Expand description
Default-VPC bootstrap.
Every real AWS account has, per region, a default VPC (172.31.0.0/16)
with an attached internet gateway, a main route table that sends
0.0.0.0/0 at the gateway, one default subnet per Availability Zone, a
default security group, and a default network ACL. Callers that never
touch the VPC APIs (the common case — RunInstances with no SubnetId)
still expect their instances to land in that default VPC and come back from
DescribeInstances with a real vpc-… / subnet-….
fakecloud builds the same fixtures the first time an account’s EC2 state is
constructed (Ec2State::new). The resource
ids are deterministic functions of the account id and a role string
(region-independent — see [deterministic_id]), so the throwaway empty
states that the read paths synthesize as a “not found” fallback report the
same ids as the persisted account state regardless of the caller’s region.
Per-VPC packet isolation (issue #1745 phase 2+) keys off this topology: a
subnet whose route table has a 0.0.0.0/0 -> igw-… route is public and gets
a routable backing network; a subnet without one is private (internal).