Menu
Summary
I am trying to deploy a Redis ElastiCache Cluster on AWS using CDK.
I want the cluster to be within a VPC for security reasons.
My code (see supra) defines a VPC, a security group, a cache subnet group (linked to vpc private subnets) and the cache cluster (linked to both cache subnet group and the security group).
With cdk deploy, the deployment goes well until I receive this error:
ACL_redis (ACLredis) Subnet group [default] belongs to a different VPC [vpc-326ce55b] than [vpc-0c45b593f3a5fdc4d] (Service: AmazonElastiCache; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 901398f4-c355-418d-921b-65e6c52dfe3a)
What I tried
While disabling the rollback, it appears that the cache cluster is created in the default VPC of the region rather than the VPC defined within my stack. I do not understand why Cloud Formation is doing that, as both the security group and the cache subnet group are linked to the stack's VPC.
There is no reference to the region default VPC at all.
Some code
Here is the CDK code
from aws_cdk import (
core,
aws_stepfunctions,
aws_lambda,
aws_stepfunctions_tasks,
aws_sqs,
aws_elasticache,
aws_ec2,
)
PROJECT_CODE = 'ACL'
class AclAwsCdkLearningStack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = aws_ec2.Vpc(self, f"{PROJECT_CODE}_vpc",
cidr="10.0.0.0/16"
)
security_group = aws_ec2.SecurityGroup(
scope=self,
id=f"{PROJECT_CODE}_security_group",
vpc=vpc,
)
private_subnets_ids = [ps.subnet_id for ps in vpc.private_subnets]
cache_subnet_group = aws_elasticache.CfnSubnetGroup(
scope=self,
id=f"{PROJECT_CODE}_cache_subnet_group",
subnet_ids=private_subnets_ids, # todo: add list of subnet ids here
description="subnet group for redis",
)
redis_cluster = aws_elasticache.CfnCacheCluster(
scope=self,
id=f"{PROJECT_CODE}_redis",
engine="redis",
cache_node_type="cache.t2.small",
num_cache_nodes=1,
cache_subnet_group_name=cache_subnet_group.cache_subnet_group_name,
vpc_security_group_ids=[security_group.security_group_id],
)
redis_cluster.add_depends_on(cache_subnet_group)
Here is the resulting JSON CloudFormation code:
{
"Resources": {
"ACLvpcAC1CD0C2": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"InstanceTenancy": "default",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/Resource"
}
},
"ACLvpcPublicSubnet1SubnetAB5536F8": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3a",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/Subnet"
}
},
"ACLvpcPublicSubnet1RouteTable973DCC99": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/RouteTable"
}
},
"ACLvpcPublicSubnet1RouteTableAssociation07D70069": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet1RouteTable973DCC99"
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet1SubnetAB5536F8"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/RouteTableAssociation"
}
},
"ACLvpcPublicSubnet1DefaultRoute5F1B7BC7": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet1RouteTable973DCC99"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"DependsOn": [
"ACLvpcVPCGWA01262F1"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/DefaultRoute"
}
},
"ACLvpcPublicSubnet1EIP0233C01E": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/EIP"
}
},
"ACLvpcPublicSubnet1NATGateway7D889FAC": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ACLvpcPublicSubnet1EIP0233C01E",
"AllocationId"
]
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet1SubnetAB5536F8"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/NATGateway"
}
},
"ACLvpcPublicSubnet2Subnet1243F1B8": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.32.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3b",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/Subnet"
}
},
"ACLvpcPublicSubnet2RouteTableBFA33E2A": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/RouteTable"
}
},
"ACLvpcPublicSubnet2RouteTableAssociation0E367E2F": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet2RouteTableBFA33E2A"
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet2Subnet1243F1B8"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/RouteTableAssociation"
}
},
"ACLvpcPublicSubnet2DefaultRoute6918C2C0": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet2RouteTableBFA33E2A"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"DependsOn": [
"ACLvpcVPCGWA01262F1"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/DefaultRoute"
}
},
"ACLvpcPublicSubnet2EIPBB2E0F7F": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/EIP"
}
},
"ACLvpcPublicSubnet2NATGatewayA823B2BD": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ACLvpcPublicSubnet2EIPBB2E0F7F",
"AllocationId"
]
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet2Subnet1243F1B8"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/NATGateway"
}
},
"ACLvpcPublicSubnet3Subnet74DB8A91": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.64.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3c",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/Subnet"
}
},
"ACLvpcPublicSubnet3RouteTable48D5C590": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/RouteTable"
}
},
"ACLvpcPublicSubnet3RouteTableAssociation6304EEEC": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet3RouteTable48D5C590"
