Datalody
Reputation: 155
AWS CDK: Error when deploying Redis ElastiCache: Subnet group belongs to a different VPC than CacheCluster
Summary
I am trying to deploy a Redis ElastiCache Cluster on AWS using CDK.
I want the cluster to be within a VPC for security reasons.
My code (see supra) defines a VPC, a security group, a cache subnet group (linked to vpc private subnets) and the cache cluster (linked to both cache subnet group and the security group).
With cdk deploy, the deployment goes well until I receive this error:
ACL_redis (ACLredis) Subnet group [default] belongs to a different VPC [vpc-326ce55b] than [vpc-0c45b593f3a5fdc4d] (Service: AmazonElastiCache; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 901398f4-c355-418d-921b-65e6c52dfe3a)
What I tried
While disabling the rollback, it appears that the cache cluster is created in the default VPC of the region rather than the VPC defined within my stack. I do not understand why Cloud Formation is doing that, as both the security group and the cache subnet group are linked to the stack's VPC.
There is no reference to the region default VPC at all.
Some code
Here is the CDK code
from aws_cdk import (
core,
aws_stepfunctions,
aws_lambda,
aws_stepfunctions_tasks,
aws_sqs,
aws_elasticache,
aws_ec2,
)
PROJECT_CODE = 'ACL'
class AclAwsCdkLearningStack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = aws_ec2.Vpc(self, f"{PROJECT_CODE}_vpc",
cidr="10.0.0.0/16"
)
security_group = aws_ec2.SecurityGroup(
scope=self,
id=f"{PROJECT_CODE}_security_group",
vpc=vpc,
)
private_subnets_ids = [ps.subnet_id for ps in vpc.private_subnets]
cache_subnet_group = aws_elasticache.CfnSubnetGroup(
scope=self,
id=f"{PROJECT_CODE}_cache_subnet_group",
subnet_ids=private_subnets_ids, # todo: add list of subnet ids here
description="subnet group for redis",
)
redis_cluster = aws_elasticache.CfnCacheCluster(
scope=self,
id=f"{PROJECT_CODE}_redis",
engine="redis",
cache_node_type="cache.t2.small",
num_cache_nodes=1,
cache_subnet_group_name=cache_subnet_group.cache_subnet_group_name,
vpc_security_group_ids=[security_group.security_group_id],
)
redis_cluster.add_depends_on(cache_subnet_group)
Here is the resulting JSON CloudFormation code:
{
"Resources": {
"ACLvpcAC1CD0C2": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"InstanceTenancy": "default",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/Resource"
}
},
"ACLvpcPublicSubnet1SubnetAB5536F8": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3a",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/Subnet"
}
},
"ACLvpcPublicSubnet1RouteTable973DCC99": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/RouteTable"
}
},
"ACLvpcPublicSubnet1RouteTableAssociation07D70069": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet1RouteTable973DCC99"
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet1SubnetAB5536F8"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/RouteTableAssociation"
}
},
"ACLvpcPublicSubnet1DefaultRoute5F1B7BC7": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet1RouteTable973DCC99"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"DependsOn": [
"ACLvpcVPCGWA01262F1"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/DefaultRoute"
}
},
"ACLvpcPublicSubnet1EIP0233C01E": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/EIP"
}
},
"ACLvpcPublicSubnet1NATGateway7D889FAC": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ACLvpcPublicSubnet1EIP0233C01E",
"AllocationId"
]
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet1SubnetAB5536F8"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/NATGateway"
}
},
"ACLvpcPublicSubnet2Subnet1243F1B8": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.32.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3b",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/Subnet"
}
},
"ACLvpcPublicSubnet2RouteTableBFA33E2A": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/RouteTable"
}
},
"ACLvpcPublicSubnet2RouteTableAssociation0E367E2F": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet2RouteTableBFA33E2A"
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet2Subnet1243F1B8"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/RouteTableAssociation"
}
},
"ACLvpcPublicSubnet2DefaultRoute6918C2C0": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet2RouteTableBFA33E2A"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"DependsOn": [
"ACLvpcVPCGWA01262F1"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/DefaultRoute"
}
},
"ACLvpcPublicSubnet2EIPBB2E0F7F": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/EIP"
}
},
"ACLvpcPublicSubnet2NATGatewayA823B2BD": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ACLvpcPublicSubnet2EIPBB2E0F7F",
"AllocationId"
]
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet2Subnet1243F1B8"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/NATGateway"
}
},
"ACLvpcPublicSubnet3Subnet74DB8A91": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.64.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3c",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/Subnet"
}
},
"ACLvpcPublicSubnet3RouteTable48D5C590": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/RouteTable"
}
},
"ACLvpcPublicSubnet3RouteTableAssociation6304EEEC": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet3RouteTable48D5C590"
