Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Subnet selection returns more than one per AZ #3126

Closed
1 of 5 tasks
pagameba opened this issue Jun 28, 2019 · 20 comments · Fixed by #6265
Closed
1 of 5 tasks

Subnet selection returns more than one per AZ #3126

pagameba opened this issue Jun 28, 2019 · 20 comments · Fixed by #6265
Assignees
Labels
@aws-cdk/aws-elasticloadbalancing Related to Amazon Elastic Load Balancing bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort needs-reproduction This issue needs reproduction. p1 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@pagameba
Copy link

Note: for support questions, please first reference our documentation, then use Stackoverflow. This repository's issues are intended for feature requests and bug reports.

  • I'm submitting a ...

    • 🪲 bug report
    • 🚀 feature request
    • 📚 construct library gap
    • ☎️ security issue or vulnerability => Please see policy
    • ❓ support request => Please see note at the top of this template.
  • What is the current behavior?
    If the current behavior is a 🪲bug🪲: Please provide the steps to reproduce

Creation of an ALB is failing with an error that it is getting more than one subnet per AZ.

A load balancer cannot be attached to multiple subnets in the same Availability Zone (Service: AmazonElasticLoadBalancingV2; Status Code: 400; Error Code: InvalidConfigurationRequest;

code to reproduce:

      const vpcId = "vpc-xxxxxx";

      const vpc = ec2.Vpc.fromLookup(this, "Vpc", { vpcId: vpcId });

      const alb = new elbv2.ApplicationLoadBalancer(this, id + "LoadBalancer", {
        loadBalancerName: id + 'ALB',
        vpc: vpc,
        internetFacing: false,
        vpcSubnets: {subnetType: ec2.SubnetType.PRIVATE, onePerAz: true}
      });

cdk synth shows a long list of subnets.

console.log(vpc.selectSubnets({subnetType: ec2.SubnetType.PRIVATE, onePerAz: true}).availabilityZones outputs

[
  'us-east-1c', 'us-east-1d',
  'us-east-1d', 'us-east-1d',
  'us-east-1d', 'us-east-1d',
  'us-east-1d', 'us-east-1d',
  'us-east-1d', 'us-east-1d',
  'us-east-1e', 'us-east-1e',
  'us-east-1e', 'us-east-1e',
  'us-east-1e', 'us-east-1e',
  'us-east-1e', 'us-east-1e',
  'us-east-1e', 'us-east-1e',
  'us-east-1e', 'us-east-1e',
  'us-east-1e', 'us-east-1e'
]

Having looked at the implementation, it seems that all private subnets retrieved for the VPC have "Private" returned from subnetName() and the implementation of onePerAz simply filters like this:

subnets = subnets.filter(s => subnetName(s) === subnetName(subnets[0]));

so it returns all the subnets, not just one per AZ.

Selecting by subnetName does not actually seem to use the Name shown in the AWS console.

  • What is the expected behavior (or behavior of feature suggested)?
    onePerAz: true should return exactly one subnet per AZ.

  • What is the motivation / use case for changing the behavior or adding this feature?
    trying to create an ALB inside an existing VPC

  • Please tell us about your environment:

    • CDK CLI Version: 0.36.0 (build 6d38487)
    • Module Version: "@aws-cdk/aws-ec2": "^0.36.0"
    • OS: OSX Mojave
    • Language: TypeScript
  • Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, gitter, etc)

@pagameba pagameba added the needs-triage This issue or PR still needs to be triaged. label Jun 28, 2019
@NGL321 NGL321 added bug This issue is a bug. @aws-cdk/aws-elasticloadbalancing Related to Amazon Elastic Load Balancing needs-reproduction This issue needs reproduction. vpc and removed needs-triage This issue or PR still needs to be triaged. labels Jul 1, 2019
@yangas
Copy link

yangas commented Jul 5, 2019

I'm hitting the same issue though tied to the codebuild resource. I'm currently using an existing VPC with ~40 subnets in it and need the onePerAz to avoid hitting limit on resources being attached.

