AWS CDK: Error when deploying Redis ElastiCache: Subnet group belongs to a different VPC than CacheCluster

Tags:

Summary

I am trying to deploy a Redis ElastiCache Cluster on AWS using CDK.

I want the cluster to be within a VPC for security reasons.

My code (see supra) defines a VPC, a security group, a cache subnet group (linked to vpc private subnets) and the cache cluster (linked to both cache subnet group and the security group).

With cdk deploy, the deployment goes well until I receive this error:

ACL_redis (ACLredis) Subnet group [default] belongs to a different VPC [vpc-326ce55b] than [vpc-0c45b593f3a5fdc4d] (Service: AmazonElastiCache; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 901398f4-c355-418d-921b-65e6c52dfe3a)

What I tried

While disabling the rollback, it appears that the cache cluster is created in the default VPC of the region rather than the VPC defined within my stack. I do not understand why Cloud Formation is doing that, as both the security group and the cache subnet group are linked to the stack's VPC.

There is no reference to the region default VPC at all.

Some code

Here is the CDK code

from aws_cdk import (
    core,
    aws_stepfunctions,
    aws_lambda,
    aws_stepfunctions_tasks,
    aws_sqs,
    aws_elasticache,
    aws_ec2,
)

PROJECT_CODE = 'ACL'


class AclAwsCdkLearningStack(core.Stack):

    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        vpc = aws_ec2.Vpc(self, f"{PROJECT_CODE}_vpc",
                          cidr="10.0.0.0/16"
                          )

        security_group = aws_ec2.SecurityGroup(
            scope=self,
            id=f"{PROJECT_CODE}_security_group",
            vpc=vpc,
        )

        private_subnets_ids = [ps.subnet_id for ps in vpc.private_subnets]

        cache_subnet_group = aws_elasticache.CfnSubnetGroup(
            scope=self,
            id=f"{PROJECT_CODE}_cache_subnet_group",
            subnet_ids=private_subnets_ids,  # todo: add list of subnet ids here
            description="subnet group for redis",
        )

        redis_cluster = aws_elasticache.CfnCacheCluster(
            scope=self,
            id=f"{PROJECT_CODE}_redis",
            engine="redis",
            cache_node_type="cache.t2.small",
            num_cache_nodes=1,
            cache_subnet_group_name=cache_subnet_group.cache_subnet_group_name,
            vpc_security_group_ids=[security_group.security_group_id],
        )

        redis_cluster.add_depends_on(cache_subnet_group)

Here is the resulting JSON CloudFormation code:

