VPC Sharing Between Multiple Services #92
Description
🐛 Problem Description
Unable to successfully share a VPC between multiple Service constructs in SST v2. When attempting to reference a VPC created in one stack from services in other stacks, the services still create their own VPCs instead of using the shared one.
🎯 Expected Behavior
- Create a shared VPC in a dedicated stack (
ServicesNetworkStack) - Multiple services should reference and use the same VPC
- Cost optimization through shared NAT Gateway and network resources
- No VPC duplication across services
❌ Actual Behavior
- Services ignore the
vpc: sharedVpcconfiguration - Each service creates its own VPC despite the reference
- CloudFormation logs show services attempting to create their own VPC resources
- Leads to AWS VPC quota limits and resource conflicts
🔧 Environment
- SST Version: v2.43.4
- AWS CDK Version: (bundled with SST)
- Node.js Version: 18.x
- Platform: macOS
- AWS Region: us-east-1
📝 Code Example
Shared VPC Stack
// stacks/network/servicesVpc.ts
import { StackContext } from 'sst/constructs';
import { Vpc, IpAddresses } from 'aws-cdk-lib/aws-ec2';
import * as config from '../config';
export function ServicesNetworkStack({ stack }: StackContext) {
if (!config.DEPLOYMENT_STAGES.includes(stack.stage)) {
return { khServicesVpc: undefined };
}
const khServicesVpc = new Vpc(stack, `${stack.stage}-KhServicesVpc`, {
natGateways: 1,
maxAzs: 2,
ipAddresses: IpAddresses.cidr('10.1.0.0/16'),
});
return { khServicesVpc };
}Service Using Shared VPC
// stacks/services/khAgentAiAdvisor.ts
import { Service, StackContext, use } from 'sst/constructs';
import { ServicesNetworkStack } from '../network/servicesVpc';
export function KhAgentAiAdvisor({ stack }: StackContext) {
const { khServicesVpc } = use(ServicesNetworkStack);
const agentService = new Service(stack, `${stack.stage}-AgentAiAdvisorService`, {
path: 'apps/kh-agent-aiadvisor/app',
cpu: '1 vCPU',
memory: '4 GB',
port: 8090,
vpc: khServicesVpc, // ❌ This is ignored
// ... other config
});
return { agentService };
}Stack Configuration
// sst.config.ts
async stacks(app) {
app.stack(ServicesNetworkStack); // Create VPC first
app.stack(Kio); // Service 1
app.stack(KhAgentAiAdvisor); // Service 2 - should use shared VPC
}🔍 Error Logs
✖ Errors
ServicesNetworkStack ROLLBACK_COMPLETE
dev-KhServicesVpc/PublicSubnet1: Resource handler returned message: "The maximum number of addresses has been reached. (Service: Ec2, Status Code: 400, Request ID: b71c4153-e385-4e08-828f-f10f8aafafa4)"
KhAgentAiAdvisor ROLLBACK_COMPLETE
dev-AgentAiAdvisorService/Vpc/PublicSubnet1: Resource handler returned message: "The maximum number of addresses has been reached. (Service: Ec2, Status Code: 400, Request ID: c1bdce9c-c46a-4a39-bb60-3e03942e41a8)"
Key Issue: Notice dev-AgentAiAdvisorService/Vpc/PublicSubnet1 - the service is creating its own VPC (/Vpc/) instead of using the shared one.
🤔 Analysis
- CloudFormation Timing: VPC reference might not be available during stack construction phase
- SST v2 Limitation: Possible limitation in how
Serviceconstruct handles VPC references - CDK Integration: Issue with how SST v2 passes VPC references to underlying CDK constructs
🔄 Workarounds Attempted
1. Conditional VPC Assignment
vpc: khServicesVpc, // Direct assignment - doesn't work2. Spread Operator Pattern
...(khServicesVpc && { vpc: khServicesVpc }), // Conditional - doesn't work3. Debug Outputs
stack.addOutputs({
AgentUsingSharedVpc: khServicesVpc?.vpcId || 'VPC_NOT_FOUND',
AgentVpcAvailable: !!khServicesVpc ? 'true' : 'false',
});❓ Questions
- Is VPC sharing between Services officially supported in SST v2?
- Are there recommended patterns for shared infrastructure in SST v2?
- Should we use CDK constructs directly for VPC management?