Code used:

const vpc = ec2.Vpc.fromLookup(this, 'VPC', {
	vpcName: 'xxxxxx',
	isDefault: false
});

new codebuild.Project(this, 'ecs-ami-creator', {
	buildSpec: codebuild.BuildSpec.fromObject(yaml.safeLoad(fs.readFileSync(process.env.PWD + '/lib/buildspec.yml', 'utf8'))),
	subnetSelection: { subnetType: ec2.SubnetType.PRIVATE, onePerAz: true },
	vpc: vpc
});

Error Encountered:

Invalid vpc config: the maximum number of subnets is 16 (Service: AWSCodeBuild; Status Code: 400; Error Code: InvalidInputException; Request ID: xxxx)

Environment:

  • CDK CLI Version: 0.37.0 (build c4bdb54)
  • Module Version: @aws-cdk/aws-ec2@0.36.2
  • OS: OSX Mojave
  • Language: TypeScript

Other Info:
I've also hit the need to be able to filter by Name, but after digging around at different issues saw that filtering is using aws-cdk:subnet-name.

Questions:

  • Is it possible to extend the name tag to also use Name?
  • Is it possible to support creating a subnetSelection with custom filtering that has access to the resources tags and allow for manual filtering rules?

@jonnyyu
Copy link

jonnyyu commented Jul 24, 2019

It turns out CDK has some assumptions on the subnets. It looks for
these two tags:'aws-cdk:subnet-type' and 'aws-cdk:subnet-name' on each subnet.

The 'aws-cdk:subnet-type' tag is optional, as CDK will try to guess if a subnet is public if the assign public address on launch is enabled. But the guess seems not working for me, the public subnets also treated as private. As a workaround, I set this tag with value 'Public' just for the public subnets.

The 'aws-cdk:subnet-name' tag is not the name of the subnet, it's actually a group name for the same function subnet on all AZ. For example:
If you have subnet names with AZ embeded 'app_az1', 'app_az2', 'app_az3'. Their 'aws-cdk:subnet-name' tag value should be 'app'.

with all these assumptions, the code below now makes sense, because it is trying to get one for that group 😭

subnets = subnets.filter(s => subnetName(s) === subnetName(subnets[0]));

also you probably need cdk context --clear after you updated the tags, cdk cache the values in cdk.context.json

@giovannidegani
Copy link

Facing the same issue with the latest CDK, onePerAz does not work as expected, in my case are subnets in a VPC that were created by a central team and thus not managed by CDK.

@rix0rrr rix0rrr added the p1 label Oct 24, 2019
@angusfz
Copy link

angusfz commented Dec 14, 2019

Same issue here.
Creating internal ALB with imported VPC which has multiple private subnets in the same AZ, but onePerAz return all subnets.
This will interrupt CDK deploy and return error as below

A load balancer cannot be attached to multiple subnets in the same Availability Zone

Here is the workaround and any suggestion will be appreciated.

    // Import Vpc
    const vpc = ec2.Vpc.fromLookup(this, 'VPC', { vpcName: 'EXISTED_VPC_NAME' });

    // Handle one subnet per AZ
    const subnets: ISubnet[] = [] as ISubnet[];
    vpc.privateSubnets.forEach(subnet => {
      if (subnets.length == 0) {
        subnets.push(subnet);
      } else if (
        subnets.length < 2 &&
        subnets.find(v => {
          if (v.availabilityZone == subnet.availabilityZone) {
            return false;
          }
          return true;
        })
      ) {
        subnets.push(subnet);
      }
    });

    // ALB
    const applicationLoadBalancer = new ApplicationLoadBalancer(tagGroup, 'applicationLoadBalancer', {
      vpc,
      internetFacing: false,
      //vpcSubnets: vpc.selectSubnets({ onePerAz: true})
      vpcSubnets: vpc.selectSubnets({ subnets })
    });

@sarbajitdutta
Copy link

I have the same issue it seems onePerAz is not being honored.

