search

aws-ia / terraform-aws-vpc

AWS VPC Module
https://registry.terraform.io/modules/aws-ia/vpc/aws/latest
Apache License 2.0
92 stars 98 forks source link

[Bug]Enable Local zones breaks network topology #111

Closed alex-zige closed 1 year ago

alex-zige commented 1 year ago

Issue Details:

Enabled the AKL local zone for Sydney region, after re-run a terraform plan, it’s going to recreate the resources in the new subnets and all resources.

Also local zones can only have limit services, no TGW support, no Nat gateway support, it will break the desired network configuration and topology.

Further investigation:

calculate_subnets module are using data resources to fetch from AWS.

so before data.aws_availability_zones.current returns:

    “ap-southeast-2a”,
    “ap-southeast-2b”,
    “ap-southeast-2c”,

but post-enabled local zones: it returns:

    “ap-southeast-2-akl-1a”,
    “ap-southeast-2a”,
    “ap-southeast-2b”,
    “ap-southeast-2c”,

the current logics slice the first x (based on the az_count)

so it and destroy and create resources for those azs.

“ap-southeast-2-akl-1a”,
“ap-southeast-2a”,
“ap-southeast-2b”,

Suggest add aws-ia/vpc/aws to allow explicit specify configuration for az for VPC

module "vpc" {
  source  = "aws-ia/vpc/aws"
  version = "= 4.2.1"

  name       = "demo-vpc"
  cidr_block = "10.0.0.0/20"
  az_count   = 3
  azs = ["ap-southeast-2a", "ap-southeast-2b", "ap-southeast-2c"]

To prevent the similar issues in the future.