{
  "Resources": {
    "ACLvpcAC1CD0C2": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "10.0.0.0/16",
        "EnableDnsHostnames": true,
        "EnableDnsSupport": true,
        "InstanceTenancy": "default",
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/Resource"
      }
    },
    "ACLvpcPublicSubnet1SubnetAB5536F8": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock": "10.0.0.0/19",
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        },
        "AvailabilityZone": "eu-west-3a",
        "MapPublicIpOnLaunch": true,
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
          },
          {
            "Key": "aws-cdk:subnet-name",
            "Value": "Public"
          },
          {
            "Key": "aws-cdk:subnet-type",
            "Value": "Public"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/Subnet"
      }
    },
    "ACLvpcPublicSubnet1RouteTable973DCC99": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/RouteTable"
      }
    },
    "ACLvpcPublicSubnet1RouteTableAssociation07D70069": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "ACLvpcPublicSubnet1RouteTable973DCC99"
        },
        "SubnetId": {
          "Ref": "ACLvpcPublicSubnet1SubnetAB5536F8"
        }
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/RouteTableAssociation"
      }
    },
    "ACLvpcPublicSubnet1DefaultRoute5F1B7BC7": {
      "Type": "AWS::EC2::Route",
      "Properties": {
        "RouteTableId": {
          "Ref": "ACLvpcPublicSubnet1RouteTable973DCC99"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "GatewayId": {
          "Ref": "ACLvpcIGWA284CC51"
        }
      },
      "DependsOn": [
        "ACLvpcVPCGWA01262F1"
      ],
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/DefaultRoute"
      }
    },
    "ACLvpcPublicSubnet1EIP0233C01E": {
      "Type": "AWS::EC2::EIP",
      "Properties": {
        "Domain": "vpc",
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/EIP"
      }
    },
    "ACLvpcPublicSubnet1NATGateway7D889FAC": {
      "Type": "AWS::EC2::NatGateway",
      "Properties": {
        "AllocationId": {
          "Fn::GetAtt": [
            "ACLvpcPublicSubnet1EIP0233C01E",
            "AllocationId"
          ]
        },
        "SubnetId": {
          "Ref": "ACLvpcPublicSubnet1SubnetAB5536F8"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/NATGateway"
      }
    },
    "ACLvpcPublicSubnet2Subnet1243F1B8": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock": "10.0.32.0/19",
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        },
        "AvailabilityZone": "eu-west-3b",
        "MapPublicIpOnLaunch": true,
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
          },
          {
            "Key": "aws-cdk:subnet-name",
            "Value": "Public"
          },
          {
            "Key": "aws-cdk:subnet-type",
            "Value": "Public"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/Subnet"
      }
    },
    "ACLvpcPublicSubnet2RouteTableBFA33E2A": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/RouteTable"
      }
    },
    "ACLvpcPublicSubnet2RouteTableAssociation0E367E2F": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "ACLvpcPublicSubnet2RouteTableBFA33E2A"
        },
        "SubnetId": {
          "Ref": "ACLvpcPublicSubnet2Subnet1243F1B8"
        }
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/RouteTableAssociation"
      }
    },
    "ACLvpcPublicSubnet2DefaultRoute6918C2C0": {
      "Type": "AWS::EC2::Route",
      "Properties": {
        "RouteTableId": {
          "Ref": "ACLvpcPublicSubnet2RouteTableBFA33E2A"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "GatewayId": {
          "Ref": "ACLvpcIGWA284CC51"
        }
      },
      "DependsOn": [
        "ACLvpcVPCGWA01262F1"
      ],
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/DefaultRoute"
      }
    },
    "ACLvpcPublicSubnet2EIPBB2E0F7F": {
      "Type": "AWS::EC2::EIP",
      "Properties": {
        "Domain": "vpc",
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/EIP"
      }
    },
    "ACLvpcPublicSubnet2NATGatewayA823B2BD": {
      "Type": "AWS::EC2::NatGateway",
      "Properties": {
        "AllocationId": {
          "Fn::GetAtt": [
            "ACLvpcPublicSubnet2EIPBB2E0F7F",
            "AllocationId"
          ]
        },
        "SubnetId": {
          "Ref": "ACLvpcPublicSubnet2Subnet1243F1B8"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/NATGateway"
      }
    },
    "ACLvpcPublicSubnet3Subnet74DB8A91": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock": "10.0.64.0/19",
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        },
        "AvailabilityZone": "eu-west-3c",
        "MapPublicIpOnLaunch": true,
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
          },
          {
            "Key": "aws-cdk:subnet-name",
            "Value": "Public"
          },
          {
            "Key": "aws-cdk:subnet-type",
            "Value": "Public"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/Subnet"
      }
    },
    "ACLvpcPublicSubnet3RouteTable48D5C590": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/RouteTable"
      }
    },
    "ACLvpcPublicSubnet3RouteTableAssociation6304EEEC": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "ACLvpcPublicSubnet3RouteTable48D5C590"
        },
        "SubnetId": {
          "Ref": "ACLvpcPublicSubnet3Subnet74DB8A91"
        }
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/RouteTableAssociation"
      }
    },
    "ACLvpcPublicSubnet3DefaultRoute5ED7E66D": {
      "Type": "AWS::EC2::Route",
      "Properties": {
        "RouteTableId": {
          "Ref": "ACLvpcPublicSubnet3RouteTable48D5C590"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "GatewayId": {
          "Ref": "ACLvpcIGWA284CC51"
        }
      },
      "DependsOn": [
        "ACLvpcVPCGWA01262F1"
      ],
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/DefaultRoute"
      }
    },
    "ACLvpcPublicSubnet3EIP2A75DA44": {
      "Type": "AWS::EC2::EIP",
      "Properties": {
        "Domain": "vpc",
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/EIP"
      }
    },
    "ACLvpcPublicSubnet3NATGateway88BC6345": {
      "Type": "AWS::EC2::NatGateway",
      "Properties": {
        "AllocationId": {
          "Fn::GetAtt": [
            "ACLvpcPublicSubnet3EIP2A75DA44",
            "AllocationId"
          ]
        },
        "SubnetId": {
