Home > Software design >  How cdk/cloudformation understand which subnet is PRIVATE OR PUBLIC?
How cdk/cloudformation understand which subnet is PRIVATE OR PUBLIC?

Time:02-19

I have three subnets in AWS.

One is public because it has internet-gateway

And other two are not.

However when cdk synth, there comes template cdk.context.json

It judges every three subnets are Public

However other two are Isolated in fact(without NAT gateway and public IP)

Why cdk think they are Public??

  "vpc-provider:account=678100XXXXXX:filter.vpc-id=vpc-0867d6797e62dd78b:region=ap-northeast-1:returnAsymmetricSubnets=true": {
    "vpcId": "vpc-0867d6797e62dd78b",
    "vpcCidrBlock": "10.0.0.0/24",
    "availabilityZones": [],
    "subnetGroups": [
      {
        "name": "Public",
        "type": "Public",
        "subnets": [
          {
            "subnetId": "subnet-0b5985476dee1f20c",
            "cidr": "10.0.0.0/25",
            "availabilityZone": "ap-northeast-1c",
            "routeTableId": "rtb-02a749d8d4415bbfb"
          },
          {
            "subnetId": "subnet-0fdd37150bfff91f0",
            "cidr": "10.0.0.128/26",
            "availabilityZone": "ap-northeast-1c",
            "routeTableId": "rtb-02a749d8d4415bbfb"
          },
          {
            "subnetId": "subnet-085c85398f27adbfd",
            "cidr": "10.0.0.192/26",
            "availabilityZone": "ap-northeast-1d",
            "routeTableId": "rtb-02a749d8d4415bbfb"
          }
        ]
      }
    ]
  }
}

CodePudding user response:

Whether a subnet is public or private is determined by its route tables only. Public subnets will have route tables to the internet gateway, whereas private subnets will not. Instead private subnets may have routes to NAT gateways, but this still does not make them public subnets.

  • Related