aws-ec2: Support creating CfnNetworkInterface without specifying subnet in CDK

[ryxli]

Describe the feature

Unsure if this is actually a valid feature request, or just an inquiry on possible solutions for the use case

Today CfnNetworkInterface requires you to enter a subnetId in CfnNetworkInterfaceProps, can we make it so that subnetId is not a required field but something else such as availability zone.

Use Case

The AWS CLI provides an option to configure a LaunchTemplate specifying an existing network interface as the primary network interface for an autoscaling group.
https://docs.aws.amazon.com/autoscaling/ec2/userguide/examples-launch-templates-aws-cli.html#example-existing-eni-launch-template

This is not possible easily in CDK today through L2 construct LaunchTemplate: #14494

For ENI defined through cdk through L1 construct, CfnNetworkInterface, public subnet must be defined.

We can create a LaunchTemplate with an existing ENI through to CfnLaunchTemplate in networkinterfaces

However when passing this into an cfnAutoScalingGroup, cloudformation has this error:

You must use a valid fully-formed launch template. 
A network interface may not specify both a network interface ID and a subnet 
(Service: AmazonAutoScaling; Status Code: 400; Error Code: ValidationError; 

Wish to be able to configure instances mapped to an ENI with an ASG through CDK.

Proposed Solution

it looks like this is possible through cli, https://docs.aws.amazon.com/autoscaling/ec2/userguide/examples-launch-templates-aws-cli.html#example-existing-eni-launch-template

Here the region is probably configured through aws-cli, even when creating the network interface but unsure.

aws ec2 create-launch-template --launch-template-name my-template-for-auto-scaling --version-description version1 \
  --launch-template-data '{"NetworkInterfaces":[{"DeviceIndex":0,"NetworkInterfaceId":"eni-b9a5ac93","DeleteOnTermination":false}],"ImageId":"ami-04d5cc9b88example","InstanceType":"t2.micro"}'

Wondering if having alternative to creating network interface other than subnet would work, if this is something that is able to be solved through CDK, or if this is not possible if this is happening on server side or through some cloudformation.

Other Information

Some workaround I have tried:

      const template = new CfnLaunchTemplate(this, `LaunchTemplate`, {
          launchTemplateName: `LaunchTemplate`,
          launchTemplateData: {
              instanceType: "instanceType",
              imageId: "imageId",
              networkInterfaces: [{
                  deviceIndex: 0,
                  networkInterfaceId: "EXISTING_ENI_ID"
                  deleteOnTermination: false,
              }],
              iamInstanceProfile: {
                  name: "instanceProfileName"
              },
              userData: Fn.base64(this.createUserData('userdata').render())
          },
      })

      const asg = new AutoScalingGroup(this, `AutoScalingGroup`, {
          vpc: vpc,
          minCapacity: 1,
          maxCapacity: 1,
          desiredCapacity: 1,
          launchTemplate: new LaunchTemplate(this, `throwawaytemplate`, {
              machineImage: someImage,
              instanceType: new InstanceType("someInstanceType"),
              userData: this.createUserData('someUserData'),
              role: someRole
          }),
      });

      const cfnAutoScalingGroup = asg.node.defaultChild as CfnAutoScalingGroup;
      delete cfnAutoScalingGroup.launchTemplate;

      cfnAutoScalingGroup.launchTemplate = {
          version: template.attrLatestVersionNumber,
          launchTemplateName: template.launchTemplateName,
      };

      this.cluster.addAsgCapacityProvider(
          new AsgCapacityProvider(this, `ASGProvider}`, {
              autoScalingGroup: asg
          })
      )

The stack is able to deploy without error when specifying subnetId instead of NetworkInterface id:

...
        networkInterfaces: [{
            deviceIndex: 0,
            subnetId: subnetIdFromVpc,
            groups: securityGroupId,
            deleteOnTermination: false,
        }],
...

This is just a quick hack though and not ideal, since it creates a bunch of useless resources in cloudformation, although that is probably able to be solved just by using all L1 constructs.

However, when the instance gets terminated/restarted, the ASG will create a new network interface instead of using the one created at deployment, for now I just set min, max, desired all to 1.

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.70.0

Environment details (OS name and version, etc.)

Typescript, AL2

[pahud]

If we look at AWS::EC2::NetworkInterface, the subnetId is essentially required. I am afraid this is a hard limit from CFN. Thoughts?

[ryxli]

was able to get around this by not adding the asg to the cluster through cdk, but attach instances created by asg directly to cluster with echo ECS_CLUSTER=clustername >> /etc/ecs/ecs.config

in this way I am able to specify networkInterfaceId in CfnLaunchTemplate and add it to a CfnAutoScalingGroup

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.