aws/aws-cdk

(aws-ec2): RouterType.GATEWAY comment is misleading - it also supports Virtual Private Gateway

Open

#37632 opened on Apr 18, 2026

View on GitHub
 (3 comments) (1 reaction) (0 assignees)TypeScript (10,710 stars) (3,530 forks)batch import
@aws-cdk/aws-ec2effort/smallfeature-requestgood first issuep3

Description

Describe the feature

The doc comment on RouterType.GATEWAY only mentions "Internet Gateway", but the underlying CloudFormation GatewayId property actually accepts both an Internet Gateway ID and a Virtual Private Gateway ID. This makes the API misleading for users who want to add a route targeting a VGW.

https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-ec2/lib/vpc.ts#L2402-L2405

CloudFormation reference: The AWS::EC2::Route documentation states that GatewayId is:

The ID of an internet gateway or virtual private gateway attached to your VPC.

Use Case

When defining a route on a subnet using addRoute() (or creating a CfnRoute via the higher-level API), RouterType is used to specify the target router. For example, when connecting an on-premises network to a VPC via a Virtual Private Gateway, users need to add a route that targets the VGW

(vpc.privateSubnets[0] as ec2.Subnet).addRoute('VgwRoute', {
  routerId: vpnGateway.gatewayId,
  routerType: ec2.RouterType.GATEWAY, // ← works for VGW too, but the comment says only "Internet Gateway"
  destinationCidrBlock: '10.1.0.0/16',
});

Proposed Solution

export enum RouterType {
  /**
   * Internet Gateway or Virtual Private Gateway
   */
  GATEWAY = 'Gateway',
...
}

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

AWS CDK Library version (aws-cdk-lib)

aws-cdk-lib@2.250.0

AWS CDK CLI version

2.1115.1 (build e979d8d)

Environment details (OS name and version, etc.)

OS wsl Ubuntu24.04

Contributor guide

Tech stack
typescriptaws
Domain
documentationcloud
Issue type
documentation
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
1
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
under 1 hour
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
fresh
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
TypeScriptAWS CDK basicsVPC concepts
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
90
Research direction
The issue is in the file packages/aws cdk lib/aws ec2/lib/vpc.ts around line 2402, where the comment on RouterType.GATEWAY only mentions 'Internet Gateway'. The proposed solution is to update the comment to 'Internet Gateway or Virtual Private Gateway' to match the CloudFormation property GatewayId. The CloudFormation documentation confirms that GatewayId accepts both internet and virtual private gateway IDs. No linked PRs or blockers exist; the fix is straightforward and localized.