terraform-provider-aws icon indicating copy to clipboard operation
terraform-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

[Enhancement]: Floating IP address range outside the VPC configuration for FSx ONTAP

Open buslovitch opened this issue 2 years ago • 10 comments

Description

Amazon FSx for ONTAP recommends choosing an endpoint IP address range that’s within VPC’s IP address range to simplify your networking setup, especially when accessing your data from other AWS services or other networks (on-premises networks or peered networks in AWS). I'm trying to find this configuration option in https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/fsx_ontap_file_system#endpoint, but with no success. Especially I'm interested in the Floating IP address range outside the VPC configuration and the requirement is to support all possible Endpoint IP Range configurations shown in the Fsx AWS Console. See attached file. Endpoint IP address range

Affected Resource(s) and/or Data Source(s)

networkand security

Potential Terraform Configuration

No response

References

No response

Would you like to implement a fix?

None

buslovitch avatar Jan 18 '23 08:01 buslovitch

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

github-actions[bot] avatar Jan 18 '23 08:01 github-actions[bot]

@justinretzolk any idea how to get a feedback when this functionality can be implemented?

buslovitch avatar Feb 07 '23 15:02 buslovitch

I don't think there are changes needed to the terraform provider to implement this? Just set your endpoint_ip_address_range to something outside your VPC: (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/fsx_ontap_file_system#endpoint_ip_address_range)

Note that if you do it this way you'll have to add transit gateway config/routes.

We recently deployed a multi-AZ FSx and used an unallocated IP range within the VPC for the endpoints, but note this still requires setting the route_table_ids param to work without making TGW changes: https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/unable-to-access.html#subnet-route-tables

Sorry if this isn't helpful, just sharing my experience with this resource, best of luck.

joshtrutwin avatar Feb 08 '23 13:02 joshtrutwin

Re-reading your post, I think I'm mistaken that there is missing functionality to implement the Floating option, my bad.

joshtrutwin avatar Feb 08 '23 13:02 joshtrutwin

@joshtrutwin really apologize, but I need clarification. You are saying that possible to deploy FSxN with all 3 options by setting endpoint_ip_address_range or there is something missing and it should be implemented?

buslovitch avatar Feb 08 '23 13:02 buslovitch

I'm honestly unsure @buslovitch - those 3 options in the AWS console don't seem to have direct API equivalent https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystemOntapConfiguration.html#FSx-Type-CreateFileSystemOntapConfiguration-EndpointIpAddressRange

It may be possible to do all 3 options:

option #1 (Unallocated IP from your VPC) - specify an endpoint_ip_address_range param using the unallocated space in your VPC CIDR (if you have any unallocated) option #2 (floating IP outside your VPC) - I think this is the behavior you would get by NOT specifying the IP range:

endpoint_ip_address_range - (Optional) Specifies the IP address range in which the endpoints to access your file system will be created. By default, Amazon FSx selects an unused IP address range for you from the 198.19. range.*

This again requires TGW changes if multi-AZ per: https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/access-environments.html "No additional Transit Gateway configuration is required for Single-AZ file systems or Multi-AZ file systems with an EndpointIPAddressRange that's within your VPC's IP address range."

Option #3 - you specify the endpoint_ip_address_range param

joshtrutwin avatar Feb 08 '23 15:02 joshtrutwin

@joshtrutwin thank you very much for all your comments. We'll test it to get a full confidence. Again, much appreciate your help.

buslovitch avatar Feb 08 '23 15:02 buslovitch

Good luck, it's a bit tricky to get everything set up but once it is done it works quite well.

joshtrutwin avatar Feb 08 '23 15:02 joshtrutwin

Specifying the [endpoint_ip_address_range] which is same as subnet gives an error.

chaudhariatul avatar Feb 14 '23 08:02 chaudhariatul

Specifying the [endpoint_ip_address_range] which is same as subnet gives an error.

Agreed we have the same issue with a customer. How can we specifiy this in each senario to make sure it works correctly for the customer.

lee-nicholson avatar Feb 22 '23 14:02 lee-nicholson

Unfortunately, this issue as presented is conflating different asks. It would be helpful if the author/OP could restate the issue and use the criteria we ask for when submitting a bug:

  1. Affected resource: aws_fsx_ontap_file_system
  2. Expected behavior: I am attempting to do X. I expected the result to be Y.
  3. Actual behavior: When I use this sample terraform configurations, I get this result Z.
  4. Relevant Output Snipplet
  5. Sample Terraform Configuration Files
  6. Steps to Reproduce

AdamTylerLynch avatar Apr 12 '23 14:04 AdamTylerLynch