determanistic subnet cidr calculation

aws-ia / terraform-aws-vpc

AWS VPC Module

https://registry.terraform.io/modules/aws-ia/vpc/aws/latest

Apache License 2.0

82 stars 89 forks source link

determanistic subnet cidr calculation #136

Open ivan-aws opened 8 months ago

ivan-aws commented 8 months ago

when updating the az_count, i noticed that not all subnet cidr range calculations are deterministic. after changing the value from 1 to 2, for one of the subnets terraform triggered a replacement, as the cidr range changed:

      ~ cidr_block                                     = "10.32.0.64/28" -> "10.32.0.128/28" # forces replacement

this is less than ideal, as there are already network interfaces deployed into the subnet

drewmullen commented 8 months ago

Hi! Thanks for opening this issue and for your feedback!

We are aware of this situation and documented a fix. https://github.com/aws-ia/terraform-aws-vpc#updating-a-vpc-with-new-or-removed-subnets

Atm there are not great functions for cidr calculation that can prevent this. Although custom provider functions could help in the future.

Hope this helps. If you have other feedback please let us know!

bobdoah commented 4 months ago

I'm using IPAM, so the cidr_blocks aren't known in advance. The suggested fix won't work in this scenario.

drewmullen commented 4 months ago

For ipam You can request specific cidrs from ipam. It will work the same way as mentioned above just also reference the ipam pool id

I plan to perform a major update to this module once the ipam subnet values are added to the provider: https://github.com/hashicorp/terraform-provider-aws/issues/34615