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet3Subnet74DB8A91"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/RouteTableAssociation"
}
},
"ACLvpcPublicSubnet3DefaultRoute5ED7E66D": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet3RouteTable48D5C590"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"DependsOn": [
"ACLvpcVPCGWA01262F1"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/DefaultRoute"
}
},
"ACLvpcPublicSubnet3EIP2A75DA44": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/EIP"
}
},
"ACLvpcPublicSubnet3NATGateway88BC6345": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ACLvpcPublicSubnet3EIP2A75DA44",
"AllocationId"
]
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet3Subnet74DB8A91"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/NATGateway"
}
},
"ACLvpcPrivateSubnet1SubnetB88404CC": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.96.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3a",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/Subnet"
}
},
"ACLvpcPrivateSubnet1RouteTable52EFE8B4": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/RouteTable"
}
},
"ACLvpcPrivateSubnet1RouteTableAssociation07BBA734": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet1RouteTable52EFE8B4"
},
"SubnetId": {
"Ref": "ACLvpcPrivateSubnet1SubnetB88404CC"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/RouteTableAssociation"
}
},
"ACLvpcPrivateSubnet1DefaultRoute1D5645F3": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet1RouteTable52EFE8B4"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ACLvpcPublicSubnet1NATGateway7D889FAC"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/DefaultRoute"
}
},
"ACLvpcPrivateSubnet2Subnet63321773": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.128.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3b",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/Subnet"
}
},
"ACLvpcPrivateSubnet2RouteTable66EECACC": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/RouteTable"
}
},
"ACLvpcPrivateSubnet2RouteTableAssociationB47D85D6": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet2RouteTable66EECACC"
},
"SubnetId": {
"Ref": "ACLvpcPrivateSubnet2Subnet63321773"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/RouteTableAssociation"
}
},
"ACLvpcPrivateSubnet2DefaultRoute692EE131": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet2RouteTable66EECACC"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ACLvpcPublicSubnet2NATGatewayA823B2BD"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/DefaultRoute"
}
},
"ACLvpcPrivateSubnet3SubnetC5349B6D": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.160.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3c",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/Subnet"
}
},
"ACLvpcPrivateSubnet3RouteTableFCCC4D72": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/RouteTable"
}
},
"ACLvpcPrivateSubnet3RouteTableAssociationD5EEF6F8": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet3RouteTableFCCC4D72"
},
"SubnetId": {
"Ref": "ACLvpcPrivateSubnet3SubnetC5349B6D"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/RouteTableAssociation"
}
},
"ACLvpcPrivateSubnet3DefaultRoute6D60CB6B": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet3RouteTableFCCC4D72"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ACLvpcPublicSubnet3NATGateway88BC6345"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/DefaultRoute"
}
},
"ACLvpcIGWA284CC51": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/IGW"
}
},
"ACLvpcVPCGWA01262F1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"InternetGatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/VPCGW"
}
},
"ACLsecuritygroupF744FA96": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "acl-aws-cdk-learning/ACL_security_group",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow all outbound traffic by default",
"IpProtocol": "-1"
}
],
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_security_group/Resource"
}
},
"ACLcachesubnetgroup": {
"Type": "AWS::ElastiCache::SubnetGroup",
"Properties": {
"Description": "subnet group for redis",
"SubnetIds": [
{
"Ref": "ACLvpcPrivateSubnet1SubnetB88404CC"
},
{
"Ref": "ACLvpcPrivateSubnet2Subnet63321773"
},
{
"Ref": "ACLvpcPrivateSubnet3SubnetC5349B6D"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_cache_subnet_group"
}
},
"ACLredis": {
"Type": "AWS::ElastiCache::CacheCluster",
"Properties": {
"CacheNodeType": "cache.t2.small",
"Engine": "redis",
"NumCacheNodes": 1,
"VpcSecurityGroupIds": [
{
"Fn::GetAtt": [
"ACLsecuritygroupF744FA96",
"GroupId"
]
}
]
},
"DependsOn": [
"ACLcachesubnetgroup"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_redis"
}
}
}
}
Bash stuff:
(.env) acl-aws-cdk-learning % cdk deploy
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:
Security Group Changes
┌───┬───────────────────────────────┬─────┬────────────┬─────────────────┐
│ │ Group │ Dir │ Protocol │ Peer │
├───┼───────────────────────────────┼─────┼────────────┼─────────────────┤
│ + │ ${ACL_security_group.GroupId} │ Out │ Everything │ Everyone (IPv4) │
└───┴───────────────────────────────┴─────┴────────────┴─────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
Do you wish to deploy these changes (y/n)? y
acl-aws-cdk-learning: deploying...
