVpcName(vpcConfig.name, destinationAccountKey, vpcConfig.region)`
`1378`	`1372`	`});`
`1379`	`1373`	`}`
`1380`	`1374`	`}`
`@@ -1387,7 +1381,6 @@ export class AcceleratorConfig {`
`1387`	`1381`	`accountKey,`
`1388`	`1382`	`vpcConfig,`
`1389`	`1383`	`ouKey: accountConfig.ou,`
`1390`		`- lzaVpcName: createLzaVpcName(vpcConfig.name, accountKey, vpcConfig.region),`
`1391`	`1384`	`});`
`1392`	`1385`	`}`
`1393`	`1386`	`}`
`@@ -1413,10 +1406,3 @@ export class AcceleratorConfig {`
`1413`	`1406`	`}));`
`1414`	`1407`	`}`
`1415`	`1408`	`}`
`1416`		`-`
`1417`		`-export function createLzaVpcName(vpcName: string, accountKey: string, region: string): string {`
`1418`		- const md5Hash = crypto.createHash('md5').update(`${vpcName}_${accountKey}_${region}`).digest('hex');
`1419`		- const vpcNameWithType = vpcName.endsWith('_vpc') ? vpcName : `${vpcName}_vpc`;
`1420`		- const lzaVpcName = `${vpcNameWithType}..${md5Hash.substring(0,5)}`;
`1421`		`- return lzaVpcName;`
`1422`		`-}`
Original file line number	Diff line number	Diff line change
`@@ -194,7 +194,7 @@ export class PrebuiltCdkDeployProject extends CdkDeployProjectBase {`
`194`	`194`	`*/`
`195`	`195`	`function installPackageManagerCommands(packageManager: PackageManager) {`
`196`	`196`	`if (packageManager === 'pnpm') {`
`197`		`- return ['npm install --global pnpm@10.11.0'];`
	`197`	`+ return ['npm install --global pnpm@10.4.1'];`
`198`	`198`	`}`
`199`	`199`	throw new Error(`Unsupported package manager ${packageManager}`);
`200`	`200`	`}`