Create secondary cidr block on first pass? #142
Comments
|
Hi thanks for opening this question. We actually use the resource _cidr_block_association. The issue probably comes from the fact that the Part of me wants to say this is a bug but im split on it without more research. I'll leave this open for discussion and consideration. This was a good find and a miss on our design. Thanks for opening this up! |
|
A fix may honestly be as easy as creating a variable I could even just take the inverse of the |
|
This is the main.tf I am trying to use and getting that error. I am open to any ideas for improvement. terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.31"
}
}
}
provider "aws" {
region = "us-west-2"
access_key = var.access_key
secret_key = var.secret_key
token = var.token
}
# https://github.com/aws-ia/terraform-aws-vpc
module "primary_vpc" {
source = "aws-ia/vpc/aws"
version = ">= 4.2.0"
name = "multi-az-vpc"
cidr_block = "172.16.0.0/20"
az_count = 3
subnets = {
public = {
cidrs = ["172.16.1.0/24", "172.16.2.0/24", "172.16.3.0/24"]
nat_gateway_configuration = "all_azs" # options: "single_az", "none"
}
private = {
name_prefix = "private_workload"
connect_to_public_natgw = true
cidrs = ["172.16.4.0/22", "172.16.8.0/22", "172.16.12.0/22"]
}
}
}
# To add in the secondary cidr
module "secondary_vpc" {
source = "aws-ia/vpc/aws"
version = ">= 4.2.0"
depends_on = [module.primary_vpc]
name = "secondary-cidr"
cidr_block = "10.200.0.0/26" # pretend this is a private IP cidr range
az_count = 3
vpc_secondary_cidr = "true"
vpc_id = module.primary_vpc.vpc_attributes.id
vpc_secondary_cidr_natgw = module.primary_vpc.natgw_id_per_az
subnets = {
private = {
name_prefix = "private_internal"
cidrs = ["10.200.0.0/28", "10.200.0.16/28", "10.200.0.32/28"]
connect_to_public_natgw = true
}
}
}
|
|
Thanks for sharing your sample HCL. What you have is fine! Now that 4.4.2 is released i can test my fix idea... standby |
|
@drewmullen any updates on this? would really be helpful to assigne secondary cidr on first pass |
|
Is there any update on this? it's a blocker on using this module with AFT Code Pipelines |
|
I have sometime tomorrow I can try this out v1.9 fixes this problem with inferencing, according to the alpha notes |
|
@drewmullen Looking forward for this update, it is indeed a blocker for AFT |
|
hmm, my idea did not fix the problem... this needs to be dug in deeper to figure out... I cloned the vpc module locally and used relative pathing to do a quick and dirty test. the code has been pushed: https://github.com/drewmullen/vpc-test-changes/blob/master/main.tf new errors: |
|
@drewmullen the following worked for me. Added a create_vpc variable: Updated local.create_vpc to use the value from the variable rather than the vpc_id: |
|
@mperyer1 interesting, that’s similar to what I did feel free to send up a PR. Include a test payload you used to deploy a primary and secondary cidr pls we will have to add a test too |
|
@drewmullen I have the same issue as you but only if I use |
|
@drewmullen The problem is the calculation of |
|
@JasonCubic Fix has been merged |
How can you make a secondary ipv4 cidr block for the vpc without needing to do a second pass and add it to an already created vpc? I want to create a vpc with two cidr blocks. A cidr block with a private IP block and an on-prem cidr block. I've tried it but it fails with this error:
│ Error: Invalid count argument
│
│ on .terraform\modules\secondary_vpc\data.tf line 132, in data "aws_vpc" "main":
│ 132: count = local.create_vpc ? 0 : 1
│
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created.
│ To work around this, use the -target argument to first apply only the resources that the count depends on.
It's possible that I am overthinking this. Should I just use the normal terraform aws_vpc_ipv4_cidr_block_association?
The text was updated successfully, but these errors were encountered: