No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

you'd need to create the nodes in a private subnet, what code do you have?

So, this is the code for creating the NodeGroup
```const example-ng = new eks.NodeGroup("example-ng", {
    cluster: cluster,
    instanceType: "t2.medium",
    desiredCapacity: 1,
    minSize: 1,
    maxSize: 3,
    instanceProfile: instanceProfile,
    keyName: deployer.keyName,
    nodeUserData: cloudConfig.then((c) =&gt; c.rendered)
});```
And my cluster has `privateSubnetIds` set to `vpc.privateSubnetIds`
pulumi-eks source code should default set  subnet ids from the `cluster.privateSubnetIds`

You need to set the subnet ids: <https://www.pulumi.com/registry/packages/eks/api-docs/nodegroup/#nodesubnetids_nodejs>

&gt; pulumi-eks source code should default set  subnet ids from the cluster.privateSubnetIds
Are you saying you expected the nodes to just automatically be in the right subnet?

image.png

&gt; Are you saying you expected the nodes to just automatically be in the right subnet?
No, I'm saying that from pulumi-eks source code, NodeGroup should inherit subnet ids from the cluster
<https://github.com/pulumi/pulumi-eks/blob/d599a1b1f3650dba4c3dc4f560080e95ce6fb5b1/nodejs/eks/nodegroup.ts#L562>

Also, if I set subnet ids, like this, I would expect that my EC2 instances have only private IPv4 address, but they get public IPv4 address also
```const example-ng = new eks.NodeGroup("example-ng", {
    cluster: cluster,
    instanceType: "t2.medium",
    desiredCapacity: 1,
    minSize: 1,
    maxSize: 3,
    instanceProfile: instanceProfile,
    keyName: deployer.keyName,
    nodeUserData: cloudConfig.then((c) =&gt; c.rendered),
    nodeSubnetIds: vpc.privateSubnetIds
});```
EC2 from NodeGroup with public address.

If I create ManagedNodeGroup, EC2 instances don't have public address

And just for the record, this is EC2 created with ManagedNodeGroup
Here is sample code for that
```const mng = eks.createManagedNodeGroup("example-managed-ng", {
    cluster: cluster,
    nodeGroupName: "aws-managed-ng",
    nodeRoleArn: role.arn,
    remoteAccess: {
        ec2SshKey: deployer.keyName
    },
    scalingConfig: {
        desiredSize: 1,
        minSize: 1,
        maxSize: 3,
    },
    subnetIds: vpc.privateSubnetIds,
    diskSize: 50,
    instanceTypes: ["c4.4xlarge"],
    labels: {"ondemand": "true"},
}, cluster);```

<@UCWG26BH7> did you get the change to check this? :slightly_smiling_face:

I didn't I'm afraid, will try again today

<@UCWG26BH7> pinging again, I know that I'm boring :slightly_smiling_face:

hey sorry, unfortunately I've been sidetracked by other customer requests, could you please open an issue on the pulumi-eks repo

<https://www.pulumi.com/registry/packages/eks/api-docs/cluster/#nodeassociatepublicipaddress_nodejs>  Isn't this the toggle you need to flip?

<@U01UELY9YUR> i need to check this, if this also fails I will open an issue :slightly_smiling_face:

<https://github.com/pulumi/pulumi-eks/issues/681>