Invalid index on TF cidrsubnet expression

[todd-dsm]

When planning in a government space, Terraform flakes on the plan:

We've defined 3 AZs in the build.env:

+build.env:53> export TF_VAR_minDistSize=3

Plan: 28 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + iam_user  = "thomas"
  + partition = "aws-us-gov"

Error: Invalid index

  on mods/infras/networking.tf line 36, in resource "aws_subnet" "vpc_network":
  36:   availability_zone = data.aws_availability_zones.available.names[count.index]
    ├────────────────
    │ count.index is 3
    │ data.aws_availability_zones.available.names is list of string with 3 elements

3 AZs have been found.

The awscli shows we currently have 3 zones:

aws ec2 describe-availability-zones | jq -r '.AvailabilityZones[].ZoneName'
us-gov-east-1a
us-gov-east-1b
us-gov-east-1c

So, we've asked for 3, found 3 and still the error. It seems like the network expression could be an issue:

  cidr_block      = cidrsubnet(var.host_cidr, 2, count.index)
  ipv6_cidr_block = cidrsubnet(aws_vpc.vpc_network.ipv6_cidr_block, 8, count.index)

This will create take the whole of var.host_cidr (a.b.c.d/16 and create 4 subnetworks from it, each (ipv4) would be a.b.c.d/18. it's worth noting that this configuration has been working for years and, in the commercial partition, I've built many cluster over 3 AZs. But, perhaps something has changed?

So, spreading 4 subnets over 3 AZs might be a place to start?

[todd-dsm]

It's worth noting these are public subnets in a aws-us-gov partition. But...

this looks similar in a commercial partition.

[todd-dsm]

found a duplicate parameter in terraform.tfvars that had a conflicting value; closing.