fix(ec2): validate throughput property on EC2 instance block devices (#34571)

ozelalisen · web-flow · commit b31580a202ae · 2025-05-30T16:43:43.000Z
### Issue # (if applicable) Closes #34033. ### Reason for this change The throughput property for GP3 volumes is not supported on EC2 instances and only works with Launch Templates. This causes confusion for users who try to set throughput on EC2 instance block devices, as the property is silently ignored. ### Description of changes Added synthesis-time validation in the instanceBlockDeviceMappings function to detect when throughput is specified for an EBS volume on an EC2 instance. The validation throws a clear error message directing users to use Launch Templates instead. ### Describe any new or updated permissions being added No new or updated IAM permissions are needed. ### Description of how you validated changes Added a unit test that verifies the validation works correctly by attempting to create an EC2 instance with a GP3 volume that has throughput specified and confirming that the expected error message is thrown. ### Checklist • [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/aws-cdk-lib/aws-ec2/lib/private/ebs-util.ts b/packages/aws-cdk-lib/aws-ec2/lib/private/ebs-util.ts
@@ -4,6 +4,14 @@ import { CfnInstance, CfnLaunchTemplate } from '../ec2.generated';
 import { BlockDevice, EbsDeviceVolumeType } from '../volume';
 
 export function instanceBlockDeviceMappings(construct: Construct, blockDevices: BlockDevice[]): CfnInstance.BlockDeviceMappingProperty[] {
+  for (const blockDevice of blockDevices) {
+    if (blockDevice.volume.ebsDevice?.throughput !== undefined) {
+      Annotations.of(construct).addWarningV2('@aws-cdk/aws-ec2:throughputNotSupported',
+        'The throughput property is not supported on EC2 instances. Use a Launch Template instead. ' +
+          'See https://github.com/aws/aws-cdk/issues/34033 for more information.',
+      );
+    }
+  }
   return synthesizeBlockDeviceMappings<CfnInstance.BlockDeviceMappingProperty, object>(construct, blockDevices, {});
 }
 
diff --git a/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts b/packages/aws-cdk-lib/aws-ec2/test/instance.test.ts
@@ -347,6 +347,26 @@ describe('instance', () => {
       });
     });
 
+    test('warns if throughput is specified for an EBS volume', () => {
+      // WHEN
+      new Instance(stack, 'Instance', {
+        vpc,
+        machineImage: new AmazonLinuxImage(),
+        instanceType: InstanceType.of(InstanceClass.T3, InstanceSize.LARGE),
+        blockDevices: [{
+          deviceName: 'ebs',
+          volume: BlockDeviceVolume.ebs(15, {
+            deleteOnTermination: true,
+            encrypted: true,
+            volumeType: EbsDeviceVolumeType.GP3,
+            throughput: 125,
+          }),
+        }],
+      });
+      // THEN
+      Annotations.fromStack(stack).hasWarning('/Default/Instance', Match.stringLikeRegexp('The throughput property is not supported on EC2 instances. Use a Launch Template instead'));
+    });
+
     test('throws if ephemeral volumeIndex < 0', () => {
       // THEN
       expect(() => {
