https://pulumi.com logo
#general
Title
# general
q

quick-hospital-63970

08/07/2023, 2:40 AM
That said, it’s also completely hallucinating a solution to my current question 🙂 maybe I’ll ask that here too: I’m trying to extract the CIDR blocks for just the private subnets in a VPC (created with
awsx.ec2.Vpc
). The
vpc
object exposes
privateSubnetIds
and
subnets
- I was hoping to combine the two using code like the below. However, it complains that
subnet.id
is
Output<string>
and
includes()
of course expects a
string
. Is this something which is possible? The alternative is to re-query the subnets using
aws.ec2.getSubnet
, but that feels kind of iffy/unnecessary, when the subnets are already available on the
vpc
object.
Copy code
export const privateSubnetCidrs = pulumi
  .all([vpc.subnets, vpc.privateSubnetIds])
  .apply(([subnets, privateSubnetIds]) => {
    return subnets
      .filter(subnet => privateSubnetIds.includes(subnet.id))
      .map(subnet => subnet.cidrBlock);
  });
Pulumi AI confidently suggested I do this instead - but there is no such
privateSubnets
field on
vpc
:
Copy code
// Map over the private subnets and retrieve the cidrBlocks
const privateSubnetCidrs = vpc.privateSubnets.apply(privateSubnets =>
    privateSubnets.map(subnet => subnet.cidrBlock)
)
l

little-cartoon-10569

08/07/2023, 2:49 AM
You can add subnetIds into your all/apply guards. However, you don't need to. The awsx VPC does indeed have a privateSubnets property, you don't need to filter subnets by id. https://www.pulumi.com/registry/packages/awsx/api-docs/ec2/vpc/#privatesubnetids_nodejs
Is it possible you were looking on the AWS VPC resource for the privateSubnets property? Only the AWSX resource has it.
q

quick-hospital-63970

08/07/2023, 2:50 AM
This maybe sort of seems to work (untested, but types are happy):
Copy code
export const privateSubnetCidrs = pulumi
  .all([vpc.subnets, vpc.privateSubnetIds])
  .apply(([subnets, privateSubnetIds]) => {
    const cidrBlocks: string[] = [];
    for (const subnet of subnets) {
      pulumi
        .all([subnet.id, subnet.cidrBlock])
        .apply(([subnetId, cidrBlock]) => {
          if (privateSubnetIds.includes(subnetId) && cidrBlock) {
            cidrBlocks.push(cidrBlock);
          }
        });
    }
    return cidrBlocks;
  });
l

little-cartoon-10569

08/07/2023, 2:50 AM
It's massive overkill.
q

quick-hospital-63970

08/07/2023, 2:50 AM
@little-cartoon-10569 it has
privateSubnetIds
, but NOT
privateSubnets
l

little-cartoon-10569

08/07/2023, 2:50 AM
It does. I use it. Have a look at the link I sent.
Here's the code from vpc.d.ts:
Copy code
/**
     * Asynchronously retrieves the private subnets in this Vpc.  This will only retrieve data for
     * the subnets specified when the Vpc was created.  If subnets were created externally, they
     * will not be included.
     */
    get privateSubnets(): Promise<x.ec2.Subnet[]>;
Actually, there must be a version without it. The new docs don't have it.. onesec, I'll check github.
q

quick-hospital-63970

08/07/2023, 2:53 AM
I want you to be right, but I don’t think you are 🙃 https://github.com/pulumi/pulumi-awsx/blob/master/awsx/ec2/vpc.ts
l

little-cartoon-10569

08/07/2023, 2:55 AM
I found it. It's not in AWSX, only AWSXclassic (which is what I use: it's in the same library, in the awsx.classic namespace). You can use that it you prefer.
q

quick-hospital-63970

08/07/2023, 2:55 AM
Ahhh gotcha, I wonder if there are other meaningful differences between those two
Good to know though, thankyou!
l

little-cartoon-10569

08/07/2023, 2:56 AM
Yes, there are a few. I'm surprised it's that hard to get CIDRs (or indeed, subnets) out of the code. I'll have a quick hunt through examples...
I can't see anything that doesn't require an
apply()
. However it looks like you can skip filtering by subnetId. You can just filter on subnets, which have a type property whose lowercase value will be private. https://github.com/pulumi/pulumi-awsx/blob/dad5462435286498bc86168c91c0d801482dbcba/awsx/ec2/subnetDistributor.ts#L52
Ah ignore that. That's not available on the AWS subnet, only the awsx subnet.. 😞
Wow they've made that sort of stuff hard, haven't they?
Maybe you'd be better off finding all routes and grabbing the CIDRs from there 🙂
q

quick-hospital-63970

08/07/2023, 3:07 AM
All good, thanks for taking a look anyway! I think the code I ended up with is… readable, if verbose
Interesting, so I was using the code above to generate Security Group ingress rules (i.e. only allow traffic from the private subnet CIDRs), but it seems that for some reason the CIDRs were never resolved, and no ingress rules ended up being created. Going to just hard-code the CIDRs for now, as this seems to go beyond my understanding of
pulumi.Output
and I don’t have time to figure out what’s happening 😞
m

millions-address-39960

10/07/2023, 6:53 PM
is there a easy way to extract the private subnet ids from the awsx.ec2.Vpc ? I need to add additional route to the routetable for the private subnets
I am struggling from last 2 days and not able to wrap my head around Output<string[]> , how to convert it to string[]
l

little-cartoon-10569

10/07/2023, 8:04 PM
You cannot convert it to a string[] at the top level. Output<string[]> means a string[] that will be available in the indefinite future, not now. It's simply not available yet. Instead, you can apply() the Output. The string[] is made available as a parameter to your callback in apply().