From 5d098ea4ad9ab9c0d1378796f19eabb7b92e9d80 Mon Sep 17 00:00:00 2001
From: go-to-k <24818752+go-to-k@users.noreply.github.com>
Date: Mon, 8 Jan 2024 03:18:59 +0900
Subject: [PATCH] change for determineNatGatewayCount

---
 packages/aws-cdk-lib/aws-ec2/lib/vpc.ts       |  2 +-
 packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts | 33 +++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts
index 8316885e9cc7c..b2ea4e3547e49 100644
--- a/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts
+++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts
@@ -2403,7 +2403,7 @@ class ImportedSubnet extends Resource implements ISubnet, IPublicSubnet, IPrivat
 function determineNatGatewayCount(requestedCount: number | undefined, subnetConfig: SubnetConfiguration[], azCount: number) {
   const hasPrivateSubnets = subnetConfig.some(c => (c.subnetType === SubnetType.PRIVATE_WITH_EGRESS
     || c.subnetType === SubnetType.PRIVATE || c.subnetType === SubnetType.PRIVATE_WITH_NAT) && !c.reserved);
-  const hasPublicSubnets = subnetConfig.some(c => c.subnetType === SubnetType.PUBLIC);
+  const hasPublicSubnets = subnetConfig.some(c => c.subnetType === SubnetType.PUBLIC && !c.reserved);
   const hasCustomEgress = subnetConfig.some(c => c.subnetType === SubnetType.PRIVATE_WITH_EGRESS);
 
   const count = requestedCount !== undefined ? Math.min(requestedCount, azCount) : (hasPrivateSubnets ? azCount : 0);
diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts
index db7f989dcb236..e52bf88b8a1c6 100644
--- a/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts
+++ b/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts
@@ -399,6 +399,39 @@ describe('vpc', () => {
 
     });
 
+    test('with no public subnets and natGateways > 0, should throw an error', () => {
+      const stack = getTestStack();
+      expect(() => new Vpc(stack, 'TheVPC', {
+        subnetConfiguration: [
+          {
+            subnetType: SubnetType.PRIVATE_WITH_EGRESS,
+            name: 'egress',
+          },
+        ],
+        natGateways: 1,
+      })).toThrow(/If you configure PRIVATE subnets in 'subnetConfiguration', you must also configure PUBLIC subnets to put the NAT gateways into \(got \[{"subnetType":"Private","name":"egress"}\]./);
+
+    });
+
+    test('with only reserved subnets as public subnets and natGateways > 0, should throw an error', () => {
+      const stack = getTestStack();
+      expect(() => new Vpc(stack, 'TheVPC', {
+        subnetConfiguration: [
+          {
+            subnetType: SubnetType.PUBLIC,
+            name: 'public',
+            reserved: true,
+          },
+          {
+            subnetType: SubnetType.PRIVATE_WITH_EGRESS,
+            name: 'egress',
+          },
+        ],
+        natGateways: 1,
+      })).toThrow(/If you configure PRIVATE subnets in 'subnetConfiguration', you must also configure PUBLIC subnets to put the NAT gateways into \(got \[{"subnetType":"Public","name":"public","reserved":true},{"subnetType":"Private","name":"egress"}\]./);
+
+    });
+
     test('with subnets and reserved subnets defined, VPC subnet count should not contain reserved subnets ', () => {
       const stack = getTestStack();
       new Vpc(stack, 'TheVPC', {