fix(ec2-alpha): fix resource id references and tags for migration behind feature flag (#34377)

### Issue # (if applicable)

Closes NA.

### Reason for this change

Align resource ids and tag changes in Subnetv2 and VPCv2 constructs to allow a migration path for customers.

### Description of changes

- Add a new feature flag to keep the resource reference same as VPCv1 and prevent replacement of resources.
- Change id references from `Get::Att` to `Ref` for VPC, RouteTargetId, NatGW, IGW and RouteTable.
- Align subnet and IGW tag.

### Describe any new or updated permissions being added

NA


### Description of how you validated changes

Added unit test and integration test

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: shikha372

packages/@aws-cdk/aws-ec2-alpha/lib/route.ts

@@ -1,10 +1,11 @@
 import { CfnEIP, CfnEgressOnlyInternetGateway, CfnInternetGateway, CfnNatGateway, CfnVPCPeeringConnection, CfnRoute, CfnRouteTable, CfnVPCGatewayAttachment, CfnVPNGateway, CfnVPNGatewayRoutePropagation, GatewayVpcEndpoint, IRouteTable, IVpcEndpoint, RouterType } from 'aws-cdk-lib/aws-ec2';
 import { Construct, IDependable } from 'constructs';
-import { Annotations, Duration, IResource, Resource, Tags, ValidationError } from 'aws-cdk-lib/core';
+import { Annotations, Duration, FeatureFlags, IResource, Resource, Tags, ValidationError } from 'aws-cdk-lib/core';
 import { IVpcV2, VPNGatewayV2Options } from './vpc-v2-base';
 import { NetworkUtils, allRouteTableIds, CidrBlock } from './util';
 import { ISubnetV2 } from './subnet-v2';
 import { addConstructMetadata, MethodMetadata } from 'aws-cdk-lib/core/lib/metadata-resource';
+import { cx_api } from 'aws-cdk-lib';
 
 /**
  * Indicates whether the NAT gateway supports public or private connectivity.
@@ -289,13 +290,18 @@ export class InternetGateway extends Resource implements IRouteTarget {
     this.resource = new CfnInternetGateway(this, 'IGW', {});
     this.node.defaultChild = this.resource;
 
-    this.routerTargetId = this.resource.attrInternetGatewayId;
+    this.routerTargetId = FeatureFlags.of(this).isEnabled(cx_api.USE_RESOURCEID_FOR_VPCV2_MIGRATION) ?
+      this.resource.ref : this.resource.attrInternetGatewayId;
     this.vpcId = props.vpc.vpcId;
 
     if (props.internetGatewayName) {
       Tags.of(this).add(NAME_TAG, props.internetGatewayName);
     }
 
+    if (props.vpc.vpcName) {
+      Tags.of(this).add('Name', props.vpc.vpcName);
+    }
+
     new CfnVPCGatewayAttachment(this, 'GWAttachment', {
       vpcId: this.vpcId,
       internetGatewayId: this.routerTargetId,
@@ -426,6 +432,11 @@ export class NatGateway extends Resource implements IRouteTarget {
    */
   public readonly resource: CfnNatGateway;
 
+  /**
+   * Elastic IP created for allocation
+   */
+  public readonly eip?: CfnEIP;
+
   constructor(scope: Construct, id: string, props: NatGatewayProps) {
     super(scope, id);
     // Enhanced CDK Analytics Telemetry
@@ -450,10 +461,10 @@ export class NatGateway extends Resource implements IRouteTarget {
     var aId: string | undefined;
     if (this.connectivityType === NatConnectivityType.PUBLIC) {
       if (!props.allocationId) {
-        let eip = new CfnEIP(this, 'EIP', {
+        this.eip = new CfnEIP(this, 'EIP', {
           domain: 'vpc',
         });
-        aId = eip.attrAllocationId;
+        aId = this.eip.attrAllocationId;
       } else {
         aId = props.allocationId;
       }
@@ -466,11 +477,14 @@ export class NatGateway extends Resource implements IRouteTarget {
       secondaryAllocationIds: props.secondaryAllocationIds,
       ...props,
     });
-    this.natGatewayId = this.resource.attrNatGatewayId;
+    this.natGatewayId = FeatureFlags.of(this).isEnabled(cx_api.USE_RESOURCEID_FOR_VPCV2_MIGRATION) ?
+      this.resource.ref : this.resource.attrNatGatewayId;
+
+    this.routerTargetId = FeatureFlags.of(this).isEnabled(cx_api.USE_RESOURCEID_FOR_VPCV2_MIGRATION) ?
+      this.resource.ref : this.resource.attrNatGatewayId;
 
-    this.routerTargetId = this.resource.attrNatGatewayId;
     this.node.defaultChild = this.resource;
-    this.node.addDependency(props.subnet.internetConnectivityEstablished);
+    this.resource.node.addDependency(props.subnet.internetConnectivityEstablished);
   }
 }
 
@@ -809,7 +823,8 @@ export class RouteTable extends Resource implements IRouteTable {
     }
     this.node.defaultChild = this.resource;
 
-    this.routeTableId = this.resource.attrRouteTableId;
+    this.routeTableId = FeatureFlags.of(this).isEnabled(cx_api.USE_RESOURCEID_FOR_VPCV2_MIGRATION) ?
+      this.resource.ref : this.resource.attrRouteTableId;
   }
 