//Shared public Application Load balancer
        final ApplicationLoadBalancer appdevEcsALB = new ApplicationLoadBalancer(this, "appdevEcsALB", ApplicationLoadBalancerProps.builder()
            .vpc(vpc)
            .vpcSubnets(SubnetSelection.builder()
                .onePerAz(true)
                .subnetType(SubnetType.PRIVATE)
                .build())
            .deletionProtection(false)
            .idleTimeout(Duration.seconds(60))
            .http2Enabled(true)
            .internetFacing(false)
            .ipAddressType(IpAddressType.IPV4)
            .loadBalancerName("appdev-cdk-ecs-alb")
            .securityGroup(albSg)
            .build());
3:29:40 PM | CREATE_FAILED        | AWS::ElasticLoadBalancingV2::LoadBalancer     | cbtApiDevFargateService/LB
A load balancer cannot be attached to multiple subnets in the same Availability Zone (Service: AmazonElasticLoadBalancing; Status Code: 400; Error Code: InvalidConfigurationRequest; Request ID: 5a57111a-2611
-4b98-b0bc-baf10615a4a8; Proxy: null)

@lloiacono
Copy link

Why is this issue closed? I'm running the latest version of CDK 1.133.0 (build 2dea31a) (as of writing) and I'm still getting the issue.

@emmanuelnk
Copy link

emmanuelnk commented Apr 27, 2022

I'm also hitting this issue -- I think this should be re-opened. CDK does not honor onePerAZ

@Anonyfox
Copy link

Anonyfox commented May 3, 2022

happens for me too, using CDK 2.22 (lib + bin)

@bugb
Copy link

bugb commented Jul 20, 2022

it happens sometimes for me too!

@hardcode83
Copy link

hardcode83 commented Aug 25, 2022

Hi guys,

I am using ecsPatterns.NetworkLoadBalancedFargateService with a vpc imported with vpc lookup and I am having the same problem yet.

AWS::ElasticLoadBalancingV2::LoadBalancer | staging/gd-billing/LB (staginggdbillingLB6A0E60DF) A load balancer cannot be attached to multiple subnets in the same Availability Zone (Service: AmazonElasticLoadBalancing; Status Code: 400; Error Code: InvalidConfigurationRequest; Request ID: 303a030b-0ec7-4dbd-afe1-195b3089c529; Proxy: null)

PS C:\pod\repos\cdk-ecs-networkloadbalancer> cdk --version
2.38.1 (build a5ced21)

Any fix for the problem?

@rremanan-bwi
Copy link

subnet-name

This didnt work for me, I added a tag 'subnet-name' with same name for 3 subnets in 3 az, but didnt work

@hardcode83
Copy link

@rix0rrr Apologies for the noise...

Here my last try for filter the subnets: result the same problem. cloudformation generate all subnets (with the problem of two in the same AZ):

export class EcsNetworkFargate extends Construct {
constructor(scope: Construct, id: string, props: EcsNetworkFargateProps) {
super(scope, id);
const repo = Repository.fromRepositoryArn(this, "repo", props.arnRepo)
const vpc = ec2.Vpc.fromLookup(this, "VPC", {
vpcId: props.vpcId
})
const publicSubnets = vpc.publicSubnets;
const arrayIds = props.subnets;
const subnetFiltered = publicSubnets.filter(x => {
arrayIds.includes(x.subnetId)
});

const loadBalancedFargateService = new ecsPatterns.NetworkLoadBalancedFargateService(this, 'gd-billing', {
vpc: vpc,

  assignPublicIp: props.assignPublicIp,
  taskSubnets:    subnets: subnetFiltered
  }

....

I dont know why, but its imposible filter the subnets.

Thx in advance everyone.

