cloudposse
diff --git a/‎README.md‎
Lines changed: 48 additions & 75 deletions b/‎README.md‎
Lines changed: 48 additions & 75 deletions
diff --git a/‎README.yaml‎
Lines changed: 7 additions & 2 deletions b/‎README.yaml‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎docs/design.md‎
Lines changed: 30 additions & 63 deletions b/‎docs/design.md‎
Lines changed: 30 additions & 63 deletions
@@ -50,9 +50,14 @@ description: |-
   Terraform module to provision public and private [`subnets`](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html) in an existing [`VPC`](https://aws.amazon.com/vpc)
 
   
-  __Note:__ this module is intended for use with an existing VPC and existing Internet Gateway.
+  __Note:__ This module is intended for use with an existing VPC and existing Internet Gateway.
   To create a new VPC, use [terraform-aws-vpc](https://github.com/cloudposse/terraform-aws-vpc) module.
   
+  _Note:__ Due to Terraform [limitations](https://github.com/hashicorp/terraform/issues/26755#issuecomment-719103775),
+  many optional inputs to this module are specified as a `list(string)` that can have zero or one elements, rather than
+  as `string` that could be empty or `null`. The designation of an input as a `list` type does not necessarily
+  mean that you can supply more than one value in the list, so check the input's description before supplying more than one value.
+  
   The core feature of this module is dividing up a given CIDR range so that a set of subnets each gets its own 
   distinct CIDR range within that range, and then creating those subnets in the appropriate availability zones.
   The intention is to keep this module relatively simple and easy to use for the most popular use cases. 
@@ -89,7 +94,7 @@ description: |-
   
   ### Customization for special use cases
   
-  Various features are controlled by `bool` arguments with names ending in `_enabled`. By changing the default
+  Various features are controlled by `bool` inputs with names ending in `_enabled`. By changing the default
   values, you can enable or disable creation of public subnets, private subnets, route tables, 
   NAT gateways, NAT instances, or Network ACLs. So for example, you could use this module to create only
   private subnets and the open Network ACL, and then add your own route table associations to the subnets
 
@@ -1,72 +1,39 @@
 ## Subnet calculation logic
 
-`terraform-aws-dynamic-subnets` creates a set of subnets based on `${var.cidr_block}` input and number of Availability Zones in the region.
-
-For subnet set calculation, the module uses Terraform interpolation
-
-[cidrsubnet](https://www.terraform.io/docs/configuration/interpolation.html#cidrsubnet-iprange-newbits-netnum-).
+`terraform-aws-dynamic-subnets` creates a set of subnets based on various CIDR inputs and 
+the maximum possible number of subnets, which is `max_subnet_count` when specified or
+the number of Availability Zones in the region when `max_subnet_count` is left at 
+its default value of zero.
 
+You can explicitly provide CIDRs for subnets via `ipv4_cidrs` and `ipv6_cidrs` inputs if you want,
+but the usual use case is to provide a single CIDR which this module will subdivide into a set
+of CIDRs as follows:
 
+1. Get number of available AZ in the region:
 ```
-${
-  cidrsubnet(
-  signum(length(var.cidr_block)) == 1 ?
-  var.cidr_block : data.aws_vpc.default.cidr_block,
-  ceil(log(length(data.aws_availability_zones.available.names) * 2, 2)),
-  count.index)
-}
+existing_az_count = length(data.aws_availability_zones.available.names)
+```
+2. Determine how many sets of subnets are being created. (Usually it is `2`: `public` and `private`): `subnet_type_count`.
+3. Multiply the results of (1) and (2) to determine how many CIDRs to reserve:
+```
+cidr_count = existing_az_count * subnet_type_count
 ```
 
+4. Calculate the number of bits needed to enumerate all the CIDRs:
+```
+subnet_bits = ciel(log(cidr_count, 2))
+```
+5. Reserve CIDRs for private subnets using [`cidrsubnet`](https://www.terraform.io/language/functions/cidrsubnet): 
+```
+private_subnet_cidrs = [ for netnumber in range(0, existing_az_count): cidrsubnet(cidr_block, subnet_bits, netnumber) ]
+```
+6. Reserve CIDRs for public subnets in the second half of the CIDR block:
+```
+public_subnet_cidrs = [ for netnumber in range(existing_az_count, existing_az_count * 2): cidrsubnet(cidr_block, subnet_bits, netnumber) ]
+```
 
-1. Use `${var.cidr_block}` input (if specified) or
-   use a VPC CIDR block `data.aws_vpc.default.cidr_block` (e.g. `10.0.0.0/16`)
-2. Get number of available AZ in the region (e.g. `length(data.aws_availability_zones.available.names)`)
-3. Calculate `newbits`. `newbits` number specifies how many subnets
-   be the CIDR block (input or VPC) will be divided into. `newbits` is the number of `binary digits`.
-
-    Example:
-
-    `newbits = 1` - 2 subnets are available (`1 binary digit` allows to count up to `2`)
-
-    `newbits = 2` - 4 subnets are available (`2 binary digits` allows to count up to `4`)
-
-    `newbits = 3` - 8 subnets are available (`3 binary digits` allows to count up to `8`)
-
-    etc.
-
-    1. We know, that we have `6` AZs in a `us-east-1` region (see step 2).
-    2. We need to create `1 public` subnet and `1 private` subnet in each AZ,
-       thus we need to create `12 subnets` in total (`6` AZs * (`1 public` + `1 private`)).
-    3. We need `4 binary digits` for that ( 2<sup>4</sup> = 16 ).
-       In order to calculate the number of `binary digits` we should use `logarithm`
-       function. We should use `base 2` logarithm because decimal numbers
-       can be calculated as `powers` of binary number.
-       See [Wiki](https://en.wikipedia.org/wiki/Binary_number#Decimal)
-       for more details
-
-       Example:
-
-       For `12 subnets` we need `3.58` `binary digits` (log<sub>2</sub>12)
-
-       For `16 subnets` we need `4` `binary digits` (log<sub>2</sub>16)
-
-       For `7 subnets` we need `2.81` `binary digits` (log<sub>2</sub>7)
-
-       etc.
-    4. We can't use fractional values to calculate the number of `binary digits`.
-       We can't round it down because smaller number of `binary digits` is
-       insufficient to represent the required subnets.
-       We round it up. See [ceil](https://www.terraform.io/docs/configuration/interpolation.html#ceil-float-).
-
-       Example:
-
-       For `12 subnets` we need `4` `binary digits` (ceil(log<sub>2</sub>12))
-
-       For `16 subnets` we need `4` `binary digits` (ceil(log<sub>2</sub>16))
-
-       For `7 subnets` we need `3` `binary digits` (ceil(log<sub>2</sub>7))
-
-       etc.
 
-    5. Assign private subnets according to AZ number (we're using `count.index` for that).
-    6. Assign public subnets according to AZ number but with a shift according to the number of AZs in the region (see step 2)
+Note that this means that, for example, in a region with 4 availability zones, if you specify only 3 availability zones 
+in `var.availability_zones`, this module will still reserve CIDRs for the 4th zone. This is so that if you later
+want to expand into that zone, the existing subnet CIDR assignments will not be disturbed. If you do not want
+to reserve these CIDRs