terraform-aws-vpc icon indicating copy to clipboard operation
terraform-aws-vpc copied to clipboard

Published 20 hours ago verified publisher icon aws-ia

determanistic subnet cidr calculation

Open ivan-aws opened this issue 1 year ago • 3 comments

when updating the az_count, i noticed that not all subnet cidr range calculations are deterministic. after changing the value from 1 to 2, for one of the subnets terraform triggered a replacement, as the cidr range changed:

      ~ cidr_block                                     = "10.32.0.64/28" -> "10.32.0.128/28" # forces replacement

this is less than ideal, as there are already network interfaces deployed into the subnet

ivan-aws avatar Oct 30 '23 13:10 ivan-aws

Hi! Thanks for opening this issue and for your feedback!

We are aware of this situation and documented a fix. https://github.com/aws-ia/terraform-aws-vpc#updating-a-vpc-with-new-or-removed-subnets

Atm there are not great functions for cidr calculation that can prevent this. Although custom provider functions could help in the future.

Hope this helps. If you have other feedback please let us know!

drewmullen avatar Nov 02 '23 20:11 drewmullen

I'm using IPAM, so the cidr_blocks aren't known in advance. The suggested fix won't work in this scenario.

bobdoah avatar Feb 12 '24 10:02 bobdoah

For ipam You can request specific cidrs from ipam. It will work the same way as mentioned above just also reference the ipam pool id

I plan to perform a major update to this module once the ipam subnet values are added to the provider: https://github.com/hashicorp/terraform-provider-aws/issues/34615

drewmullen avatar Feb 12 '24 11:02 drewmullen