Skip to content

Multiple subnets per AZ. Named subnets #174

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jan 27, 2023
Merged

Multiple subnets per AZ. Named subnets #174

merged 9 commits into from
Jan 27, 2023

Conversation

@aknysh
Copy link
Member

@aknysh aknysh commented Jan 25, 2023
edited
Loading

what

  • Allow provisioning multiple subnets per AZ (the number of subnets per AZ is specified in the subnets_per_az_count variable). If subnets_per_az_count is set to 1 (default), it's backwards compatible with the previous functionality (one subnet of each type, private and public, per AZ)
  • Allow named subnets (specified in the subnets_per_az_names variable)

why

  • Multiple subnets per AZ are useful in many cases:
    • In a VPC, provision a dedicated subnet for services, backend and database
    • For AWS Network Firewall, a dedicated subnet in each AZ is required. When a Transit Gateway is used, we provision tgw subnet and firewall subnets in each AZ
  • Named subnets are useful to easily find particular subnets IDs and route table IDs (both public and private) from the module outputs, e.g. to find all subnets and route tables for tgw, firewall, database, services, backend, etc.

test

Using the following settings:

availability_zones = ["us-east-2a", "us-east-2b"]
subnets_per_az_count = 3
subnets_per_az_names = ["services", "backend", "db"]

The outputs:

az_private_route_table_ids_map = {
  "us-east-2a" = [
    "rtb-05cbce79950652f38",
    "rtb-03a545f25ef6ce3f9",
    "rtb-0ef8d1698f424e77b",
  ]
  "us-east-2b" = [
    "rtb-076348138f550ebab",
    "rtb-0bd3baf8916948c3f",
    "rtb-01533922e675db6b6",
  ]
}
az_private_subnets_map = {
  "us-east-2a" = [
    "subnet-02c63d0c0c2f84bf5",
    "subnet-0393680d8ea3dd70f",
    "subnet-0a7c4b117b2105a69",
  ]
  "us-east-2b" = [
    "subnet-0f6d042c659cc1346",
    "subnet-06764c7316567eacc",
    "subnet-074fd7ad2b902bec2",
  ]
}
az_public_route_table_ids_map = {
  "us-east-2a" = [
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ]
  "us-east-2b" = [
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ]
}
az_public_subnets_map = {
  "us-east-2a" = [
    "subnet-05647fc1f31a30896",
    "subnet-03e27e41e0b818080",
    "subnet-04e5d57b1e2035c7c",
  ]
  "us-east-2b" = [
    "subnet-01cc440339718014e",
    "subnet-00155e6b64925ba51",
    "subnet-0a326693cfee8e68d",
  ]
}
named_private_route_table_ids_map = {
  "backend" = tolist([
    "rtb-03a545f25ef6ce3f9",
    "rtb-0bd3baf8916948c3f",
  ])
  "db" = tolist([
    "rtb-0ef8d1698f424e77b",
    "rtb-01533922e675db6b6",
  ])
  "services" = tolist([
    "rtb-05cbce79950652f38",
    "rtb-076348138f550ebab",
  ])
}
named_private_subnets_map = {
  "backend" = tolist([
    "subnet-0393680d8ea3dd70f",
    "subnet-06764c7316567eacc",
  ])
  "db" = tolist([
    "subnet-0a7c4b117b2105a69",
    "subnet-074fd7ad2b902bec2",
  ])
  "services" = tolist([
    "subnet-02c63d0c0c2f84bf5",
    "subnet-0f6d042c659cc1346",
  ])
}
named_private_subnets_stats_map = {
  "backend" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-03a545f25ef6ce3f9"
      "subnet_id" = "subnet-0393680d8ea3dd70f"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-0bd3baf8916948c3f"
      "subnet_id" = "subnet-06764c7316567eacc"
    },
  ]
  "db" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-0ef8d1698f424e77b"
      "subnet_id" = "subnet-0a7c4b117b2105a69"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-01533922e675db6b6"
      "subnet_id" = "subnet-074fd7ad2b902bec2"
    },
  ]
  "services" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-05cbce79950652f38"
      "subnet_id" = "subnet-02c63d0c0c2f84bf5"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-076348138f550ebab"
      "subnet_id" = "subnet-0f6d042c659cc1346"
    },
  ]
}
named_public_route_table_ids_map = {
  "backend" = tolist([
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ])
  "db" = tolist([
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ])
  "services" = tolist([
    "rtb-0046629cc751e775d",
    "rtb-0046629cc751e775d",
  ])
}
named_public_subnets_map = {
  "backend" = tolist([
    "subnet-03e27e41e0b818080",
    "subnet-00155e6b64925ba51",
  ])
  "db" = tolist([
    "subnet-04e5d57b1e2035c7c",
    "subnet-0a326693cfee8e68d",
  ])
  "services" = tolist([
    "subnet-05647fc1f31a30896",
    "subnet-01cc440339718014e",
  ])
}
named_public_subnets_stats_map = {
  "backend" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-03e27e41e0b818080"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-00155e6b64925ba51"
    },
  ]
  "db" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-04e5d57b1e2035c7c"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-0a326693cfee8e68d"
    },
  ]
  "services" = [
    {
      "az" = "us-east-2a"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-05647fc1f31a30896"
    },
    {
      "az" = "us-east-2b"
      "route_table_id" = "rtb-0046629cc751e775d"
      "subnet_id" = "subnet-01cc440339718014e"
    },
  ]
}
private_route_table_ids = [
  "rtb-05cbce79950652f38",
  "rtb-03a545f25ef6ce3f9",
  "rtb-0ef8d1698f424e77b",
  "rtb-076348138f550ebab",
  "rtb-0bd3baf8916948c3f",
  "rtb-01533922e675db6b6",
]
private_subnet_cidrs = tolist([
  "172.16.0.0/21",
  "172.16.8.0/21",
  "172.16.16.0/21",
  "172.16.24.0/21",
  "172.16.32.0/21",
  "172.16.40.0/21",
])
public_subnet_cidrs = tolist([
  "172.16.72.0/21",
  "172.16.80.0/21",
  "172.16.88.0/21",
  "172.16.96.0/21",
  "172.16.104.0/21",
  "172.16.112.0/21",
])