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet3Subnet74DB8A91"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/RouteTableAssociation"
}
},
"ACLvpcPublicSubnet3DefaultRoute5ED7E66D": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet3RouteTable48D5C590"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"DependsOn": [
"ACLvpcVPCGWA01262F1"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/DefaultRoute"
}
},
"ACLvpcPublicSubnet3EIP2A75DA44": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/EIP"
}
},
"ACLvpcPublicSubnet3NATGateway88BC6345": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ACLvpcPublicSubnet3EIP2A75DA44",
"AllocationId"
]
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet3Subnet74DB8A91"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/NATGateway"
}
},
"ACLvpcPrivateSubnet1SubnetB88404CC": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.96.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3a",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/Subnet"
}
},
"ACLvpcPrivateSubnet1RouteTable52EFE8B4": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/RouteTable"
}
},
"ACLvpcPrivateSubnet1RouteTableAssociation07BBA734": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet1RouteTable52EFE8B4"
},
"SubnetId": {
"Ref": "ACLvpcPrivateSubnet1SubnetB88404CC"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/RouteTableAssociation"
}
},
"ACLvpcPrivateSubnet1DefaultRoute1D5645F3": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet1RouteTable52EFE8B4"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ACLvpcPublicSubnet1NATGateway7D889FAC"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/DefaultRoute"
}
},
"ACLvpcPrivateSubnet2Subnet63321773": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.128.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3b",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/Subnet"
}
},
"ACLvpcPrivateSubnet2RouteTable66EECACC": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/RouteTable"
}
},
"ACLvpcPrivateSubnet2RouteTableAssociationB47D85D6": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet2RouteTable66EECACC"
},
"SubnetId": {
"Ref": "ACLvpcPrivateSubnet2Subnet63321773"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/RouteTableAssociation"
}
},
"ACLvpcPrivateSubnet2DefaultRoute692EE131": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet2RouteTable66EECACC"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ACLvpcPublicSubnet2NATGatewayA823B2BD"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/DefaultRoute"
}
},
"ACLvpcPrivateSubnet3SubnetC5349B6D": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.160.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3c",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/Subnet"
}
},
"ACLvpcPrivateSubnet3RouteTableFCCC4D72": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/RouteTable"
}
},
"ACLvpcPrivateSubnet3RouteTableAssociationD5EEF6F8": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet3RouteTableFCCC4D72"
},
"SubnetId": {
"Ref": "ACLvpcPrivateSubnet3SubnetC5349B6D"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/RouteTableAssociation"
}
},
"ACLvpcPrivateSubnet3DefaultRoute6D60CB6B": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet3RouteTableFCCC4D72"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ACLvpcPublicSubnet3NATGateway88BC6345"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/DefaultRoute"
}
},
"ACLvpcIGWA284CC51": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/IGW"
}
},
"ACLvpcVPCGWA01262F1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"InternetGatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/VPCGW"
}
},
"ACLsecuritygroupF744FA96": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "acl-aws-cdk-learning/ACL_security_group",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow all outbound traffic by default",
"IpProtocol": "-1"
}
],
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_security_group/Resource"
}
},
"ACLcachesubnetgroup": {
"Type": "AWS::ElastiCache::SubnetGroup",
"Properties": {
"Description": "subnet group for redis",
"SubnetIds": [
{
"Ref": "ACLvpcPrivateSubnet1SubnetB88404CC"
},
{
"Ref": "ACLvpcPrivateSubnet2Subnet63321773"
},
{
"Ref": "ACLvpcPrivateSubnet3SubnetC5349B6D"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_cache_subnet_group"
}
},
"ACLredis": {
"Type": "AWS::ElastiCache::CacheCluster",
"Properties": {
"CacheNodeType": "cache.t2.small",
"Engine": "redis",
"NumCacheNodes": 1,
"VpcSecurityGroupIds": [
{
"Fn::GetAtt": [
"ACLsecuritygroupF744FA96",
"GroupId"
]
}
]
},
"DependsOn": [
"ACLcachesubnetgroup"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_redis"
}
}
}
}
Bash stuff:
(.env) acl-aws-cdk-learning % cdk deploy
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:
Security Group Changes
┌───┬───────────────────────────────┬─────┬────────────┬─────────────────┐
│ │ Group │ Dir │ Protocol │ Peer │
├───┼───────────────────────────────┼─────┼────────────┼─────────────────┤
│ + │ ${ACL_security_group.GroupId} │ Out │ Everything │ Everyone (IPv4) │
└───┴───────────────────────────────┴─────┴────────────┴─────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
Do you wish to deploy these changes (y/n)? y
acl-aws-cdk-learning: deploying...
