terraform-aws-dynamic-subnets icon indicating copy to clipboard operation
terraform-aws-dynamic-subnets copied to clipboard

Published 20 hours ago verified publisher icon cloudposse

Database subnet creation (3 tier)

Open darkwizzarddude opened this issue 2 years ago • 6 comments

Have a question? Please checkout our Slack Community or visit our Slack Archive.

Slack Community

Describe the Feature

I do not think this will get approved and sure it has been asked before lol

Maybe an option to create a database layer? I feel it is pretty common and best practice in some situations. The third layer is a private subnet without the need for a nat. Maybe there is a way to do that in this module if so I can not figure it out :)

Expected Behavior

Allow for a third private subnet group to be created for databases or intranet.

Use Case

Databases need to be isolated from the application layer.

Describe Ideal Solution

Maybe something like database_subnets_enabled = true

Alternatives Considered

Use cloud posse Multi-AZ but then some nuances with the outputs while using the vpc endpoints module occur also more work haha, use the AWS Terraform VPC Module which supports database subnet creation (don't want to though :( )

Additional Context

Just a thought feel free to decline and close.

darkwizzarddude avatar Jun 16 '22 18:06 darkwizzarddude

Couldn't you simply consume the module twice, one with nat_gateway_enabled set to true and the data one set to false?

nitrocode avatar Jun 19 '22 12:06 nitrocode

I will give it a shot, I think I was running into an issue with the subnets when trying to consume twice.

Thanks for the response.

darkwizzarddude avatar Jun 19 '22 13:06 darkwizzarddude

If it works, then let's document it. If it does not work, let's figure it out, make the modifications, and then we can document. 😄

nitrocode avatar Jun 19 '22 14:06 nitrocode

So I gave it a shot and unless I am missing something seems the subnets are clashing. This is what I did for a quick test.

module "vpc" {
  source                  = "cloudposse/vpc/aws"
  version                 = "1.1.0"

  ipv4_primary_cidr_block = "10.70.0.0/16"
  assign_generated_ipv6_cidr_block = false

  context                          = module.this.context
}

module "subnets" {
  source = "cloudposse/dynamic-subnets/aws"
  version = "2.0.2"

  availability_zones       = ["us-east-2a", "us-east-2b"]
  vpc_id                   = module.vpc.vpc_id
  igw_id                   = [module.vpc.igw_id]
  ipv4_enabled             = true
  ipv4_cidr_block          = [module.vpc.vpc_cidr_block]
  nat_gateway_enabled      = true

  context = module.this.context
}

module "data_subnets" {
  source = "cloudposse/dynamic-subnets/aws"
  version = "2.0.2"

  attributes = ["data"]
  availability_zones       = ["us-east-2a", "us-east-2b"]
  vpc_id                   = module.vpc.vpc_id
  ipv4_enabled             = true
  ipv4_cidr_block          = [module.vpc.vpc_cidr_block]
  public_subnets_enabled = false
  nat_gateway_enabled      = false
  
  context = module.this.context
}

Seems the first subnet module runs fine but the data one does not. It generates errors such as:

│ Error: error creating EC2 Subnet: InvalidSubnet.Conflict: The CIDR '10.70.64.0/18' conflicts with another subnet

│ Error: error creating EC2 Subnet: InvalidSubnet.Conflict: The CIDR '10.70.0.0/18' conflicts with another subnet

darkwizzarddude avatar Jun 22 '22 13:06 darkwizzarddude

I'm also facing above issue ⬆️

azizzoaib786 avatar Jul 12 '22 13:07 azizzoaib786

We are not going to support this use case by adding even more inputs, however we welcome documentation about how to achieve the desired results with the current module.

@darkwizzarddude was on the right track, invoking this module twice. This point that was missed is that the module consumes as much of the VPC CIDR range as it can, so if you invoke it twice without doing something about that, you will get CIDR clashes.

I haven't tested it, but something like this should work:

module "vpc" {
  source                  = "cloudposse/vpc/aws"
  version                 = "1.1.0"

  ipv4_primary_cidr_block = "10.70.0.0/16"
  assign_generated_ipv6_cidr_block = false

  context                          = module.this.context
}

module "subnets" {
  source = "cloudposse/dynamic-subnets/aws"
  version = "2.0.2"

  availability_zones       = ["us-east-2a", "us-east-2b"]
  vpc_id                   = module.vpc.vpc_id
  igw_id                   = [module.vpc.igw_id]
  ipv4_enabled             = true
  ipv4_cidr_block          = [cidrsubnet(module.vpc.vpc_cidr_block,1,0)]
  nat_gateway_enabled      = true

  context = module.this.context
}

module "data_subnets" {
  source = "cloudposse/dynamic-subnets/aws"
  version = "2.0.2"

  attributes = ["data"]
  availability_zones       = ["us-east-2a", "us-east-2b"]
  vpc_id                   = module.vpc.vpc_id
  ipv4_enabled             = true
  ipv4_cidr_block          = [cidrsubnet(module.vpc.vpc_cidr_block,1,1)]
  public_subnets_enabled = false
  nat_gateway_enabled      = false
  
  context = module.this.context
}

@azizzoaib786 Does that work for you?

Nuru avatar Oct 03 '22 20:10 Nuru