acl-aws-cdk-learning: creating CloudFormation changeset...
0/38 | 11:00:17 | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata
0/38 | 11:00:17 | CREATE_IN_PROGRESS | AWS::EC2::InternetGateway | ACL_vpc/IGW (ACLvpcIGWA284CC51)
(...)
20/38 | 11:00:53 | CREATE_IN_PROGRESS | AWS::ElastiCache::SubnetGroup | ACL_cache_subnet_group (ACLcachesubnetgroup) Resource creation Initiated
21/38 | 11:00:53 | CREATE_COMPLETE | AWS::ElastiCache::SubnetGroup | ACL_cache_subnet_group (ACLcachesubnetgroup)
21/38 | 11:00:55 | CREATE_IN_PROGRESS | AWS::ElastiCache::CacheCluster | ACL_redis (ACLredis)
22/38 | 11:00:56 | CREATE_FAILED | AWS::ElastiCache::CacheCluster | ACL_redis (ACLredis) Subnet group [default] belongs to a different VPC [vpc-326ce55b] than [vpc-0c45b593f3a5fdc4d] (Service: AmazonElastiCache; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 901398f4-c355-418d-921b-65e6c52dfe3a)
obj._wrapSandboxCode (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7761:49)
\_ Kernel._wrapSandboxCode (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8221:20)
\_ Kernel._create (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7761:26)
\_ Kernel.create (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7508:21)
\_ KernelHost.processRequest (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7296:28)
\_ KernelHost.run (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7236:14)
\_ Immediate.setImmediate [as _onImmediate] (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7239:37)
\_ runCallback (timers.js:694:18)
\_ tryOnImmediate (timers.js:665:5)
\_ processImmediate (timers.js:647:5)
295
A subnet group is a collection of subnets (typically private) that you can designate for your clusters running in an Amazon Virtual Private Cloud (VPC) environment. If you create a cluster in an Amazon VPC, you must specify a subnet group.
Sign in to the AWS Management Console and open the ElastiCache console at https://console.aws.amazon.com/elasticache/ . From the navigation pane, choose Redis clusters. The clusters screen will appear with a list of Redis (cluster mode disabled) and Redis (cluster mode enabled) clusters.
Built on open-source Redis and compatible with the Redis APIs, ElastiCache for Redis works with your Redis clients and uses the open Redis data format to store your data. Your self-managed Redis applications can work seamlessly with ElastiCache for Redis without any code changes.
If you create a cluster in an Amazon VPC, you must specify a subnet group. ElastiCache uses that subnet group to choose a subnet and IP addresses within that subnet to associate with your nodes.
ElastiCache RBAC passwords aren’t defined, stored, or shared in plaintext when ElastiCache RBAC users are created ElastiCache RBAC users and groups can be defined wholly in AWS CDK (and by extension AWS CloudFormation) and included as infrastructure as code
Amazon ElastiCache for Redis is an AWS managed, Redis-compliant service that provides a high-performance, scalable, and distributed key-value data store that you can use as a database, cache, message broker, or queue.
A subnet group is a collection of subnets (typically private) that you can designate for your clusters running in an Amazon Virtual Private Cloud (VPC) environment.
I can see that CacheSubnetGroupName is missing in the CacheCluster definition in the generated template. That is why the cache is using the default VPC.
CDK omits your subnet group definition as you assign it incorrectly.
When using a Cfn resource, you should refer to other resources in your code using ref instead of assigning the resource directly as you did.
Your code should work just by updating the following line of your code.
redis_cluster = aws_elasticache.CfnCacheCluster(
...
cache_subnet_group_name=cache_subnet_group.ref
)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
