Skip to content

fix(ec2-alpha): allow publicly routable and 100.64.0.0/10 secondary cidr blocks with rfc 1918 primary #36151

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix(ec2-alpha): allow publicly routable and 100.64.0.0/10 secondary cidr blocks with rfc 1918 primary #36151

wants to merge 2 commits into from

Conversation

@newlinedeveloper
Copy link
Contributor

@newlinedeveloper newlinedeveloper commented Nov 22, 2025

Issue

Closes #36111.

Reason for this change

The VpcV2 validation incorrectly restricts secondary IPv4 CIDR blocks to only the same RFC 1918 range as the primary block. AWS VPC allows RFC 1918 primary + publicly routable secondary and RFC 1918 primary + 100.64.0.0/10 secondary combinations.

Description of changes

  • Updated validateIpv4address to implement AWS VPC CIDR block rules
  • Allows RFC 1918 primary + publicly routable secondary (/16 to /28)
  • Allows RFC 1918 primary + 100.64.0.0/10 secondary (/16 to /28)
  • Maintains restriction on mixing different RFC 1918 ranges
  • Added unit tests and integration test with snapshot

Description of how you validated changes

  • All 20 unit tests passing
  • Integration test deployed successfully to AWS and snapshot generated
  • All lint checks passing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK bug This issue is a bug. effort/medium Medium work item – several days of effort p1 labels Nov 22, 2025
@aws-cdk-automation aws-cdk-automation requested a review from a team November 22, 2025 08:18
aws-cdk-automation
aws-cdk-automation previously requested changes Nov 22, 2025
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(This review is outdated)

@newlinedeveloper newlinedeveloper changed the title fix(aws-ec2-alpha): allow publicly routable and 100.64.0.0/10 secondary cidr blocks with rfc 1918 primary fix(ec2-alpha): allow publicly routable and 100.64.0.0/10 secondary cidr blocks with rfc 1918 primary Nov 22, 2025
@aws-cdk-automation aws-cdk-automation dismissed their stale review November 22, 2025 08:26

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Nov 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK bug This issue is a bug. effort/medium Medium work item – several days of effort p1 pr/needs-maintainer-review This PR needs a review from a Core Team Member

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

(@aws-cdk/aws-ec2-alpha): secondaryAddressBlock IP validation disallows valid options

2 participants

@newlinedeveloper @aws-cdk-automation