Channels
#general
Title
q
quick-hospital-63970
08/07/2023, 2:40 AMThat said, it’s also completely hallucinating a solution to my current question 🙂 maybe I’ll ask that here too: I’m trying to extract the CIDR blocks for just the private subnets in a VPC (created with
awsx.ec2.VpcvpcprivateSubnetIdssubnetssubnet.idOutput<string>includes()stringaws.ec2.getSubnetvpc Copy code
export const privateSubnetCidrs = pulumi
.all([vpc.subnets, vpc.privateSubnetIds])
.apply(([subnets, privateSubnetIds]) => {
return subnets
.filter(subnet => privateSubnetIds.includes(subnet.id))
.map(subnet => subnet.cidrBlock);
});Pulumi AI confidently suggested I do this instead - but there is no such
privateSubnetsvpc Copy code
// Map over the private subnets and retrieve the cidrBlocks
const privateSubnetCidrs = vpc.privateSubnets.apply(privateSubnets =>
privateSubnets.map(subnet => subnet.cidrBlock)
)l
little-cartoon-10569
08/07/2023, 2:49 AMYou can add subnetIds into your all/apply guards. However, you don't need to. The awsx VPC does indeed have a privateSubnets property, you don't need to filter subnets by id.
https://www.pulumi.com/registry/packages/awsx/api-docs/ec2/vpc/#privatesubnetids_nodejs
Is it possible you were looking on the AWS VPC resource for the privateSubnets property? Only the AWSX resource has it.
q
quick-hospital-63970
08/07/2023, 2:50 AMThis maybe sort of seems to work (untested, but types are happy):
Copy code
export const privateSubnetCidrs = pulumi
.all([vpc.subnets, vpc.privateSubnetIds])
.apply(([subnets, privateSubnetIds]) => {
const cidrBlocks: string[] = [];
for (const subnet of subnets) {
pulumi
.all([subnet.id, subnet.cidrBlock])
.apply(([subnetId, cidrBlock]) => {
if (privateSubnetIds.includes(subnetId) && cidrBlock) {
cidrBlocks.push(cidrBlock);
}
});
}
return cidrBlocks;
});l
little-cartoon-10569
08/07/2023, 2:50 AMIt's massive overkill.
q
quick-hospital-63970
08/07/2023, 2:50 AM@little-cartoon-10569 it has
privateSubnetIdsprivateSubnetsl
little-cartoon-10569
08/07/2023, 2:50 AMIt does. I use it. Have a look at the link I sent.
Here's the code from vpc.d.ts:
Copy code
/**
* Asynchronously retrieves the private subnets in this Vpc. This will only retrieve data for
* the subnets specified when the Vpc was created. If subnets were created externally, they
* will not be included.
*/
get privateSubnets(): Promise<x.ec2.Subnet[]>;Actually, there must be a version without it. The new docs don't have it.. onesec, I'll check github.
q
quick-hospital-63970
08/07/2023, 2:53 AMI want you to be right, but I don’t think you are 🙃 https://github.com/pulumi/pulumi-awsx/blob/master/awsx/ec2/vpc.ts
l
little-cartoon-10569
08/07/2023, 2:55 AMI found it. It's not in AWSX, only AWSXclassic (which is what I use: it's in the same library, in the awsx.classic namespace). You can use that it you prefer.
q
quick-hospital-63970
08/07/2023, 2:55 AMAhhh gotcha, I wonder if there are other meaningful differences between those two
Good to know though, thankyou!
l
little-cartoon-10569
08/07/2023, 2:56 AMYes, there are a few. I'm surprised it's that hard to get CIDRs (or indeed, subnets) out of the code. I'll have a quick hunt through examples...
I can't see anything that doesn't require an
apply()Ah ignore that. That's not available on the AWS subnet, only the awsx subnet.. 😞
Wow they've made that sort of stuff hard, haven't they?
Maybe you'd be better off finding all routes and grabbing the CIDRs from there 🙂
q
quick-hospital-63970
08/07/2023, 3:07 AMAll good, thanks for taking a look anyway! I think the code I ended up with is… readable, if verbose
Interesting, so I was using the code above to generate Security Group ingress rules (i.e. only allow traffic from the private subnet CIDRs), but it seems that for some reason the CIDRs were never resolved, and no ingress rules ended up being created. Going to just hard-code the CIDRs for now, as this seems to go beyond my understanding of
pulumi.Output