https://pulumi.com logo
#general
Title
# general
w

wet-gigabyte-99270

12/15/2023, 9:27 AM
I'm using the native AWS to set up a VPC. ( new awsx.ec2.Vpc(...) ) , but I need it to be completely private with no NAT gateways. Is this possible? Or do I need to set up all the individual parts "manually"?
c

cuddly-computer-18851

12/15/2023, 9:31 AM
I wouldn't recommend using
awsx
if you want anything customizable at all, its not really built for it.
w

wet-gigabyte-99270

12/15/2023, 9:33 AM
Yeah, that is what I figured as well. I'm new to AWS and setting up a private vpc with subnets, routes, endpoints, securitygroups and more is a bit overwhelming, was hoping to use awsx as a shortcut. I guess I just have to dive deeper 🙂
I have a cloudformation yaml file to look at, atleast, would be nice to convert it to pulumi. The automatic translator craps out though.
c

cuddly-computer-18851

12/15/2023, 9:36 AM
I think using awsx as inspiration is fine - even spin up a VPC with it to see all the resources it creates. But understanding the primitives of Subnets, NACLs, Route Table translates well to non-AWS networking, and is good to understand.
s

salmon-account-74572

12/15/2023, 4:22 PM
You can create a completely private VPC+subnets (no NAT gateways and no public subnets) using AWSX. Look into the SubnetSpecs and NatGatewayStrategy properties. I’ll try to dig up a link for you.
w

wet-gigabyte-99270

12/15/2023, 4:23 PM
Sounds promising, I was looking around the strategies, but could not find any examples on how they work. Thats where I figured maybe it was impossible.
As an example, here’s a Pulumi program I wrote that creates only public subnets (not what you’re trying to do, but it should be illustrative): https://github.com/scottslowe/learning-tools/blob/28f4e1677b08c72a3ab829b621ca0c04e0433ebb/flatcar/flatcar-pulumi-aws/main.go#L47
w

wet-gigabyte-99270

12/15/2023, 4:29 PM
Thanks! Will look into this
s

salmon-account-74572

12/15/2023, 4:30 PM
NP, I hope it’s useful.
l

little-cartoon-10569

12/17/2023, 8:08 PM
On the original question: Yes. Just configure isolated subnets only. No public or private ones.