From 40ac98713031c25e74046ca8ec0ad5ee33102cd4 Mon Sep 17 00:00:00 2001
From: go-to-k <24818752+go-to-k@users.noreply.github.com>
Date: Mon, 8 Jan 2024 01:33:29 +0900
Subject: [PATCH] fix(ec2): internet gateway is created even if public subnets
 are reserved

---
 packages/aws-cdk-lib/aws-ec2/lib/vpc.ts       |  2 +-
 packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts | 20 +++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts
index c5f03e5f21df6..8316885e9cc7c 100644
--- a/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts
+++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts
@@ -1491,7 +1491,7 @@ export class Vpc extends VpcBase {
 
     const createInternetGateway = props.createInternetGateway ?? true;
     const allowOutbound = this.subnetConfiguration.filter(
-      subnet => (subnet.subnetType !== SubnetType.PRIVATE_ISOLATED && subnet.subnetType !== SubnetType.ISOLATED)).length > 0;
+      subnet => (subnet.subnetType !== SubnetType.PRIVATE_ISOLATED && subnet.subnetType !== SubnetType.ISOLATED && !subnet.reserved)).length > 0;
 
     // Create an Internet Gateway and attach it if necessary
     if (allowOutbound && createInternetGateway) {
diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts
index a76e2be2a6d73..6a2129a92f799 100644
--- a/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts
+++ b/packages/aws-cdk-lib/aws-ec2/test/vpc.test.ts
@@ -379,6 +379,26 @@ describe('vpc', () => {
 
     });
 
+    test('with reserved public subnets, should not create the internet gateway', () => {
+      const stack = getTestStack();
+      const vpc = new Vpc(stack, 'TheVPC', {
+        subnetConfiguration: [
+          {
+            subnetType: SubnetType.PRIVATE_ISOLATED,
+            name: 'isolated',
+          },
+          {
+            subnetType: SubnetType.PUBLIC,
+            name: 'public',
+            reserved: true,
+          },
+        ],
+      });
+      Template.fromStack(stack).resourceCountIs('AWS::EC2::InternetGateway', 0);
+      Template.fromStack(stack).resourceCountIs('AWS::EC2::VPCGatewayAttachment', 0);
+
+    });
+
     test('with subnets and reserved subnets defined, VPC subnet count should not contain reserved subnets ', () => {
       const stack = getTestStack();
       new Vpc(stack, 'TheVPC', {