AWS CDK の L2 コンストラクト Vpc で Amazon VPC をデプロイするときにデフォルトだとアベイラビリティゾーンごとに NAT Gateway が配置される👌
コスト削減(可用性は考慮した上で)のために NAT Gateway 1つの Multi-AZ VPC にする場合,ドキュメントを読むと natGateways プロパティを指定すれば良さそうかな〜と思ったけど,実際に確認してみることにした.
You can set this number lower than the number of Availability Zones in your VPC in order to save on NAT cost. Be aware you may be charged for cross-AZ data traffic instead.
👾 vpc.ts
実装は必要最低限にしてある.ポイントは maxAzs に 2 を設定しつつ,natGateways を 1 に設定しているところ❗️
import { Stack, StackProps, aws_ec2, } from 'aws-cdk-lib' import { Construct } from 'constructs' export class VpcStack extends Stack { constructor(scope: Construct, id: string, props?: StackProps) { super(scope, id, props) new aws_ec2.Vpc(this, 'Sandbox', { vpcName: 'sandbox', ipAddresses: aws_ec2.IpAddresses.cidr('10.0.0.0/16'), maxAzs: 2, natGateways: 1, }) } }
cdk diff 確認
cdk diff コマンドを実行してリソースを確認すると,期待通りに AWS::EC2::NatGateway と AWS::EC2::EIP は1つになっていた👌
Resources [+] AWS::EC2::VPC Sandbox Sandbox987275F0 [+] AWS::EC2::Subnet Sandbox/PublicSubnet1/Subnet SandboxPublicSubnet1Subnet9E0A0DB2 [+] AWS::EC2::RouteTable Sandbox/PublicSubnet1/RouteTable SandboxPublicSubnet1RouteTableBB2F40D1 [+] AWS::EC2::SubnetRouteTableAssociation Sandbox/PublicSubnet1/RouteTableAssociation SandboxPublicSubnet1RouteTableAssociationCAE797C2 [+] AWS::EC2::Route Sandbox/PublicSubnet1/DefaultRoute SandboxPublicSubnet1DefaultRoute46434711 [+] AWS::EC2::EIP Sandbox/PublicSubnet1/EIP SandboxPublicSubnet1EIP465B69C9 [+] AWS::EC2::NatGateway Sandbox/PublicSubnet1/NATGateway SandboxPublicSubnet1NATGateway840322FF [+] AWS::EC2::Subnet Sandbox/PublicSubnet2/Subnet SandboxPublicSubnet2Subnet0523E7F3 [+] AWS::EC2::RouteTable Sandbox/PublicSubnet2/RouteTable SandboxPublicSubnet2RouteTable6DA55DA1 [+] AWS::EC2::SubnetRouteTableAssociation Sandbox/PublicSubnet2/RouteTableAssociation SandboxPublicSubnet2RouteTableAssociation3BDCDB27 [+] AWS::EC2::Route Sandbox/PublicSubnet2/DefaultRoute SandboxPublicSubnet2DefaultRoute66995042 [+] AWS::EC2::Subnet Sandbox/PrivateSubnet1/Subnet SandboxPrivateSubnet1Subnet1F628632 [+] AWS::EC2::RouteTable Sandbox/PrivateSubnet1/RouteTable SandboxPrivateSubnet1RouteTable34C739A7 [+] AWS::EC2::SubnetRouteTableAssociation Sandbox/PrivateSubnet1/RouteTableAssociation SandboxPrivateSubnet1RouteTableAssociationD516B03C [+] AWS::EC2::Route Sandbox/PrivateSubnet1/DefaultRoute SandboxPrivateSubnet1DefaultRoute96E2A72F [+] AWS::EC2::Subnet Sandbox/PrivateSubnet2/Subnet SandboxPrivateSubnet2SubnetFA04110E [+] AWS::EC2::RouteTable Sandbox/PrivateSubnet2/RouteTable SandboxPrivateSubnet2RouteTable09FE853C [+] AWS::EC2::SubnetRouteTableAssociation Sandbox/PrivateSubnet2/RouteTableAssociation SandboxPrivateSubnet2RouteTableAssociationAA3450CA [+] AWS::EC2::Route Sandbox/PrivateSubnet2/DefaultRoute SandboxPrivateSubnet2DefaultRouteB321953C [+] AWS::EC2::InternetGateway Sandbox/IGW SandboxIGWC27097CE [+] AWS::EC2::VPCGatewayAttachment Sandbox/VPCGW SandboxVPCGWADFB0B7D [+] Custom::VpcRestrictDefaultSG Sandbox/RestrictDefaultSecurityGroupCustomResource SandboxRestrictDefaultSecurityGroupCustomResource46BA297C [+] AWS::IAM::Role Custom::VpcRestrictDefaultSGCustomResourceProvider/Role CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0 [+] AWS::Lambda::Function Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E
デプロイ確認
そして cdk deploy コマンドを実行してデプロイすると,NAT Gateway は ap-northeast-1a に配置されていて,ap-northeast-1a のプライベートサブネットと ap-northeast-1c のプライベートサブネットのルートテーブルを確認すると,どちらも同じ NAT Gateway を経由するようになっていた👌
イメージ通り❗️
ちょっとした確認って大事〜 \( 'ω')/
