Data Source: aws_vpc_ipam_preview_next_cidr gets the same IPs for different count.index

[mmshin]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Affected Resource(s)

• Data Source: aws_vpc_ipam_preview_next_cidr

Terraform Configuration Files

I have written a module to allocate IP from the CIDR Pool using the IPAM Preview Next CIDR because I need to get the CIDR as an output to be used by a different project.

resource "aws_vpc_ipam_preview_next_cidr" "subnet" {
  count          = var.create ? var.allocation_count : 0
  ipam_pool_id   = var.pool_id
  netmask_length = var.netmask_length
}

resource "aws_vpc_ipam_pool_cidr_allocation" "subnet" {
  count          = var.create ? var.allocation_count : 0
  description    = "IP Allocation for ${var.allocation_name} Subnet"
  ipam_pool_id   = var.pool_id
  cidr = aws_vpc_ipam_preview_next_cidr.subnet[0].cidr

Expected Output

data.aws_vpc_ipam_preview_next_cidr.subnet.*.cidr

It will produce different CIDR per count.index

Actual Output

data.aws_vpc_ipam_preview_next_cidr.subnet.*.cidr produced the same cidr

[mmshin]

Btw, I found a better solution. Turns out Resource: aws_vpc_ipam_pool_cidr_allocation returns cidr attribute but it wasn't in the documentation

[drewmullen]

This is not a bug but perhaps is a poorly documented side effect of the resource & data source: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resource/vpc_ipam_preview_next_cidr

one note: you titled data source but include code for the resource. they have the same effect in this circumstance but in others have different side effects.

The reason youre experiencing this is because the resource/ds are effectively running the command aws ec2 allocate-ipam-pool-cidr --preview --ipam-pool-id <> which will simply return the next available CIDR without allocating it. if you were to run that command multiple times without using the allocation, IPAM sees the cidr as still available. The purpose for this is to overcome very particular situations where you MUST know the CIDR ahead of time but is not required in most definitions of terraform for creating a VPC (see below)

One way around this is to not preview the cidr and instead to just use aws_vpc with ipam parameters to make the calls on your behalf. I have a VPC module that should satisfy most vpc requirements and fully integrates with ipam for ipv4 vpcs: https://registry.terraform.io/modules/aws-ia/vpc/aws/latest

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!