[AEA-4684] explicitly state az's

Orkastrated · Orkastrated · commit f0ce065c18d2 · 2024-12-03T12:31:56.000Z
diff --git a/packages/cdk/bin/VpcResourcesApp.ts b/packages/cdk/bin/VpcResourcesApp.ts
@@ -11,6 +11,9 @@ const app = new App()
 
 const version = app.node.tryGetContext("VERSION_NUMBER")
 const commit = app.node.tryGetContext("COMMIT_ID")
+/* when getAz's is called behind the scenes it only returns the first 2 when the stack is account/region agnostic.
+  Allow AZ's to be passed as context otherwise explicitly use the 3 in eu-west-2. */
+const availabilityZones = app.node.tryGetContext("AVAILABILITY_ZONES") || ["eu-west-2a", "eu-west-2b", "eu-west-2c"]
 
 // add cdk-nag to everything
 Aspects.of(app).add(new AwsSolutionsChecks({verbose: true}))
@@ -24,7 +27,8 @@ const VpcResources = new VpcResourcesStack(app, "VpcResourcesStack", {
     region: "eu-west-2"
   },
   stackName: "vpc-resources",
-  version: version
+  version: version,
+  availabilityZones: availabilityZones
 })
 
 // run a synth to add custom resource lambdas and roles
diff --git a/packages/cdk/stacks/VpcResourcesStack.ts b/packages/cdk/stacks/VpcResourcesStack.ts
@@ -19,6 +19,7 @@ import {LogGroup} from "aws-cdk-lib/aws-logs"
 
 export interface VpcResourcesStackProps extends StackProps{
   readonly version: string
+  readonly availabilityZones: [string]
 }
 
 /**
@@ -54,7 +55,7 @@ export class VpcResourcesStack extends Stack {
       ipAddresses: IpAddresses.cidr("10.190.0.0/16"),
       enableDnsSupport: true,
       enableDnsHostnames: true,
-      maxAzs: 3,
+      availabilityZones: props.availabilityZones,
       flowLogs: {
         "FlowLogCloudwatch": {
           destination: FlowLogDestination.toCloudWatchLogs(flowLogsLogGroup, flowLogsRole)