@madeline-k
Copy link
Contributor

Re-opening this issue, looks like several people still hit the bug after the fix was released. Apologies to everyone that we didn't see this sooner; visibility on closed issues is very limited. For future reference, opening a new issue is a much better way to raise that a closed bug is still occurring.

@madeline-k madeline-k reopened this Jan 25, 2023
@madeline-k madeline-k added the effort/medium Medium work item – several days of effort label Jan 25, 2023
@yibrahim-deloitte
Copy link

Currently facing this issue as well.

@corymhall
Copy link
Contributor

Can someone that is still experiencing this issue provide a reproducible example using the latest version of the CDK?

@mohitanchlia
Copy link

mohitanchlia commented Jun 5, 2023

@corymhall

I get this error when running https://github.com/aws-samples/amazon-sagemaker-mlflow-fargate/blob/main/app.py I have a VPC with multiple subnets in an AZ

11:00:57 AM | CREATE_FAILED | AWS::ElasticLoadBalancingV2::LoadBalancer | MLFLO7B85C32A
A load balancer cannot be attached to multiple subnets in the same Availability Zone (Service: AmazonElasticLoadBalancing; Status Code: 400; Error Code: InvalidConfigurationRequest;
Request ID: 4d0a8d42-28d0-88efea76e961; Proxy: null)

@corymhall
Copy link
Contributor

@mohitanchlia are you running that example as is or are you modifying it to import a VPC instead of using the VPC that it is creating? If you are modifying it to import a VPC can you provide the CDK config that created the VPC?

@corymhall
Copy link
Contributor

@mohitanchlia @yibrahim-deloitte @hardcode83 In order for us to reproduce this issue we need a complete example that includes the VPC configuration that created the VPC (not just the imported VPC).

@corymhall corymhall added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Jun 12, 2023
@github-actions
Copy link

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jun 14, 2023
mergify bot pushed a commit that referenced this issue Oct 3, 2023
…ws-lambda-python-alpha/test/lambda-handler-poetry (#27381)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.3 to 2.0.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p>
<blockquote>
<h2>2.0.6</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>. (GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>2.0.5</h2>
<ul>
<li>Allowed pyOpenSSL third-party module without any deprecation warning. <a href="https://redirect.github.com/urllib3/urllib3/issues/3126">#3126</a></li>
<li>Fixed default <code>blocksize</code> of <code>HTTPConnection</code> classes to match high-level classes. Previously was 8KiB, now 16KiB. <a href="https://redirect.github.com/urllib3/urllib3/issues/3066%3E">#3066</a></li>
</ul>
<h2>2.0.4</h2>
<ul>
<li>Added support for union operators to <code>HTTPHeaderDict</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2254">#2254</a>)</li>
<li>Added <code>BaseHTTPResponse</code> to <code>urllib3.__all__</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3078">#3078</a>)</li>
<li>Fixed <code>urllib3.connection.HTTPConnection</code> to raise the <code>http.client.connect</code> audit event to have the same behavior as the standard library HTTP client (<a href="https://redirect.github.com/urllib3/urllib3/issues/2757">#2757</a>)</li>
<li>Relied on the standard library for checking hostnames in supported PyPy releases (<a href="https://redirect.github.com/urllib3/urllib3/issues/3087">#3087</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p>
<blockquote>
<h1>2.0.6 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>.</li>
</ul>
<h1>2.0.5 (2023-09-20)</h1>
<ul>
<li>Allowed pyOpenSSL third-party module without any deprecation warning. (<code>[#3126](urllib3/urllib3#3126) &lt;https://github.com/urllib3/urllib3/issues/3126&gt;</code>__)</li>
<li>Fixed default <code>blocksize</code> of <code>HTTPConnection</code> classes to match high-level classes. Previously was 8KiB, now 16KiB. (<code>[#3066](urllib3/urllib3#3066) &lt;https://github.com/urllib3/urllib3/issues/3066&gt;</code>__)</li>
</ul>
<h1>2.0.4 (2023-07-19)</h1>
<ul>
<li>Added support for union operators to <code>HTTPHeaderDict</code> (<code>[#2254](urllib3/urllib3#2254) &lt;https://github.com/urllib3/urllib3/issues/2254&gt;</code>__)</li>
<li>Added <code>BaseHTTPResponse</code> to <code>urllib3.__all__</code> (<code>[#3078](urllib3/urllib3#3078) &lt;https://github.com/urllib3/urllib3/issues/3078&gt;</code>__)</li>
<li>Fixed <code>urllib3.connection.HTTPConnection</code> to raise the <code>http.client.connect</code> audit event to have the same behavior as the standard library HTTP client (<code>[#2757](urllib3/urllib3#2757) &lt;https://github.com/urllib3/urllib3/issues/2757&gt;</code>__)</li>
<li>Relied on the standard library for checking hostnames in supported PyPy releases (<code>[#3087](urllib3/urllib3#3087) &lt;https://github.com/urllib3/urllib3/issues/3087&gt;</code>__)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/urllib3/urllib3/commit/262e3e332209ee93ff70e2b13502c8f20c105ac8"><code>262e3e3</code></a> Release 2.0.6</li>
<li><a href="https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d"><code>644124e</code></a> Merge pull request from GHSA-v845-jxx5-vc9f</li>
<li><a href="https://github.com/urllib3/urllib3/commit/740380c59ca2a7c2dceca19e5dba99f6b7060e62"><code>740380c</code></a> Bump cryptography from 41.0.3 to 41.0.4 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3131">#3131</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/d9f85a749488188c286cd50606d159874db94d5f"><code>d9f85a7</code></a> Release 2.0.5</li>
<li><a href="https://github.com/urllib3/urllib3/commit/d41f4122966f7f4f5f92001ad518e5d9dafcc886"><code>d41f412</code></a> Undeprecate pyOpenSSL module (<a href="https://redirect.github.com/urllib3/urllib3/issues/3127">#3127</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/b6c04cb3e62ef5a0e4947d037c12fb3ca79e024a"><code>b6c04cb</code></a> Fix a link to &quot;absolute URI&quot; definition (<a href="https://redirect.github.com/urllib3/urllib3/issues/3128">#3128</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/af7c78fa30f5a4e265911371d0c59b6baeddca0f"><code>af7c78f</code></a> refactor: change double conditional to one (<a href="https://redirect.github.com/urllib3/urllib3/issues/3118">#3118</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/34c13c8e68df6f89890ba08b9fc4fbf87ed21669"><code>34c13c8</code></a> Refer to current internet standards in docs on proxies (<a href="https://redirect.github.com/urllib3/urllib3/issues/3124">#3124</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/a3e94f218cd8297db73302eadae235f0c832a809"><code>a3e94f2</code></a> Fix a name of an attribute in docs (<a href="https://redirect.github.com/urllib3/urllib3/issues/3125">#3125</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/da69d4f4f95bc7ef9307fc8e0499c2121f1e4791"><code>da69d4f</code></a> Fix docs build (<a href="https://redirect.github.com/urllib3/urllib3/issues/3123">#3123</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.0.3...2.0.6">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.0.3&new-version=2.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).

