diff --git a/examples/basic/main.tf b/examples/basic/main.tf index bae5dab..bfd6ffd 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -1,11 +1,17 @@ +# this is given for reference, in most cases you will want to set the region using environment variables +# provider "aws" { +# region = "us-west-1" +# } +# AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively) module "TestBasic" { source = "../../" owner = "terraform-ci@suse.com" vpc_name = "terraform-aws-access-test-basic" - vpc_cidr = "10.0.0.0/16" + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 subnet_name = "terraform-aws-access-test-basic" - subnet_cidr = "10.0.0.0/24" + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 + availability_zone = "us-west-1b" # check what availability zones are available in your region before setting this security_group_name = "terraform-aws-access-test-basic" security_group_type = "egress" public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key diff --git a/main.tf b/main.tf index f2d675b..6e92e78 100644 --- a/main.tf +++ b/main.tf @@ -5,8 +5,9 @@ locals { vpc_name = var.vpc_name vpc_cidr = var.vpc_cidr # create when cidr is given, otherwise select with name - subnet_name = var.subnet_name - subnet_cidr = var.subnet_cidr # create when cidr is given, otherwise select with name + subnet_name = var.subnet_name + subnet_cidr = var.subnet_cidr # create when cidr is given, otherwise select with name + subnet_availability_zone = var.availability_zone # only used when creating security_group_name = var.security_group_name security_group_type = var.security_group_type # create when type is given, otherwise select with name @@ -28,11 +29,12 @@ module "vpc" { } module "subnet" { - source = "./modules/subnet" - name = local.subnet_name - cidr = local.subnet_cidr - vpc_id = module.vpc.id - owner = local.owner + source = "./modules/subnet" + name = local.subnet_name + cidr = local.subnet_cidr + vpc_id = module.vpc.id + owner = local.owner + availability_zone = local.subnet_availability_zone } module "security_group" { diff --git a/modules/subnet/main.tf b/modules/subnet/main.tf index 8c2d483..7f28c07 100644 --- a/modules/subnet/main.tf +++ b/modules/subnet/main.tf @@ -1,10 +1,11 @@ locals { - select = (var.cidr == "" ? 1 : 0) - create = (var.cidr != "" ? 1 : 0) - name = var.name - cidr = var.cidr - vpc_id = var.vpc_id - owner = var.owner + select = (var.cidr == "" ? 1 : 0) + create = (var.cidr != "" ? 1 : 0) + name = var.name + cidr = var.cidr + vpc_id = var.vpc_id + owner = var.owner + availability_zone = var.availability_zone } data "aws_subnet" "selected" { @@ -15,9 +16,10 @@ data "aws_subnet" "selected" { } } resource "aws_subnet" "new" { - count = local.create - vpc_id = local.vpc_id - cidr_block = local.cidr + count = local.create + vpc_id = local.vpc_id + cidr_block = local.cidr + availability_zone = local.availability_zone tags = { Name = local.name Owner = local.owner diff --git a/modules/subnet/variables.tf b/modules/subnet/variables.tf index a7b6436..17d6b20 100644 --- a/modules/subnet/variables.tf +++ b/modules/subnet/variables.tf @@ -28,3 +28,12 @@ variable "owner" { EOT default = "" } +variable "availability_zone" { + type = string + description = <<-EOT + The availability zone to create the subnet in. + This is the name of the availability zone, not the AWS unique id. + For example "us-east-1a" or "us-east-1b" not "use1-az1" or "use1-az2". + EOT + default = "" +} diff --git a/variables.tf b/variables.tf index 493c073..03beedd 100644 --- a/variables.tf +++ b/variables.tf @@ -23,6 +23,10 @@ variable "vpc_cidr" { This value sets the default private IP space for the created VPC. VPCs generated with this module automatically give Amazon supplied public addresses to ec2 instances via an internet gateway. Access to the ec2 instances is then controlled by the security group. + WARNING: AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively). + This means that every VPC has 5 IP addresses that cannot be assigned to subnets, and every subnet assigned has 5 IP addresses that cannot be used. + If you attempt to generate a VPC that has no usable addresses you will get an "invalid CIDR" error from AWS. + If you attempt to generate a subnet that uses one of the addresses reserved by AWS in the VPC's CIDR, you will get an "invalid CIDR" error from AWS. EOT default = "" } @@ -48,6 +52,21 @@ variable "subnet_cidr" { This cidr must be within the IP bounds of the vpc_cidr. If this is specified, then a subnet will be created. If this isn't specified, then the module will attempt to find a subnet with the given name. + WARNING: AWS reserves the first four IP addresses and the last IP address in any CIDR block for its own use (cumulatively). + This means that every VPC has 5 IP addresses that cannot be assigned to subnets, and every subnet assigned has 5 IP addresses that cannot be used. + If you attempt to generate a subnet that has no usable addresses you will get an "invalid CIDR" error from AWS. + If you attempt to generate a subnet that uses one of the addresses reserved by AWS in the VPC's CIDR, you will get an "invalid CIDR" error from AWS. + EOT + default = "" +} +variable "availability_zone" { + type = string + description = <<-EOT + The availability zone to create the subnet in. + This is the name of the availability zone, not the AWS unique id. + For example "us-east-1a" or "us-east-1b" not "use1-az1" or "use1-az2". + This is required when creating a subnet, but not when selecting a subnet. + Any servers created in this subnet will be created in this availability zone. EOT default = "" }