feat(ec2-alpha): adding imports for SubnetV2 and VpcV2(WIP) (#31765)

### Issue # (if applicable)

Tracking #30762.

### Reason for this change

Allow users to define imports for a VPC or subnet defined outside current stack definition.

### Description of changes

- Added new methods under VpcV2 and Subnet
`VpcV2.fromVpcV2Attributes()` and `SubnetV2.fromSubnetV2Attributes()` 

- Added new L2 for VPCCidrBlock to allow import of secondary addresses.
`VPCCidrBlock`

- Added new integration test and unit test file to check import related functionality.

- Updated Readme.

- Fixed an earlier issue with subnet range check, fixed to include IPAM defined IPv4 address as well

### Description of how you validated changes

Deployed and tested for below scenarios in account: 

1. Import a VPC with primary IPv4 
2. Import a subnet with primary IPv4 
3. Import a VPC with multiple secondary IPv4 
4. Import a VPC with Amazon provided IPV6 
5. Import a VPC with Ipam provided IPv6/IPv4 
7. Import subnet individually using fromSubnetV2attributes
8. Imported different type of multiple subnets
9. Add gateways/endpoint to imported vpc

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)



BREAKING CHANGE: The new `VpcCidrBlock` L2 construct replaces `CfnVPCCidrBlock`. This change alters the logical ID of `AWS::EC2::VPCCidrBlock` resources in CloudFormation templates. Existing deployments will see errors like `CIDR range conflicts with x.xx.xx.xx/xx with association ID vpc-cidr-assoc-ABCD`. To resolve this, you must recreate your existing stacks to use the new module.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: mergify[bot]

packages/@aws-cdk/aws-ec2-alpha/README.md

@@ -37,8 +37,6 @@ new VpcV2(this, 'Vpc', {
 
 `VpcV2` does not automatically create subnets or allocate IP addresses, which is different from the `Vpc` construct.
 
-Importing existing VPC in an account into CDK as a `VpcV2` is not yet supported.
-
 ## SubnetV2
 
 `SubnetV2` is a re-write of the [`ec2.Subnet`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Subnet.html) construct.
@@ -62,8 +60,6 @@ new SubnetV2(this, 'subnetA', {
 })
 ```
 
-Same as `VpcV2`, importing existing subnets is not yet supported.
-
 ## IP Addresses Management
 
 By default `VpcV2` uses `10.0.0.0/16` as the primary CIDR if none is defined. 
@@ -366,3 +362,135 @@ myVpc.addInternetGateway({
   ipv4Destination: '192.168.0.0/16',
 });
 ```
+
+## Importing an existing VPC
+
+You can import an existing VPC and its subnets using the `VpcV2.fromVpcV2Attributes()` method or an individual subnet using `SubnetV2.fromSubnetV2Attributes()` method.
+
+### Importing a VPC
+
+To import an existing VPC, use the `VpcV2.fromVpcV2Attributes()` method. You'll need to provide the VPC ID, primary CIDR block, and information about the subnets. You can import secondary address as well created through IPAM, BYOIP(IPv4) or enabled through Amazon Provided IPv6. You must provide VPC Id and its primary CIDR block for importing it.
+
+If you wish to add a new subnet to imported VPC, new subnet's IP range(IPv4) will be validated against provided secondary and primary address block to confirm that it is within the the range of VPC.
+
+Here's an example of importing a VPC with only the required parameters
+
+``` ts
+
+const stack = new Stack();
+
+const importedVpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', {
+      vpcId: 'mockVpcID',
+      vpcCidrBlock: '10.0.0.0/16',
+});
+
+```
+
+In case of cross account or cross region VPC, its recommended to provide region and ownerAccountId so that these values for the VPC can be used to populate correct arn value for the VPC. If a VPC region and account ID is not provided, then region and account configured in the stack will be used. Furthermore, these fields will be referenced later while setting up VPC peering connection, so its necessary to set these fields to a correct value.
+
+Below is an example of importing a cross region and cross acount VPC, VPC arn for this case would be 'arn:aws:ec2:us-west-2:123456789012:vpc/mockVpcID'
+
+``` ts
+
+const stack = new Stack();
+
+//Importing a cross acount or cross region VPC
+const importedVpc = VpcV2.fromVpcV2Attributes(stack, 'ImportedVpc', {
+      vpcId: 'mockVpcID',
+      vpcCidrBlock: '10.0.0.0/16',
+      ownerAccountId: '123456789012',
+      region: 'us-west-2',
+});
+
+```
+
+Here's an example of how to import a VPC with multiple CIDR blocks, IPv6 support, and different subnet types:
+
+In this example, we're importing a VPC with:
+
+ - A primary CIDR block (10.1.0.0/16)
+ - One secondary IPv4 CIDR block (10.2.0.0/16)
+ - Two secondary address using IPAM pool (IPv4 and IPv6)
+ - VPC has Amazon-provided IPv6 CIDR enabled
+ - An isolated subnet in us-west-2a
+ - A public subnet in us-west-2b
+
+```ts
+
+const stack = new Stack();
+
+const importedVpc = VpcV2.fromVpcV2Attributes(this, 'ImportedVPC', {
+  vpcId: 'vpc-XXX',
+  vpcCidrBlock: '10.1.0.0/16',
+  secondaryCidrBlocks: [
+    {
+      cidrBlock: '10.2.0.0/16',
+      cidrBlockName: 'ImportedBlock1',
+    },
+    {
+      ipv6IpamPoolId: 'ipam-pool-XXX',
+      ipv6NetmaskLength: 52,
+      cidrBlockName: 'ImportedIpamIpv6',
+    },
+    {
+      ipv4IpamPoolId: 'ipam-pool-XXX',
+      ipv4IpamProvisionedCidrs: ['10.2.0.0/16'],
+      cidrBlockName: 'ImportedIpamIpv4',
+    },
+    {
+      amazonProvidedIpv6CidrBlock: true,
+    }
+  ],
+  subnets: [{
+    subnetName: 'IsolatedSubnet2',
+    subnetId: 'subnet-03cd773c0fe08ed26',
+    subnetType: SubnetType.PRIVATE_ISOLATED,
+    availabilityZone: 'us-west-2a',
+    ipv4CidrBlock: '10.2.0.0/24',
+    routeTableId: 'rtb-0871c310f98da2cbb',
+  },
+  {
+    subnetId: 'subnet-0fa477e01db27d820',
+    subnetType: SubnetType.PUBLIC,
+    availabilityZone: 'us-west-2b',
+    ipv4CidrBlock: '10.3.0.0/24',
+    routeTableId: 'rtb-014f3043098fe4b96',
+  }],
+});
+
+// You can now use the imported VPC in your stack
+
+// Adding a new subnet to the imported VPC
+const importedSubnet = new SubnetV2(this, 'NewSubnet', {
+  availabilityZone: 'us-west-2a',
+  ipv4CidrBlock: new IpCidr('10.2.2.0/24'),
+  vpc: importedVpc,
+  subnetType: SubnetType.PUBLIC,
+});
+
+// Adding gateways to the imported VPC
+importedVpc.addInternetGateway();
+importedVpc.addNatGateway({ subnet: importedSubnet });
+importedVpc.addEgressOnlyInternetGateway();
+```
+
+You can add more subnets as needed by including additional entries in the `isolatedSubnets`, `publicSubnets`, or other subnet type arrays (e.g., `privateSubnets`).
+
+### Importing Subnets
+
+You can also import individual subnets using the `SubnetV2.fromSubnetV2Attributes()` method. This is useful when you need to work with specific subnets independently of a VPC.
+
+Here's an example of how to import a subnet:
+
+```ts
+
+SubnetV2.fromSubnetV2Attributes(this, 'ImportedSubnet', {
+  subnetId: 'subnet-0123456789abcdef0',
+  availabilityZone: 'us-west-2a',
+  ipv4CidrBlock: '10.2.0.0/24',
+  routeTableId: 'rtb-0871c310f98da2cbb',
+  subnetType: SubnetType.PRIVATE_ISOLATED,
+});
+```
+
+By importing existing VPCs and subnets, you can easily integrate your existing AWS infrastructure with new resources created through CDK. This is particularly useful when you need to work with pre-existing network configurations or when you're migrating existing infrastructure to CDK.