</details>
mergify bot pushed a commit that referenced this issue Oct 3, 2023
…ws-lambda-python-alpha/test/lambda-handler-pipenv (#27383)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.4 to 2.0.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p>
<blockquote>
<h2>2.0.6</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>. (GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>2.0.5</h2>
<ul>
<li>Allowed pyOpenSSL third-party module without any deprecation warning. <a href="https://redirect.github.com/urllib3/urllib3/issues/3126">#3126</a></li>
<li>Fixed default <code>blocksize</code> of <code>HTTPConnection</code> classes to match high-level classes. Previously was 8KiB, now 16KiB. <a href="https://redirect.github.com/urllib3/urllib3/issues/3066%3E">#3066</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p>
<blockquote>
<h1>2.0.6 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>.</li>
</ul>
<h1>2.0.5 (2023-09-20)</h1>
<ul>
<li>Allowed pyOpenSSL third-party module without any deprecation warning. (<code>[#3126](urllib3/urllib3#3126) &lt;https://github.com/urllib3/urllib3/issues/3126&gt;</code>__)</li>
<li>Fixed default <code>blocksize</code> of <code>HTTPConnection</code> classes to match high-level classes. Previously was 8KiB, now 16KiB. (<code>[#3066](urllib3/urllib3#3066) &lt;https://github.com/urllib3/urllib3/issues/3066&gt;</code>__)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/urllib3/urllib3/commit/262e3e332209ee93ff70e2b13502c8f20c105ac8"><code>262e3e3</code></a> Release 2.0.6</li>
<li><a href="https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d"><code>644124e</code></a> Merge pull request from GHSA-v845-jxx5-vc9f</li>
<li><a href="https://github.com/urllib3/urllib3/commit/740380c59ca2a7c2dceca19e5dba99f6b7060e62"><code>740380c</code></a> Bump cryptography from 41.0.3 to 41.0.4 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3131">#3131</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/d9f85a749488188c286cd50606d159874db94d5f"><code>d9f85a7</code></a> Release 2.0.5</li>
<li><a href="https://github.com/urllib3/urllib3/commit/d41f4122966f7f4f5f92001ad518e5d9dafcc886"><code>d41f412</code></a> Undeprecate pyOpenSSL module (<a href="https://redirect.github.com/urllib3/urllib3/issues/3127">#3127</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/b6c04cb3e62ef5a0e4947d037c12fb3ca79e024a"><code>b6c04cb</code></a> Fix a link to &quot;absolute URI&quot; definition (<a href="https://redirect.github.com/urllib3/urllib3/issues/3128">#3128</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/af7c78fa30f5a4e265911371d0c59b6baeddca0f"><code>af7c78f</code></a> refactor: change double conditional to one (<a href="https://redirect.github.com/urllib3/urllib3/issues/3118">#3118</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/34c13c8e68df6f89890ba08b9fc4fbf87ed21669"><code>34c13c8</code></a> Refer to current internet standards in docs on proxies (<a href="https://redirect.github.com/urllib3/urllib3/issues/3124">#3124</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/a3e94f218cd8297db73302eadae235f0c832a809"><code>a3e94f2</code></a> Fix a name of an attribute in docs (<a href="https://redirect.github.com/urllib3/urllib3/issues/3125">#3125</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/da69d4f4f95bc7ef9307fc8e0499c2121f1e4791"><code>da69d4f</code></a> Fix docs build (<a href="https://redirect.github.com/urllib3/urllib3/issues/3123">#3123</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.0.4...2.0.6">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.0.4&new-version=2.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).

</details>
mergify bot pushed a commit that referenced this issue Oct 3, 2023
…ws-lambda-python-alpha/test/lambda-handler-dockercopy (#27382)

