pulumi-awsx icon indicating copy to clipboard operation
pulumi-awsx copied to clipboard

Published 20 hours ago verified publisher icon pulumi

When using `SubnetAllocationStrategy.Exact`, `Unused` subnets are constrained.

Open aureq opened this issue 6 months ago • 1 comments
trafficstars

Describe what happened

I'm trying to create a VPC using the SubnetAllocationStrategy.Exact but his has proven to be very difficult.

I have a VPC (/16) and I use a /20 for all my subnets. So I have a total of 16 Subnets possible ✅ I'm deploying that VPC in ap-southeast-2 which has 3 availability zones. As I'm using cidrBlocks, I am expected to write 3 CIDR blocks.

Since a /20 gives a total of 16 Subnets, I have no choice other than to write 5 subnetSpecs of 3 blocks (=15) and let the last subnetSpecs have only 1 block.

When doing a preview, the provider returns the following error (See Log 1)

The number of CIDR blocks in subnetSpecs[5] must match the number of availability zones (3).

I've tried to use empty strings, but that doesn't work either. (See Log 2)

            cidrBlocks: ["10.0.240.0/20", "", ""],

And commenting the last subnetSpecs, AWSx generates an error as not all gaps are filled. (See Log 3)

Sample program

import * as pulumi from "@pulumi/pulumi";
import * as awsx from "@pulumi/awsx";

export = async() => {
    const vpcexact = new awsx.ec2.Vpc(`${pulumi.runtime.getProject()}-vpc-exact`, {
        cidrBlock: "10.0.0.0/16",
        subnetStrategy: awsx.ec2.SubnetAllocationStrategy.Exact,
        enableDnsHostnames: true,
        enableDnsSupport: true,
        natGateways: {
            strategy: awsx.ec2.NatGatewayStrategy.None,
        },
        subnetSpecs: [{
            type: awsx.ec2.SubnetType.Private,
            cidrBlocks: ["10.0.0.0/20", "10.0.16.0/20", "10.0.32.0/20"]
        },{
            type: awsx.ec2.SubnetType.Isolated,
            cidrBlocks: ["10.0.48.0/20", "10.0.64.0/20", "10.0.80.0/20"]
        },{
            type: awsx.ec2.SubnetType.Public,
            cidrBlocks: ["10.0.96.0/20", "10.0.112.0/20", "10.0.128.0/20"],
        },{
            type: awsx.ec2.SubnetType.Private,
            cidrBlocks: ["10.0.144.0/20", "10.0.160.0/20", "10.0.176.0/20"],
        },{
            type: awsx.ec2.SubnetType.Isolated,
            cidrBlocks: ["10.0.192.0/20", "10.0.208.0/20", "10.0.224.0/20"],
        },{
            type: awsx.ec2.SubnetType.Unused,
            cidrBlocks: ["10.0.240.0/20"], // doesn't work
        //    cidrBlocks: ["10.0.240.0/21", "10.0.248.0/22", "10.0.252.0/22"], // doesn't work either
        }],
    });

    return {};
}

Log output

log 1

Diagnostics:
  pulumi:pulumi:Stack (zendesk-0026):
    error: awsx:ec2:Vpc resource 'zendesk-vpc-exact' has a problem: Invalid subnet specifications:
     - The number of CIDR blocks in subnetSpecs[5] must match the number of availability zones (3).
    error: Error: Invalid subnet specifications:
     - The number of CIDR blocks in subnetSpecs[5] must match the number of availability zones (3).
        at validateAndNormalizeSubnetInputs (/snapshot/awsx/bin/ec2/subnetDistributorNew.js:213:11)
        at Vpc.decideSubnetSpecs (/snapshot/awsx/bin/ec2/vpc.js:244:89)
        at Vpc.decideAndValidateSubnetSpecs (/snapshot/awsx/bin/ec2/vpc.js:231:66)
        at Vpc.createInnerVpc (/snapshot/awsx/bin/ec2/vpc.js:217:34)
        at Vpc.initialize (/snapshot/awsx/bin/ec2/vpc.js:58:71)
        at processTicksAndRejections (node:internal/process/task_queues:96:5)