          "Ref": "ACLvpcPublicSubnet3Subnet74DB8A91"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/NATGateway"
      }
    },
    "ACLvpcPrivateSubnet1SubnetB88404CC": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock": "10.0.96.0/19",
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        },
        "AvailabilityZone": "eu-west-3a",
        "MapPublicIpOnLaunch": false,
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1"
          },
          {
            "Key": "aws-cdk:subnet-name",
            "Value": "Private"
          },
          {
            "Key": "aws-cdk:subnet-type",
            "Value": "Private"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/Subnet"
      }
    },
    "ACLvpcPrivateSubnet1RouteTable52EFE8B4": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/RouteTable"
      }
    },
    "ACLvpcPrivateSubnet1RouteTableAssociation07BBA734": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "ACLvpcPrivateSubnet1RouteTable52EFE8B4"
        },
        "SubnetId": {
          "Ref": "ACLvpcPrivateSubnet1SubnetB88404CC"
        }
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/RouteTableAssociation"
      }
    },
    "ACLvpcPrivateSubnet1DefaultRoute1D5645F3": {
      "Type": "AWS::EC2::Route",
      "Properties": {
        "RouteTableId": {
          "Ref": "ACLvpcPrivateSubnet1RouteTable52EFE8B4"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "NatGatewayId": {
          "Ref": "ACLvpcPublicSubnet1NATGateway7D889FAC"
        }
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/DefaultRoute"
      }
    },
    "ACLvpcPrivateSubnet2Subnet63321773": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock": "10.0.128.0/19",
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        },
        "AvailabilityZone": "eu-west-3b",
        "MapPublicIpOnLaunch": false,
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2"
          },
          {
            "Key": "aws-cdk:subnet-name",
            "Value": "Private"
          },
          {
            "Key": "aws-cdk:subnet-type",
            "Value": "Private"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/Subnet"
      }
    },
    "ACLvpcPrivateSubnet2RouteTable66EECACC": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/RouteTable"
      }
    },
    "ACLvpcPrivateSubnet2RouteTableAssociationB47D85D6": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "ACLvpcPrivateSubnet2RouteTable66EECACC"
        },
        "SubnetId": {
          "Ref": "ACLvpcPrivateSubnet2Subnet63321773"
        }
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/RouteTableAssociation"
      }
    },
    "ACLvpcPrivateSubnet2DefaultRoute692EE131": {
      "Type": "AWS::EC2::Route",
      "Properties": {
        "RouteTableId": {
          "Ref": "ACLvpcPrivateSubnet2RouteTable66EECACC"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "NatGatewayId": {
          "Ref": "ACLvpcPublicSubnet2NATGatewayA823B2BD"
        }
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/DefaultRoute"
      }
    },
    "ACLvpcPrivateSubnet3SubnetC5349B6D": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock": "10.0.160.0/19",
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        },
        "AvailabilityZone": "eu-west-3c",
        "MapPublicIpOnLaunch": false,
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3"
          },
          {
            "Key": "aws-cdk:subnet-name",
            "Value": "Private"
          },
          {
            "Key": "aws-cdk:subnet-type",
            "Value": "Private"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/Subnet"
      }
    },
    "ACLvpcPrivateSubnet3RouteTableFCCC4D72": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/RouteTable"
      }
    },
    "ACLvpcPrivateSubnet3RouteTableAssociationD5EEF6F8": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "ACLvpcPrivateSubnet3RouteTableFCCC4D72"
        },
        "SubnetId": {
          "Ref": "ACLvpcPrivateSubnet3SubnetC5349B6D"
        }
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/RouteTableAssociation"
      }
    },
    "ACLvpcPrivateSubnet3DefaultRoute6D60CB6B": {
      "Type": "AWS::EC2::Route",
      "Properties": {
        "RouteTableId": {
          "Ref": "ACLvpcPrivateSubnet3RouteTableFCCC4D72"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "NatGatewayId": {
          "Ref": "ACLvpcPublicSubnet3NATGateway88BC6345"
        }
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/DefaultRoute"
      }
    },
    "ACLvpcIGWA284CC51": {
      "Type": "AWS::EC2::InternetGateway",
      "Properties": {
        "Tags": [
          {
            "Key": "Name",
            "Value": "acl-aws-cdk-learning/ACL_vpc"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/IGW"
      }
    },
    "ACLvpcVPCGWA01262F1": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        },
        "InternetGatewayId": {
          "Ref": "ACLvpcIGWA284CC51"
        }
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/VPCGW"
      }
    },
    "ACLsecuritygroupF744FA96": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "acl-aws-cdk-learning/ACL_security_group",
        "SecurityGroupEgress": [
          {
            "CidrIp": "0.0.0.0/0",
            "Description": "Allow all outbound traffic by default",
            "IpProtocol": "-1"
          }
        ],
        "VpcId": {
          "Ref": "ACLvpcAC1CD0C2"
        }
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_security_group/Resource"
      }
    },
    "ACLcachesubnetgroup": {
      "Type": "AWS::ElastiCache::SubnetGroup",
      "Properties": {
        "Description": "subnet group for redis",
        "SubnetIds": [
          {
            "Ref": "ACLvpcPrivateSubnet1SubnetB88404CC"
          },
          {
            "Ref": "ACLvpcPrivateSubnet2Subnet63321773"
          },
          {
            "Ref": "ACLvpcPrivateSubnet3SubnetC5349B6D"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_cache_subnet_group"
      }
    },
    "ACLredis": {
      "Type": "AWS::ElastiCache::CacheCluster",
      "Properties": {
        "CacheNodeType": "cache.t2.small",
        "Engine": "redis",
        "NumCacheNodes": 1,
        "VpcSecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "ACLsecuritygroupF744FA96",
              "GroupId"
            ]
          }
        ]
      },
      "DependsOn": [
        "ACLcachesubnetgroup"
      ],
      "Metadata": {
        "aws:cdk:path": "acl-aws-cdk-learning/ACL_redis"
      }
    }
  }
}

