i hope you had a good day.
I have the following vpc :
self.vpc = ec2.Vpc(self, 'VPN',
cidr = '10.0.0.0/16',
max_azs = 1,
enable_dns_hostnames = True,
enable_dns_support = True,
# configuration will create 2 subnets in a single AZ.
subnet_configuration=[
ec2.SubnetConfiguration(
name = 'Public-Subnet',
subnet_type = ec2.SubnetType.PUBLIC,
cidr_mask = 20,
),
ec2.SubnetConfiguration(
name = 'Private-Subnet',
subnet_type = ec2.SubnetType.PRIVATE_WITH_NAT,
cidr_mask = 20
)
],
nat_gateways = 1,
nat_gateway_subnets=ec2.SubnetSelection(subnet_group_name="Public-Subnet"),
nat_gateway_provider=ec2.NatProvider.gateway(eip_allocation_ids=[elastic_ip_id]),
)
and I want to allocate cidr with IPAM, I already made a stack to create pools :
cfn_iPAM = ec2.CfnIPAM(self, "MyCfnIPAM", description="description", operating_regions=[ec2.CfnIPAM.IpamOperatingRegionProperty(region_name=self.region)] )
# Top level ipam pool creation used by accounts or regions
cfn_Top_IpamPool = ec2.CfnIPAMPool(self, "TOP-CfnIPAMPool",
address_family="ipv4",
ipam_scope_id=cfn_iPAM.attr_private_default_scope_id,
auto_import=False,
description="top-level-pool",
locale="None",
provisioned_cidrs=[ec2.CfnIPAMPool.ProvisionedCidrProperty(
cidr=cidr_range
)],
publicly_advertisable=False,
)
# region level ipam pool used by regions
cfn_Region_iPAMPool = ec2.CfnIPAMPool(self, "Local-CfnIPAMPool",
address_family="ipv4",
ipam_scope_id=cfn_iPAM.attr_private_default_scope_id,
auto_import=False,
description="region-level-pool",
locale=self.region,
provisioned_cidrs=[ec2.CfnIPAMPool.ProvisionedCidrProperty(
cidr=region_cidr_range
)],
publicly_advertisable=False,
source_ipam_pool_id=cfn_Top_IpamPool.source_ipam_pool_id,
)
cfn_iPAMAllocation = ec2.CfnIPAMAllocation(self, "MyCfnIPAMAllocation",
ipam_pool_id=cfn_Top_IpamPool.attr_ipam_pool_id,
)
The main problem is how I can use the pool in my ec2.vpc, I found it as an arguments in CfnVpc but I want to use it in ec2.vpc because I have all my stack ressources depending to it like VPnendpoint natgateway subnets.... and i don't want to repeat all this just because there is no argument for ipamPool id in ec2.vcp
Thank you for your help
I have may found I workaround to solve this problem, the idea is to exploit the auto import option in the ipam pool.
1- Create a temporary L1 vpc using the ipam pool id to allocate for example 10.0.0.0/16
2- deploy the tmp vcp stack
3- get the cidr of the vpc with Cfnoutput and stock it in a file cidr.txt
4- destroy the tm vpc stack to release the allocation in the ipam
5- read the file in a variable vpc_cidr in the app.py and pass it as a parametre in the final vpc stack
6- Create the final L2 vpc using the cidr parametre vpc_cidr
7- repeat for another vpc the same steps without waiting for release ( in few minutes the ipam will attach automatically the previous vpc to the allocation no overlapping -> compliant )
Note : to be sure that the allocation of the tmp vpc will take on consideration others ipam allocation and avoid to attach it while the allocation is empty or not complete even if this case is rare we could use this check in the bash script :
aws ec2 get-ipam-pool-allocations --ipam-pool-id $(<ipamid) | grep $(<cidr2.txt) | cut -d\" -f4 | tr -d "\n" > check;
while [[ $(<cidr2.txt) != $(<check) ]]; do echo "waiting for allocation in ipam..."; sleep 5; done;
Hope that could help or to be improved to use the ipam param directly in ec2.vpc :)