packages/@aws-cdk/aws-ec2-alpha/awslint.json

@@ -1,8 +1,6 @@
 {
     "exclude": [
-      "from-method:@aws-cdk/aws-ec2-alpha.VpcV2",
       "attribute-tag:@aws-cdk/aws-ec2-alpha.RouteTable.routeTableId",
-      "from-method:@aws-cdk/aws-ec2-alpha.SubnetV2",
       "from-method:@aws-cdk/aws-ec2-alpha.Route"
     ]
 }

packages/@aws-cdk/aws-ec2-alpha/lib/ipam.ts

@@ -92,7 +92,7 @@ export enum IpamScopeType {
  *
  * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipampool.html
  */
-export interface PoolOptions{
+export interface PoolOptions {
 
   /**
    * addressFamily - The address family of the pool (ipv4 or ipv6).
@@ -180,7 +180,7 @@ export interface IpamPoolCidrProvisioningOptions {
 /**
  * Definition used to add or create a new IPAM pool
  */
-export interface IIpamPool{
+export interface IIpamPool {
   /**
  * Pool ID to be passed to the VPC construct
  * @attribute IpamPoolId
@@ -192,6 +192,12 @@ export interface IIpamPool{
    */
   readonly ipamCidrs: CfnIPAMPoolCidr[];
 
+  /**
+   * Pool CIDR for IPv4 to be provisioned using IPAM
+   * Required to check for subnet IP range is within the VPC range
+   */
+  readonly ipamIpv4Cidrs?: string[];
+
   /**
    * Function to associate a IPv6 address with IPAM pool
    */
@@ -315,6 +321,12 @@ class IpamPool extends Resource implements IIpamPool {
    */
   public readonly ipamCidrs: CfnIPAMPoolCidr[] = []
 
+  /**
+   * Pool CIDR for IPv4 to be provisioned using IPAM
+   * Required to check for subnet IP range is within the VPC range
+   */
+  public readonly ipamIpv4Cidrs: string[] = []
+
   /**
    * Reference to ipamPool resource created in this class
    */
@@ -340,6 +352,9 @@ class IpamPool extends Resource implements IIpamPool {
       awsService: props.awsService,
     });
     this.ipamPoolId = this._ipamPool.attrIpamPoolId;
+
+    // Populating to check for subnet range against all IPv4 ranges assigned to VPC including IPAM
+    props.ipv4ProvisionedCidrs?.map(cidr => (this.ipamIpv4Cidrs.push(cidr)));
     this.node.defaultChild = this._ipamPool;
   }