Bash stuff:

(.env) acl-aws-cdk-learning % cdk deploy
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:

Security Group Changes
┌───┬───────────────────────────────┬─────┬────────────┬─────────────────┐
│   │ Group                         │ Dir │ Protocol   │ Peer            │
├───┼───────────────────────────────┼─────┼────────────┼─────────────────┤
│ + │ ${ACL_security_group.GroupId} │ Out │ Everything │ Everyone (IPv4) │
└───┴───────────────────────────────┴─────┴────────────┴─────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Do you wish to deploy these changes (y/n)? y
acl-aws-cdk-learning: deploying...
acl-aws-cdk-learning: creating CloudFormation changeset...
  0/38 | 11:00:17 | CREATE_IN_PROGRESS   | AWS::CDK::Metadata                    | CDKMetadata 
  0/38 | 11:00:17 | CREATE_IN_PROGRESS   | AWS::EC2::InternetGateway             | ACL_vpc/IGW (ACLvpcIGWA284CC51) 
 (...)
 20/38 | 11:00:53 | CREATE_IN_PROGRESS   | AWS::ElastiCache::SubnetGroup         | ACL_cache_subnet_group (ACLcachesubnetgroup) Resource creation Initiated
 21/38 | 11:00:53 | CREATE_COMPLETE      | AWS::ElastiCache::SubnetGroup         | ACL_cache_subnet_group (ACLcachesubnetgroup) 
 21/38 | 11:00:55 | CREATE_IN_PROGRESS   | AWS::ElastiCache::CacheCluster        | ACL_redis (ACLredis) 
 22/38 | 11:00:56 | CREATE_FAILED        | AWS::ElastiCache::CacheCluster        | ACL_redis (ACLredis) Subnet group [default] belongs to a different VPC [vpc-326ce55b] than [vpc-0c45b593f3a5fdc4d] (Service: AmazonElastiCache; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 901398f4-c355-418d-921b-65e6c52dfe3a)
        obj._wrapSandboxCode (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7761:49)
        \_ Kernel._wrapSandboxCode (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8221:20)
        \_ Kernel._create (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7761:26)
        \_ Kernel.create (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7508:21)
        \_ KernelHost.processRequest (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7296:28)
        \_ KernelHost.run (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7236:14)
        \_ Immediate.setImmediate [as _onImmediate] (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7239:37)
        \_ runCallback (timers.js:694:18)
        \_ tryOnImmediate (timers.js:665:5)
        \_ processImmediate (timers.js:647:5)

295

asked Jan 08 '20 10:01

Datalody

1 Answers

I can see that CacheSubnetGroupName is missing in the CacheCluster definition in the generated template. That is why the cache is using the default VPC.

CDK omits your subnet group definition as you assign it incorrectly. When using a Cfn resource, you should refer to other resources in your code using ref instead of assigning the resource directly as you did.

Your code should work just by updating the following line of your code.

redis_cluster = aws_elasticache.CfnCacheCluster(
     ...
     cache_subnet_group_name=cache_subnet_group.ref
)

100

answered Sep 29 '22 17:09

Vikyol

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

AWS CDK: Error when deploying Redis ElastiCache: Subnet group belongs to a different VPC than CacheCluster

Tags:

python

amazon-web-services

amazon-vpc

amazon-elasticache

aws-cdk

Datalody

People also ask

1 Answers

Vikyol

Recent Activity

Donate For Us

AWS CDK: Error when deploying Redis ElastiCache: Subnet group belongs to a different VPC than CacheCluster

Tags:

python

amazon-web-services

amazon-vpc

amazon-elasticache

aws-cdk

Datalody

People also ask

1 Answers

Vikyol

Related questions

Recent Activity

Donate For Us