   /**

packages/@aws-cdk/aws-ec2-alpha/lib/subnet-v2.ts

@@ -2,7 +2,7 @@ import { Resource, Names, Lazy, Tags, Token, ValidationError, UnscopedValidation
 import { CfnSubnet, CfnSubnetRouteTableAssociation, INetworkAcl, IRouteTable, ISubnet, NetworkAcl, SubnetNetworkAclAssociation, SubnetType } from 'aws-cdk-lib/aws-ec2';
 import { Construct, DependencyGroup, IDependable } from 'constructs';
 import { IVpcV2 } from './vpc-v2-base';
-import { CidrBlock, CidrBlockIpv6 } from './util';
+import { CidrBlock, CidrBlockIpv6, defaultSubnetName } from './util';
 import { RouteTable } from './route';
 import { addConstructMetadata, MethodMetadata } from 'aws-cdk-lib/core/lib/metadata-resource';
 
@@ -28,14 +28,14 @@ export class IpCidr implements ICidr {
 }
 
 /**
- * Name tag constant
+ * VPC Name tag constant
  */
-const NAME_TAG: string = 'Name';
+const SUBNETTYPE_TAG = 'aws-cdk:subnet-type';
 
 /**
- * VPC Name tag constant
+ * Subnet Name tag constant
  */
-const VPCNAME_TAG: string = 'VpcName';
+const SUBNETNAME_TAG = 'aws-cdk:subnet-name';
 
 /**
  * Properties to define subnet for VPC.
@@ -71,6 +71,13 @@ export interface SubnetV2Props {
    */
   readonly routeTable?: IRouteTable;
 
+  /**
+   * Name of the default RouteTable created by CDK to be used for tagging
+   *
+   * @default - default route table name created by CDK as 'DefaultCDKRouteTable'
+   */
+  readonly defaultRouteTableName ?: string;
+
   /**
    * The type of Subnet to configure.
    *
@@ -307,21 +314,20 @@ export class SubnetV2 extends Resource implements ISubnetV2 {
 
     this._networkAcl = NetworkAcl.fromNetworkAclId(this, 'Acl', subnet.attrNetworkAclAssociationId);
 
+    const includeResourceTypes = [CfnSubnet.CFN_RESOURCE_TYPE_NAME];
     if (props.subnetName) {
-      Tags.of(this).add(NAME_TAG, props.subnetName);
-    }
-
-    if (props.vpc.vpcName) {
-      Tags.of(this).add(VPCNAME_TAG, props.vpc.vpcName);
+      Tags.of(subnet).add(SUBNETNAME_TAG, props.subnetName);
     }
+    const subnetTypeName = defaultSubnetName(props.subnetType) ?? 'undefined';
+    Tags.of(subnet).add(SUBNETTYPE_TAG, subnetTypeName, { includeResourceTypes });
 
     if (props.routeTable) {
       this._routeTable = props.routeTable;
     } else {
       // Assigning a default route table
       this._routeTable = new RouteTable(this, 'RouteTable', {
         vpc: props.vpc,
-        routeTableName: 'DefaultCDKRouteTable',
+        routeTableName: props.defaultRouteTableName ?? 'DefaultCDKRouteTable',
       });
     }
 

packages/@aws-cdk/aws-ec2-alpha/lib/util.ts

@@ -1,6 +1,21 @@
 /* eslint no-bitwise: ["error", { "allow": ["~", "|", "<<", "&"] }] */
 
-import { ISubnet } from 'aws-cdk-lib/aws-ec2';
+import { ISubnet, SubnetType } from 'aws-cdk-lib/aws-ec2';
+
+/**
+ * The default names for every subnet type
+ */
+export function defaultSubnetName(type: SubnetType) {
+  switch (type) {
+    case SubnetType.PUBLIC: return 'Public';
+    case SubnetType.PRIVATE_WITH_NAT:
+    case SubnetType.PRIVATE_WITH_EGRESS:
+      return 'Private';
+    case SubnetType.PRIVATE_ISOLATED:
+      return 'Isolated';
+  }
+  return undefined;
+}
 
 /**
  * Return a subnet name from its construct ID

packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2.ts

@@ -1,10 +1,10 @@
 import { CfnVPC, CfnVPCCidrBlock, DefaultInstanceTenancy, ISubnet, SubnetType } from 'aws-cdk-lib/aws-ec2';
-import { Arn, CfnResource, Lazy, Names, Resource, Tags } from 'aws-cdk-lib/core';
+import { Arn, CfnResource, FeatureFlags, Lazy, Names, Resource, Tags } from 'aws-cdk-lib/core';
 import { Construct, DependencyGroup, IDependable } from 'constructs';
 import { IpamOptions, IIpamPool } from './ipam';
 import { IVpcV2, VpcV2Base } from './vpc-v2-base';
 import { ISubnetV2, SubnetV2, SubnetV2Attributes } from './subnet-v2';
-import { region_info } from 'aws-cdk-lib';
+import { cx_api, region_info } from 'aws-cdk-lib';
 import { addConstructMetadata } from 'aws-cdk-lib/core/lib/metadata-resource';
 
 /**
@@ -521,7 +521,8 @@ export class VpcV2 extends VpcV2Base {
       this.ipv4CidrBlock = vpcOptions.ipv4CidrBlock;
     }
     this.ipv6CidrBlocks = this.resource.attrIpv6CidrBlocks;
-    this.vpcId = this.resource.attrVpcId;
+    this.vpcId = FeatureFlags.of(this).isEnabled(cx_api.USE_RESOURCEID_FOR_VPCV2_MIGRATION) ?
+      this.resource.ref : this.resource.attrVpcId;
     this.vpcArn = Arn.format({
       service: 'ec2',
       resource: 'vpc',