Adding secondary CIDR Blocks

[JohnnyC08]

I've come across an use case where I want to add a secondary CIDR Block and create new subnets with those blocks. I created my VPC with the module so I want to see if I can leverage it to do that.

With aws_vpc_ipv4_cidr_block_association we can associate new CIDR blocks, so maybe we can accept a list of secondary_cidr_blocks in the module definition and use the length to know how many associations to make.

Now the part I could use some guidance on is how to handle the dependency case. If I'm adding extra CIDR blocks and subnets. I want the vpc created and then the secondary associations created and then everything else created.

I can take care of this if I get some guidance on how to handle the dependency structure of ensuring the VPC is created and then the associations occur. Maybe we can abstract the vpc resource to an inner module that takes the vpc information and the secondary cidr blocks, then the rest of the main file can reference that module.

Anyways, tell me what you think.

[JohnnyC08]

I did some work to see if I could get the dependencies to work the way I wanted to and here is one approach I had.

So we go ahead and define our secondary association blocks like below

resource "aws_vpc_ipv4_cidr_block_association" "this" {
  count = "${length(var.secondary_cidr_blocks)}"

  vpc_id = "${aws_vpc.this.id}"

  cidr_block = "${element(var.secondary_cidr_blocks, count.index)}"
}

And then in our locals we define the following

vpc_id = "${length(var.secondary_cidr_blocks) > 0 ? element(concat(aws_vpc_ipv4_cidr_block_association.this.*.vpc_id, list("")), 0) : aws_vpc.this.id}"

Then for the other resources that need the vpc id we have them use that local variable.

Plan and validate seems to work on my existing infrastructure. Anyways, if you want to see what it looks like I can submit a PR.

[matthiasr]

@JohnnyC08 please do! I also need this and am about to re-do it based on your notes

[antonbabenko]

v1.41.0 has been released.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.