Merge pull request #6 from matttrach/add-az-to-sub

Add availability zone to subnet creation

examples/basic/main.tf

@@ -1,11 +1,17 @@
+# this is given for reference, in most cases you will want to set the region using environment variables
+# provider "aws" {
+#   region = "us-west-1"
+# }
 
+# AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively)
 module "TestBasic" {
   source              = "../../"
   owner               = "terraform-ci@suse.com"
   vpc_name            = "terraform-aws-access-test-basic"
-  vpc_cidr            = "10.0.0.0/16"
+  vpc_cidr            = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
   subnet_name         = "terraform-aws-access-test-basic"
-  subnet_cidr         = "10.0.0.0/24"
+  subnet_cidr         = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
+  availability_zone   = "us-west-1b"      # check what availability zones are available in your region before setting this
   security_group_name = "terraform-aws-access-test-basic"
   security_group_type = "egress"
   public_ssh_key      = var.key      # I don't normally recommend this, but it allows tests to supply their own key

main.tf

@@ -5,8 +5,9 @@ locals {
   vpc_name = var.vpc_name
   vpc_cidr = var.vpc_cidr # create when cidr is given, otherwise select with name
 
-  subnet_name = var.subnet_name
-  subnet_cidr = var.subnet_cidr # create when cidr is given, otherwise select with name
+  subnet_name              = var.subnet_name
+  subnet_cidr              = var.subnet_cidr       # create when cidr is given, otherwise select with name
+  subnet_availability_zone = var.availability_zone # only used when creating
 
   security_group_name = var.security_group_name
   security_group_type = var.security_group_type # create when type is given, otherwise select with name
@@ -28,11 +29,12 @@ module "vpc" {
 }
 
 module "subnet" {
-  source = "./modules/subnet"
-  name   = local.subnet_name
-  cidr   = local.subnet_cidr
-  vpc_id = module.vpc.id
-  owner  = local.owner
+  source            = "./modules/subnet"
+  name              = local.subnet_name
+  cidr              = local.subnet_cidr
+  vpc_id            = module.vpc.id
+  owner             = local.owner
+  availability_zone = local.subnet_availability_zone
 }
 
 module "security_group" {

modules/subnet/main.tf

@@ -1,10 +1,11 @@
 locals {
-  select = (var.cidr == "" ? 1 : 0)
-  create = (var.cidr != "" ? 1 : 0)
-  name   = var.name
-  cidr   = var.cidr
-  vpc_id = var.vpc_id
-  owner  = var.owner
+  select            = (var.cidr == "" ? 1 : 0)
+  create            = (var.cidr != "" ? 1 : 0)
+  name              = var.name
+  cidr              = var.cidr
+  vpc_id            = var.vpc_id
+  owner             = var.owner
+  availability_zone = var.availability_zone
 }
 
 data "aws_subnet" "selected" {
@@ -15,9 +16,10 @@ data "aws_subnet" "selected" {
   }
 }
 resource "aws_subnet" "new" {
-  count      = local.create
-  vpc_id     = local.vpc_id
-  cidr_block = local.cidr
+  count             = local.create
+  vpc_id            = local.vpc_id
+  cidr_block        = local.cidr
+  availability_zone = local.availability_zone
   tags = {
     Name  = local.name
     Owner = local.owner

modules/subnet/variables.tf

@@ -28,3 +28,12 @@ variable "owner" {
   EOT
   default     = ""
 }
+variable "availability_zone" {
+  type        = string
+  description = <<-EOT
+    The availability zone to create the subnet in.
+    This is the name of the availability zone, not the AWS unique id.
+    For example "us-east-1a" or "us-east-1b" not "use1-az1" or "use1-az2".
+  EOT
+  default     = ""
+}

variables.tf

@@ -23,6 +23,10 @@ variable "vpc_cidr" {
     This value sets the default private IP space for the created VPC.
     VPCs generated with this module automatically give Amazon supplied public addresses to ec2 instances via an internet gateway.
     Access to the ec2 instances is then controlled by the security group.
+    WARNING: AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively).
+    This means that every VPC has 5 IP addresses that cannot be assigned to subnets, and every subnet assigned has 5 IP addresses that cannot be used.
+    If you attempt to generate a VPC that has no usable addresses you will get an "invalid CIDR" error from AWS.
+    If you attempt to generate a subnet that uses one of the addresses reserved by AWS in the VPC's CIDR, you will get an "invalid CIDR" error from AWS.
   EOT
   default     = ""
 }
@@ -48,6 +52,21 @@ variable "subnet_cidr" {
     This cidr must be within the IP bounds of the vpc_cidr.
     If this is specified, then a subnet will be created.
     If this isn't specified, then the module will attempt to find a subnet with the given name.
+    WARNING: AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively).
+    This means that every VPC has 5 IP addresses that cannot be assigned to subnets, and every subnet assigned has 5 IP addresses that cannot be used.
+    If you attempt to generate a subnet that has no usable addresses you will get an "invalid CIDR" error from AWS.
+    If you attempt to generate a subnet that uses one of the addresses reserved by AWS in the VPC's CIDR, you will get an "invalid CIDR" error from AWS.
+  EOT
+  default     = ""
+}
+variable "availability_zone" {
+  type        = string
+  description = <<-EOT
+    The availability zone to create the subnet in.
+    This is the name of the availability zone, not the AWS unique id.
+    For example "us-east-1a" or "us-east-1b" not "use1-az1" or "use1-az2".
+    This is required when creating a subnet, but not when selecting a subnet.
+    Any servers created in this subnet will be created in this availability zone.
   EOT
   default     = ""
 }