@aknysh aknysh self-assigned this Jan 25, 2023
@aknysh aknysh requested review from a team as code owners January 25, 2023 00:47
@aknysh aknysh requested review from jamengual and woz5999 January 25, 2023 00:47
@aknysh
Copy link
Member Author

aknysh commented Jan 25, 2023

/test all

bridgecrew[bot]
bridgecrew bot reviewed Jan 25, 2023
View reviewed changes
bridgecrew[bot]
bridgecrew bot reviewed Jan 25, 2023
View reviewed changes
bridgecrew[bot]
bridgecrew bot reviewed Jan 25, 2023
View reviewed changes
bridgecrew[bot]
bridgecrew bot reviewed Jan 25, 2023
View reviewed changes
bridgecrew[bot]
bridgecrew bot reviewed Jan 25, 2023
View reviewed changes
bridgecrew[bot]
bridgecrew bot reviewed Jan 25, 2023
View reviewed changes
bridgecrew[bot]
bridgecrew bot reviewed Jan 25, 2023
View reviewed changes
@aknysh
Copy link
Member Author

aknysh commented Jan 25, 2023

/test all

@aknysh
Copy link
Member Author

aknysh commented Jan 25, 2023

/test all

@aknysh aknysh requested review from Nuru and osterman January 25, 2023 01:33
max-lobur
max-lobur reviewed Jan 25, 2023
View reviewed changes
@aknysh aknysh requested a review from max-lobur January 25, 2023 20:10
@aknysh aknysh merged commit 029080a into master Jan 27, 2023
@aknysh aknysh deleted the multiple-subnets-per-az branch January 27, 2023 04:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamengual jamengual Awaiting requested review from jamengual jamengual was automatically assigned from cloudposse/contributors

@woz5999 woz5999 Awaiting requested review from woz5999 woz5999 was automatically assigned from cloudposse/contributors

@Benbentwo Benbentwo Awaiting requested review from Benbentwo

@goruha goruha Awaiting requested review from goruha

@milldr milldr Awaiting requested review from milldr

@nitrocode nitrocode Awaiting requested review from nitrocode

@Nuru Nuru Awaiting requested review from Nuru

@osterman osterman Awaiting requested review from osterman

2 more reviewers

@bridgecrew bridgecrew[bot] bridgecrew[bot] left review comments

@max-lobur max-lobur max-lobur approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@aknysh aknysh

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aknysh @max-lobur