Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple subnets per AZ. Named subnets #174

Merged
merged 9 commits into from
Jan 27, 2023
Merged

Multiple subnets per AZ. Named subnets #174

merged 9 commits into from
Jan 27, 2023

Conversation

aknysh
Copy link
Member

@aknysh aknysh commented Jan 25, 2023
edited

what

  • Allow provisioning multiple subnets per AZ (the number of subnets per AZ is specified in the subnets_per_az_count variable). If subnets_per_az_count is set to 1 (default), it's backwards compatible with the previous functionality (one subnet of each type, private and public, per AZ)
  • Allow named subnets (specified in the subnets_per_az_names variable)

why

  • Multiple subnets per AZ are useful in many cases:
    • In a VPC, provision a dedicated subnet for services, backend and database
    • For AWS Network Firewall, a dedicated subnet in each AZ is required. When a Transit Gateway is used, we provision tgw subnet and firewall subnets in each AZ
  • Named subnets are useful to easily find particular subnets IDs and route table IDs (both public and private) from the module outputs, e.g. to find all subnets and route tables for tgw, firewall, database, services, backend, etc.

test

Using the following settings:

availability_zones = ["us-east-2a", "us-east-2b"]
subnets_per_az_count = 3
subnets_per_az_names = ["services", "backend", "db"]

The outputs:

az_private_route_table_ids_map = {
  "us-east-2a" = [
    "rtb-05cbce79950652f38",
    "rtb-03a545f25ef6ce3f9",
    "rtb-0ef8d1698f424e77b",
  ]
  "us-east-2b" = [
    "rtb-076348138f550ebab",
    "rtb-0bd3baf8916948c3f",
    "rtb-01533922e675db6b6",
  ]
}
az_private_subnets_map = {
  "us-east-2a" = [
    "subnet-02c63d0c0c2f84bf5",
    "subnet-0393680d8ea3dd70f",
    "subnet-0a7c4b117b2105a69",
  ]
  "us-east-2b" = [
    "subnet-0f6d042c659cc1346",
    "subnet-06764c7316567eacc",
    "subnet-074fd7ad2b902bec2",
  ]
}
az_public_route_table_ids_map = {
  "us-east-2a" = [
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ]
  "us-east-2b" = [
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ]
}
az_public_subnets_map = {
  "us-east-2a" = [
    "subnet-05647fc1f31a30896",
    "subnet-03e27e41e0b818080",
    "subnet-04e5d57b1e2035c7c",
  ]
  "us-east-2b" = [
    "subnet-01cc440339718014e",
    "subnet-00155e6b64925ba51",
    "subnet-0a326693cfee8e68d",
  ]
}
named_private_route_table_ids_map = {
  "backend" = tolist([
    "rtb-03a545f25ef6ce3f9",
    "rtb-0bd3baf8916948c3f",
  ])
  "db" = tolist([
    "rtb-0ef8d1698f424e77b",
    "rtb-01533922e675db6b6",
  ])
  "services" = tolist([
    "rtb-05cbce79950652f38",
    "rtb-076348138f550ebab",
  ])
}
named_private_subnets_map = {
  "backend" = tolist([
    "subnet-0393680d8ea3dd70f",
    "subnet-06764c7316567eacc",
  ])
  "db" = tolist([
    "subnet-0a7c4b117b2105a69",
    "subnet-074fd7ad2b902bec2",
  ])
  "services" = tolist([
    "subnet-02c63d0c0c2f84bf5",
    "subnet-0f6d042c659cc1346",
  ])
}
named_private_subnets_stats_map = {
  "backend" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-03a545f25ef6ce3f9"
      "subnet_id" = "subnet-0393680d8ea3dd70f"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-0bd3baf8916948c3f"
      "subnet_id" = "subnet-06764c7316567eacc"
    },
  ]
  "db" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-0ef8d1698f424e77b"
      "subnet_id" = "subnet-0a7c4b117b2105a69"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-01533922e675db6b6"
      "subnet_id" = "subnet-074fd7ad2b902bec2"
    },
  ]
  "services" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-05cbce79950652f38"
      "subnet_id" = "subnet-02c63d0c0c2f84bf5"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-076348138f550ebab"
      "subnet_id" = "subnet-0f6d042c659cc1346"
    },
  ]
}
named_public_route_table_ids_map = {
  "backend" = tolist([
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ])
  "db" = tolist([
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ])
  "services" = tolist([
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ])
}
named_public_subnets_map = {
  "backend" = tolist([
    "subnet-03e27e41e0b818080",
    "subnet-00155e6b64925ba51",
  ])
  "db" = tolist([
    "subnet-04e5d57b1e2035c7c",
    "subnet-0a326693cfee8e68d",
  ])
  "services" = tolist([
    "subnet-05647fc1f31a30896",
    "subnet-01cc440339718014e",
  ])
}
named_public_subnets_stats_map = {
  "backend" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-03e27e41e0b818080"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-00155e6b64925ba51"
    },
  ]
  "db" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-04e5d57b1e2035c7c"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-0a326693cfee8e68d"
    },
  ]
  "services" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-05647fc1f31a30896"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-01cc440339718014e"
    },
  ]
}
private_route_table_ids = [
  "rtb-05cbce79950652f38",
  "rtb-03a545f25ef6ce3f9",
  "rtb-0ef8d1698f424e77b",
  "rtb-076348138f550ebab",
  "rtb-0bd3baf8916948c3f",
  "rtb-01533922e675db6b6",
]
private_subnet_cidrs = tolist([
  "172.16.0.0/21",
  "172.16.8.0/21",
  "172.16.16.0/21",
  "172.16.24.0/21",
  "172.16.32.0/21",
  "172.16.40.0/21",
])
public_subnet_cidrs = tolist([
  "172.16.72.0/21",
  "172.16.80.0/21",
  "172.16.88.0/21",
  "172.16.96.0/21",
  "172.16.104.0/21",
  "172.16.112.0/21",
])

