I’m testing out cdktf typescript with the aws provider and trying to create a new VPC and an array of Subnets. It works fine with this sample code before I add the VpcEndpoint. But as soon as I add VpcEndpoint I get the below error. Any help would be appreciated.
Summary: 0 created, 0 updated, 0 destroyed.
[2022-01-18T00:34:37.901] [ERROR] default - ╷
│ Error: An Interface VPC Endpoint must always have at least one Security Group
│
│ with aws_vpc_endpoint.sample-vpc_ecr-endpoint-dkr_0E500A74,
│ on cdk.tf.json line 385, in resource.aws_vpc_endpoint.sample-vpc_ecr-endpoint-dkr_0E500A74:
│ 385: }
│
╵
╷
│ Error: An Interface VPC Endpoint must always have at least one Security Group
⠹ Deploying Stack: development
Resources
⠋ AWS_VPC_ENDPOINT sample-vpc_ecr-e aws_vpc_endpoint.sample-vpc_ecr-endp
ndpoint-dkr oint-dkr_0E500A74
Summary: 0 created, 0 updated, 0 destroyed.
non-zero exit code 1
Inspecting the privateSubnets
array and I’m getting so it appears to be populate correctly
Inspecting the [
'${TfToken[TOKEN.62]}',
'${TfToken[TOKEN.63]}',
'${TfToken[TOKEN.64]}',
'${TfToken[TOKEN.65]}'
]
const = "100.75.0.0/16";
const privateCidrBlocks = ["100.75.0.0/19", "100.75.32.0/19", "100.75.64.0/19", "100.75.96.0/19"];
const availabilityZones = new datasources.DataAwsAvailabilityZones(this, "avaiability-zones", {
state: "available"
});
const sampleVpc = new vpc.Vpc(this,"sample-vpc", {
cidrBlock: cidr,
enableDnsHostnames: true,
tags: {
Name: "sample-vpc"
}
});
const privateSubnets = privateCidrBlocks.map((cidr, index) => {
let privateSubnet = new vpc.Subnet(this, `private_${index}`, {
vpcId: sampleVpc.id,
cidrBlock: cidr,
availabilityZone: Fn.element(availabilityZones.names, index),
mapPublicIpOnLaunch: false,
tags: {
Name: `sample-private-subnet-${Fn.element(availabilityZones.names, index)}`
}
});
return privateSubnet;
});
new vpc.VpcEndpoint(this, "ecr-endpoint-dkr", {
vpcId: sampleVpc.id,
serviceName: "com.amazonaws.us-west-2.ecr.dkr",
vpcEndpointType: "Interface",
privateDnsEnabled: true,
subnetIds: privateSubnets.map(subnet => Token.asString(subnet.id))
});