log 2

Diagnostics:
  pulumi:pulumi:Stack (zendesk-0026):
    error: awsx:ec2:Vpc resource 'zendesk-vpc-exact' has a problem: Invalid subnet specifications:
     - The number of CIDR blocks in subnetSpecs[5] must match the number of availability zones (3).
    error: Error: Invalid subnet specifications:
     - The number of CIDR blocks in subnetSpecs[5] must match the number of availability zones (3).
        at validateAndNormalizeSubnetInputs (/snapshot/awsx/bin/ec2/subnetDistributorNew.js:213:11)
        at Vpc.decideSubnetSpecs (/snapshot/awsx/bin/ec2/vpc.js:244:89)
        at Vpc.decideAndValidateSubnetSpecs (/snapshot/awsx/bin/ec2/vpc.js:231:66)
        at Vpc.createInnerVpc (/snapshot/awsx/bin/ec2/vpc.js:217:34)
        at Vpc.initialize (/snapshot/awsx/bin/ec2/vpc.js:58:71)
        at processTicksAndRejections (node:internal/process/task_queues:96:5)

log 3

Diagnostics:
  pulumi:pulumi:Stack (zendesk-0026):
    error: awsx:ec2:Vpc resource 'zendesk-vpc-exact' has a problem: There are gaps in the subnet ranges. Please fix the following gaps: zendesk-vpc-exact-private-1 (10.0.0.0/20) <=> zendesk-vpc-exact-isolated-1 (10.0.48.0/20), zendesk-vpc-exact-isolated-1 (10.0.48.0/20) <=> zendesk-vpc-exact-public-1 (10.0.96.0/20), zendesk-vpc-exact-public-1 (10.0.96.0/20) <=> zendesk-vpc-exact-private-1 (10.0.144.0/20), zendesk-vpc-exact-private-1 (10.0.144.0/20) <=> zendesk-vpc-exact-isolated-1 (10.0.192.0/20), zendesk-vpc-exact-isolated-1 (10.0.192.0/20) <=> zendesk-vpc-exact-private-2 (10.0.16.0/20), zendesk-vpc-exact-private-2 (10.0.16.0/20) <=> zendesk-vpc-exact-isolated-2 (10.0.64.0/20), zendesk-vpc-exact-isolated-2 (10.0.64.0/20) <=> zendesk-vpc-exact-public-2 (10.0.112.0/20), zendesk-vpc-exact-public-2 (10.0.112.0/20) <=> zendesk-vpc-exact-private-2 (10.0.160.0/20), zendesk-vpc-exact-private-2 (10.0.160.0/20) <=> zendesk-vpc-exact-isolated-2 (10.0.208.0/20), zendesk-vpc-exact-isolated-2 (10.0.208.0/20) <=> zendesk-vpc-exact-private-3 (10.0.32.0/20), zendesk-vpc-exact-private-3 (10.0.32.0/20) <=> zendesk-vpc-exact-isolated-3 (10.0.80.0/20), zendesk-vpc-exact-isolated-3 (10.0.80.0/20) <=> zendesk-vpc-exact-public-3 (10.0.128.0/20), zendesk-vpc-exact-public-3 (10.0.128.0/20) <=> zendesk-vpc-exact-private-3 (10.0.176.0/20), zendesk-vpc-exact-private-3 (10.0.176.0/20) <=> zendesk-vpc-exact-isolated-3 (10.0.224.0/20), zendesk-vpc-exact-isolated-3 (ending 10.0.239.254) ends before VPC ends (at 10.0.255.254})
    error: Error: There are gaps in the subnet ranges. Please fix the following gaps: zendesk-vpc-exact-private-1 (10.0.0.0/20) <=> zendesk-vpc-exact-isolated-1 (10.0.48.0/20), zendesk-vpc-exact-isolated-1 (10.0.48.0/20) <=> zendesk-vpc-exact-public-1 (10.0.96.0/20), zendesk-vpc-exact-public-1 (10.0.96.0/20) <=> zendesk-vpc-exact-private-1 (10.0.144.0/20), zendesk-vpc-exact-private-1 (10.0.144.0/20) <=> zendesk-vpc-exact-isolated-1 (10.0.192.0/20), zendesk-vpc-exact-isolated-1 (10.0.192.0/20) <=> zendesk-vpc-exact-private-2 (10.0.16.0/20), zendesk-vpc-exact-private-2 (10.0.16.0/20) <=> zendesk-vpc-exact-isolated-2 (10.0.64.0/20), zendesk-vpc-exact-isolated-2 (10.0.64.0/20) <=> zendesk-vpc-exact-public-2 (10.0.112.0/20), zendesk-vpc-exact-public-2 (10.0.112.0/20) <=> zendesk-vpc-exact-private-2 (10.0.160.0/20), zendesk-vpc-exact-private-2 (10.0.160.0/20) <=> zendesk-vpc-exact-isolated-2 (10.0.208.0/20), zendesk-vpc-exact-isolated-2 (10.0.208.0/20) <=> zendesk-vpc-exact-private-3 (10.0.32.0/20), zendesk-vpc-exact-private-3 (10.0.32.0/20) <=> zendesk-vpc-exact-isolated-3 (10.0.80.0/20), zendesk-vpc-exact-isolated-3 (10.0.80.0/20) <=> zendesk-vpc-exact-public-3 (10.0.128.0/20), zendesk-vpc-exact-public-3 (10.0.128.0/20) <=> zendesk-vpc-exact-private-3 (10.0.176.0/20), zendesk-vpc-exact-private-3 (10.0.176.0/20) <=> zendesk-vpc-exact-isolated-3 (10.0.224.0/20), zendesk-vpc-exact-isolated-3 (ending 10.0.239.254) ends before VPC ends (at 10.0.255.254})
        at validateNoGaps (/snapshot/awsx/bin/ec2/vpc.js:489:11)
        at /snapshot/awsx/bin/ec2/vpc.js:237:17
        at validatePartialSubnetSpecs (/snapshot/awsx/bin/ec2/subnetSpecs.js:23:9)
        at Vpc.decideAndValidateSubnetSpecs (/snapshot/awsx/bin/ec2/vpc.js:232:74)
        at Vpc.createInnerVpc (/snapshot/awsx/bin/ec2/vpc.js:217:34)
        at Vpc.initialize (/snapshot/awsx/bin/ec2/vpc.js:58:71)
        at processTicksAndRejections (node:internal/process/task_queues:96:5)

Affected Resource(s)

No response

Output of pulumi about

CLI          
Version      3.169.0
Go Version   go1.24.3
Go Compiler  gc

Plugins
KIND      NAME          VERSION
resource  aws           6.80.0
resource  awsx          2.21.1
resource  docker        4.6.2
resource  docker        3.6.1
resource  docker-build  0.0.8
language  nodejs        3.169.0

Host     
OS       debian
Version  12.10
Arch     x86_64

This project is written in nodejs: executable='/usr/local/bin/node' version='v22.15.0'

Current Stack: menfin/zendesk/0026

Found no resources associated with 0026

Found no pending operations associated with 0026

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/aureq
User           aureq
Organizations  aureq, team-ce, menfin-demo, menfin, menfin-team, demo
Token type     personal

Dependencies:
NAME            VERSION
typescript      5.8.3
@pulumi/aws     6.80.0
@pulumi/awsx    2.21.1
@pulumi/pulumi  3.169.0
@types/node     18.19.100

Pulumi locates its logs in /tmp by default

Additional context

It would be helpful to update the documentation as 📄 a lot of magic happens behind the scene and it's hard for users to find out of things work.

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

aureq avatar May 14 '25 08:05 aureq