@aknysh aknysh self-assigned this Jan 25, 2023
@aknysh aknysh requested review from a team as code owners January 25, 2023 00:47
@aknysh
Copy link
Member Author

aknysh commented Jan 25, 2023

/test all

bridgecrew[bot]
bridgecrew bot reviewed Jan 25, 2023
View reviewed changes
test/src/go.sum Show resolved Hide resolved
bridgecrew[bot]
bridgecrew bot reviewed Jan 25, 2023
View reviewed changes
test/src/go.sum Show resolved Hide resolved
bridgecrew[bot]
bridgecrew bot reviewed Jan 25, 2023
View reviewed changes
test/src/go.sum Show resolved Hide resolved
bridgecrew[bot]
bridgecrew bot reviewed Jan 25, 2023
View reviewed changes
test/src/go.sum Show resolved Hide resolved
bridgecrew[bot]
bridgecrew bot reviewed Jan 25, 2023
View reviewed changes
test/src/go.sum Show resolved Hide resolved
bridgecrew[bot]
bridgecrew bot reviewed Jan 25, 2023
View reviewed changes
test/src/go.sum Show resolved Hide resolved
@aknysh
Copy link
Member Author

aknysh commented Jan 25, 2023

/test all

@aknysh
Copy link
Member Author

aknysh commented Jan 25, 2023

/test all

@aknysh aknysh requested review from Nuru and osterman January 25, 2023 01:33
max-lobur
max-lobur reviewed Jan 25, 2023
View reviewed changes
variables.tf Show resolved Hide resolved
main.tf Show resolved Hide resolved
@aknysh aknysh requested a review from max-lobur January 25, 2023 20:10
@aknysh aknysh merged commit 029080a into master Jan 27, 2023
@aknysh aknysh deleted the multiple-subnets-per-az branch January 27, 2023 04:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridgecrew bridgecrew[bot] bridgecrew left review comments

@max-lobur max-lobur max-lobur approved these changes

@jamengual jamengual Awaiting requested review from jamengual jamengual was automatically assigned from cloudposse/contributors

@woz5999 woz5999 Awaiting requested review from woz5999 woz5999 was automatically assigned from cloudposse/contributors

@Benbentwo Benbentwo Awaiting requested review from Benbentwo

@goruha goruha Awaiting requested review from goruha

@milldr milldr Awaiting requested review from milldr

@nitrocode nitrocode Awaiting requested review from nitrocode

@Nuru Nuru Awaiting requested review from Nuru

@osterman osterman Awaiting requested review from osterman

Assignees

@aknysh aknysh

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@aknysh @max-lobur