[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.4 to 2.0.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p>
<blockquote>
<h2>2.0.6</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>. (GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>2.0.5</h2>
<ul>
<li>Allowed pyOpenSSL third-party module without any deprecation warning. <a href="https://redirect.github.com/urllib3/urllib3/issues/3126">#3126</a></li>
<li>Fixed default <code>blocksize</code> of <code>HTTPConnection</code> classes to match high-level classes. Previously was 8KiB, now 16KiB. <a href="https://redirect.github.com/urllib3/urllib3/issues/3066%3E">#3066</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p>
<blockquote>
<h1>2.0.6 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>.</li>
</ul>
<h1>2.0.5 (2023-09-20)</h1>
<ul>
<li>Allowed pyOpenSSL third-party module without any deprecation warning. (<code>[#3126](urllib3/urllib3#3126) &lt;https://github.com/urllib3/urllib3/issues/3126&gt;</code>__)</li>
<li>Fixed default <code>blocksize</code> of <code>HTTPConnection</code> classes to match high-level classes. Previously was 8KiB, now 16KiB. (<code>[#3066](urllib3/urllib3#3066) &lt;https://github.com/urllib3/urllib3/issues/3066&gt;</code>__)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/urllib3/urllib3/commit/262e3e332209ee93ff70e2b13502c8f20c105ac8"><code>262e3e3</code></a> Release 2.0.6</li>
<li><a href="https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d"><code>644124e</code></a> Merge pull request from GHSA-v845-jxx5-vc9f</li>
<li><a href="https://github.com/urllib3/urllib3/commit/740380c59ca2a7c2dceca19e5dba99f6b7060e62"><code>740380c</code></a> Bump cryptography from 41.0.3 to 41.0.4 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3131">#3131</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/d9f85a749488188c286cd50606d159874db94d5f"><code>d9f85a7</code></a> Release 2.0.5</li>
<li><a href="https://github.com/urllib3/urllib3/commit/d41f4122966f7f4f5f92001ad518e5d9dafcc886"><code>d41f412</code></a> Undeprecate pyOpenSSL module (<a href="https://redirect.github.com/urllib3/urllib3/issues/3127">#3127</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/b6c04cb3e62ef5a0e4947d037c12fb3ca79e024a"><code>b6c04cb</code></a> Fix a link to &quot;absolute URI&quot; definition (<a href="https://redirect.github.com/urllib3/urllib3/issues/3128">#3128</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/af7c78fa30f5a4e265911371d0c59b6baeddca0f"><code>af7c78f</code></a> refactor: change double conditional to one (<a href="https://redirect.github.com/urllib3/urllib3/issues/3118">#3118</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/34c13c8e68df6f89890ba08b9fc4fbf87ed21669"><code>34c13c8</code></a> Refer to current internet standards in docs on proxies (<a href="https://redirect.github.com/urllib3/urllib3/issues/3124">#3124</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/a3e94f218cd8297db73302eadae235f0c832a809"><code>a3e94f2</code></a> Fix a name of an attribute in docs (<a href="https://redirect.github.com/urllib3/urllib3/issues/3125">#3125</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/da69d4f4f95bc7ef9307fc8e0499c2121f1e4791"><code>da69d4f</code></a> Fix docs build (<a href="https://redirect.github.com/urllib3/urllib3/issues/3123">#3123</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/2.0.4...2.0.6">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.0.4&new-version=2.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).

</details>
@ryan-strandt
Copy link

@mohitanchlia are you running that example as is or are you modifying it to import a VPC instead of using the VPC that it is creating? If you are modifying it to import a VPC can you provide the CDK config that created the VPC?

Selecting by subnetName does not actually seem to use the Name shown in the AWS console.

What is the expected behavior (or behavior of feature suggested)?
onePerAz: true should return exactly one subnet per AZ.

What is the motivation / use case for changing the behavior or adding this feature?
trying to create an NLB inside an existing VPC

Please tell us about your environment:

CDK CLI Version: 2.154.1
OS: Github Actions
Ubuntu - 22.0
Language: Python

I am facing similar issue with the following

        lb = elbv2.NetworkLoadBalancer(
            self,
            "DBServerlessNLB",
            vpc=vpc,
            enforce_security_group_inbound_rules_on_private_link_traffic=False,
            internet_facing=False,
            security_groups=[nlb_security_group],
            vpc_subnets=ec2.SubnetSelection(
                one_per_az=True, availability_zones=["us-east-2a","us-east-2b","us-east-2c"]
            ),
        )

SubnetSelection is returning 2 subnets from us-east-2c and 1 from us-east-2b.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
@aws-cdk/aws-elasticloadbalancing Related to Amazon Elastic Load Balancing bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort needs-reproduction This issue needs reproduction. p1 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Development

Successfully merging a pull request may close this issue.