feat(ec2): add support for IPAM allocation in Subnet configuration

[betchi207]

Issue # (if applicable)

Closes #34296

Reason for this change

The L2 construct Subnet does not currently support IPAM CIDR allocation, but the L1 construct CfnSubnet already does. This feature request proposes to make the L2 construct Subnet IPAM aware, to provide a consistent ease of use similar to L1.

Description of changes

This pull request enhances the L2 Subnet construct to support IPAM allocation. The key changes include:

• Added new optional properties to SubnetProps for IPAM-based CIDR allocation:
  • ipv4IpamAllocation: An optional object to configure IPv4 CIDR allocation from an IPAM pool. It typically accepts an ipamPoolId (string) and an optional netmaskLength (number).
  • ipv6IpamAllocation: An optional object to configure IPv6 CIDR allocation from an IPAM pool. It typically accepts an ipamPoolId (string) and an optional netmaskLength (number).
• Updated the Subnet construct to handle these new properties:
  • If ipv4IpamAllocation is specified (with ipamPoolId and optionally netmaskLength), the construct uses these details to set the Ipv4IpamPoolId and Ipv4NetmaskLength properties of the underlying CfnSubnet.
  • If ipv6IpamAllocation is specified (with ipamPoolId and optionally netmaskLength), the construct uses these details to set the Ipv6IpamPoolId and Ipv6NetmaskLength properties of the underlying CfnSubnet.
  • Ensured mutual exclusivity: An error is thrown if ipv4IpamAllocation is specified along with cidrBlock, or if ipv6IpamAllocation is specified along with ipv6CidrBlock.
• Integrated with VPC-level IPAM settings: If the VPC is configured with an IPAM pool, the subnet will attempt to use the VPC's IPAM settings unless ipv4IpamAllocation or ipv6IpamAllocation is explicitly provided for the subnet.

Describe any new or updated permissions being added

No new IAM permissions are added. Only existing EC2 permissions for allocating CIDRs from an IPAM pool are used.

Description of how you validated changes

• Added unit tests: Test cases for IPAM allocation functionality, including successful allocation and validation scenarios (e.g., mutual exclusivity with cidrBlock), were added to the Subnet class tests.
• Added integration tests: Test cases using actual IPAM allocation configurations were added to verify end-to-end functionality within a CDK stack deployment.
• Manual testing: Executed the CDK application in an actual AWS environment to confirm that CIDR allocation from the IPAM pool functions correctly and integrates with VPC-level IPAM settings.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

(This review is outdated)

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[aws-cdk-automation]

(This review is outdated)

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 1d99898
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository