feat(ec2): add support for IPAM allocation in Subnet configuration

[betchi207]

Issue # (if applicable)

Closes #34296

Reason for this change

The L2 construct Subnet does not currently support IPAM CIDR allocation, but the L1 construct CfnSubnet already does. This feature request proposes to make the L2 construct Subnet IPAM aware, to provide a consistent ease of use similar to L1.

Description of changes

This pull request enhances the L2 Subnet construct to support IPAM allocation. The key changes include:

• Added new optional properties to SubnetProps for IPAM-based CIDR allocation:
  • ipv4IpamAllocation: An optional object to configure IPv4 CIDR allocation from an IPAM pool. It typically accepts an ipamPoolId (string) and an optional netmaskLength (number).
  • ipv6IpamAllocation: An optional object to configure IPv6 CIDR allocation from an IPAM pool. It typically accepts an ipamPoolId (string) and an optional netmaskLength (number).
• Updated the Subnet construct to handle these new properties:
  • If ipv4IpamAllocation is specified (with ipamPoolId and optionally netmaskLength), the construct uses these details to set the Ipv4IpamPoolId and Ipv4NetmaskLength properties of the underlying CfnSubnet.
  • If ipv6IpamAllocation is specified (with ipamPoolId and optionally netmaskLength), the construct uses these details to set the Ipv6IpamPoolId and Ipv6NetmaskLength properties of the underlying CfnSubnet.
  • Ensured mutual exclusivity: An error is thrown if ipv4IpamAllocation is specified along with cidrBlock, or if ipv6IpamAllocation is specified along with ipv6CidrBlock.
• Integrated with VPC-level IPAM settings: If the VPC is configured with an IPAM pool, the subnet will attempt to use the VPC's IPAM settings unless ipv4IpamAllocation or ipv6IpamAllocation is explicitly provided for the subnet.

Describe any new or updated permissions being added

No new IAM permissions are added. Only existing EC2 permissions for allocating CIDRs from an IPAM pool are used.

Description of how you validated changes

• Added unit tests: Test cases for IPAM allocation functionality, including successful allocation and validation scenarios (e.g., mutual exclusivity with cidrBlock), were added to the Subnet class tests.
• Added integration tests: Test cases using actual IPAM allocation configurations were added to verify end-to-end functionality within a CDK stack deployment.
• Manual testing: Executed the CDK application in an actual AWS environment to confirm that CIDR allocation from the IPAM pool functions correctly and integrates with VPC-level IPAM settings.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

(This review is outdated)

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[aws-cdk-automation]

(This review is outdated)

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 1d99898
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

This PR has been in the BUILD FAILING state for 3 weeks, and looks abandoned. Note that PRs with failing linting check or builds are not reviewed, please ensure your build is passing

To prevent automatic closure:

• Resume work on the PR
• OR request an exemption by adding a comment containing 'Exemption Request' with justification e.x "Exemption Request: "
• OR request clarification by adding a comment containing 'Clarification Request' with a question e.x "Clarification Request: "

This PR will automatically close in 14 days if no action is taken.

[aws-cdk-automation]

This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.