acl-aws-cdk-learning: creating CloudFormation changeset...
0/38 | 11:00:17 | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata
0/38 | 11:00:17 | CREATE_IN_PROGRESS | AWS::EC2::InternetGateway | ACL_vpc/IGW (ACLvpcIGWA284CC51)
(...)
20/38 | 11:00:53 | CREATE_IN_PROGRESS | AWS::ElastiCache::SubnetGroup | ACL_cache_subnet_group (ACLcachesubnetgroup) Resource creation Initiated
21/38 | 11:00:53 | CREATE_COMPLETE | AWS::ElastiCache::SubnetGroup | ACL_cache_subnet_group (ACLcachesubnetgroup)
21/38 | 11:00:55 | CREATE_IN_PROGRESS | AWS::ElastiCache::CacheCluster | ACL_redis (ACLredis)
22/38 | 11:00:56 | CREATE_FAILED | AWS::ElastiCache::CacheCluster | ACL_redis (ACLredis) Subnet group [default] belongs to a different VPC [vpc-326ce55b] than [vpc-0c45b593f3a5fdc4d] (Service: AmazonElastiCache; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 901398f4-c355-418d-921b-65e6c52dfe3a)
obj._wrapSandboxCode (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7761:49)
\_ Kernel._wrapSandboxCode (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8221:20)
\_ Kernel._create (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7761:26)
\_ Kernel.create (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7508:21)
\_ KernelHost.processRequest (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7296:28)
\_ KernelHost.run (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7236:14)
\_ Immediate.setImmediate [as _onImmediate] (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7239:37)
\_ runCallback (timers.js:694:18)
\_ tryOnImmediate (timers.js:665:5)
\_ processImmediate (timers.js:647:5)
Upvotes: 10
Views: 5966
Answers (1)
Vikyol
Reputation: 5645
I can see that CacheSubnetGroupName is missing in the CacheCluster definition in the generated template. That is why the cache is using the default VPC.
CDK omits your subnet group definition as you assign it incorrectly.
When using a Cfn resource, you should refer to other resources in your code using ref instead of assigning the resource directly as you did.
Your code should work just by updating the following line of your code.
redis_cluster = aws_elasticache.CfnCacheCluster(
...
cache_subnet_group_name=cache_subnet_group.ref
)
Upvotes: 23
Related Questions
- aws cdk for Elasticache Redis Cluster
- Unable to create EC2 with CDK using existing VPC in Python
- issue with updating redis cluster using aws-cdk(python)
- AWS-CDK error: There are no 'Public' subnets in this VPC. Use a different VPC subnet selection
- cdk warning No routeTableId was provided to the subnet at 'PrivateSubnet1'
- CDK: There are no 'Private' subnet groups in this VPC after private group is deployed
- CDK python: how to specify nat_gateway_subnets
- Unable to find select_subnets function in aws CDK
- aws cdk python fails to get application target group
- Why does CDK complain about missing public subnet groups?