terraform-aws-dynamic-subnets
Terraform module for public and private subnets provisioning in existing VPC
APACHE-2.0 License
Bot releases are visible (Hide)
🚀 Enhancements
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/utils/aws (source) | module | minor |
1.3.0 -> 1.4.0
|
Release Notes
v1.4.0
what
Add new Tel Aviv (il-central-1) region
why
Provide full coverage
references
Rebuild github dir from the template
🤖 Automatic Updates
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/utils/aws (source) | module | minor |
1.3.0 -> 1.4.0
|
Release Notes
v1.4.0
what
Add new Tel Aviv (il-central-1) region
why
Provide full coverage
references
Rebuild github dir from the template
what
This is an auto-generated PR that updates the README.md and docs
why
To have most recent changes of README.md and doc from origin templates
Published by github-actions[bot] over 1 year ago
🚀 Enhancements
what
- Add subnet ARNs to outputs
why
- Closes #171
Published by github-actions[bot] over 1 year ago
Note
Dropping support for deprecated EC2-Classic
With this release, EIPs allocated for NAT ingress are allocated in the default domain. This most likely does not affect you, but for accounts created before 2013-12-04 (almost 10 years ago as of this writing), the default domain could be EC2-Classic rather than the current VPC. Previously this module forced the EIPs to be in the VPC domain, but the breaking changes between AWS Provider v4 and v5 make that difficult.
If you find yourself in the rare situation where the EIPs allocated by this module are in EC2-Classic but you want them in VPC, then create the EIPs outside of this module and supply them to this module via nat_elastic_ips.
Custom NACLs
This release includes an example (examples/nacls/) showing how to create custom NACLs in conjunction with this module. Note that by default, this module creates wide-open NACLs, and subnets can only have one NACL associated with them. If you try to add a NACL to a subnet without disabling the default NACLs, you may get a possibly confusing error like:
│ Error: creating EC2 Network ACL: creating EC2 Network ACL (acl-0376c5f12dd9d784d) Association: InvalidAssociationID.NotFound: The association ID 'aclassoc-0818d5a9e3876a2bb' does not exist
See https://github.com/hashicorp/terraform-provider-aws/issues/31888
what
- Make appropriate inputs non-nullable (treat an input of
nullas meaning "default") - Remove
aws_eipvpc = true - Update terraform cloudposse/utils/aws to v1.3.0 (Supersedes and closes #182)
- Add example of how to add custom NACLs to subnets created by this module (Supersedes and closes #176)
- Update tests and test framework
why
- Allow better, more consistent configuration
- Deprecated
- Include support for new AWS regions
- Encourage composition of modules and resources rather than aggregation of functionality into bloated modules (c.f. #176)
- Stay current with features, bug fixes, and security updates
references
- Terraform AWS Provider Version 5 Upgrade Guide: aws_eip
- Disallowing Null Input Values
- EC2 Classic
Published by github-actions[bot] over 1 year ago
what
- Changed tfsec ignore comments to use the rule name, rather than deprecated IDs
- Added ignores to public and private so that tfsec passes the module without CRITICAL issues
why
- tfsec no longer supports
#tfsec:ignore:AWS012style comments - False positives generated by this module have been ignored
what
Fix tflint
why
Maintenance
Rebuild github dir from the template
Published by cloudpossebot over 1 year ago
- No changes
Published by cloudpossebot over 1 year ago
what
- Allow provisioning multiple subnets per AZ (the number of subnets per AZ is specified in the
subnets_per_az_countvariable). Ifsubnets_per_az_countis set to1(default), it's backwards compatible with the previous functionality (one subnet of each type, private and public, per AZ) - Allow named subnets (specified in the
subnets_per_az_namesvariable)
why
- Multiple subnets per AZ are useful in many cases:
- In a VPC, provision a dedicated subnet for services, backend and database
- For AWS Network Firewall, a dedicated subnet in each AZ is required. When a Transit Gateway is used, we provision
tgwsubnet andfirewallsubnets in each AZ
- Named subnets are useful to easily find particular subnets IDs and route table IDs (both public and private) from the module outputs, e.g. to find all subnets and route tables for
tgw,firewall,database,services,backend, etc.
test
Using the following settings:
availability_zones = ["us-east-2a", "us-east-2b"]
subnets_per_az_count = 3
subnets_per_az_names = ["services", "backend", "db"]
The outputs:
az_private_route_table_ids_map = {
"us-east-2a" = [
"rtb-05cbce79950652f38",
"rtb-03a545f25ef6ce3f9",
"rtb-0ef8d1698f424e77b",
]
"us-east-2b" = [
"rtb-076348138f550ebab",
"rtb-0bd3baf8916948c3f",
"rtb-01533922e675db6b6",
]
}
az_private_subnets_map = {
"us-east-2a" = [
"subnet-02c63d0c0c2f84bf5",
"subnet-0393680d8ea3dd70f",
"subnet-0a7c4b117b2105a69",
]
"us-east-2b" = [
"subnet-0f6d042c659cc1346",
"subnet-06764c7316567eacc",
"subnet-074fd7ad2b902bec2",
]
}
az_public_route_table_ids_map = {
"us-east-2a" = [
"rtb-0046629cc751e775d",
"rtb-0046629cc751e775d",
"rtb-0046629cc751e775d",
]
"us-east-2b" = [
"rtb-0046629cc751e775d",
"rtb-0046629cc751e775d",
"rtb-0046629cc751e775d",
]
}
az_public_subnets_map = {
"us-east-2a" = [
"subnet-05647fc1f31a30896",
"subnet-03e27e41e0b818080",
"subnet-04e5d57b1e2035c7c",
]
"us-east-2b" = [
"subnet-01cc440339718014e",
"subnet-00155e6b64925ba51",
"subnet-0a326693cfee8e68d",
]
}
named_private_route_table_ids_map = {
"backend" = tolist([
"rtb-03a545f25ef6ce3f9",
"rtb-0bd3baf8916948c3f",
])
"db" = tolist([
"rtb-0ef8d1698f424e77b",
"rtb-01533922e675db6b6",
])
"services" = tolist([
"rtb-05cbce79950652f38",
"rtb-076348138f550ebab",
])
}
named_private_subnets_map = {
"backend" = tolist([
"subnet-0393680d8ea3dd70f",
"subnet-06764c7316567eacc",
])
"db" = tolist([
"subnet-0a7c4b117b2105a69",
"subnet-074fd7ad2b902bec2",
])
"services" = tolist([
"subnet-02c63d0c0c2f84bf5",
"subnet-0f6d042c659cc1346",
])
}
named_private_subnets_stats_map = {
"backend" = [
{
"az" = "us-east-2a"
"route_table_id" = "rtb-03a545f25ef6ce3f9"
"subnet_id" = "subnet-0393680d8ea3dd70f"
},
{
"az" = "us-east-2b"
"route_table_id" = "rtb-0bd3baf8916948c3f"
"subnet_id" = "subnet-06764c7316567eacc"
},
]
"db" = [
{
"az" = "us-east-2a"
"route_table_id" = "rtb-0ef8d1698f424e77b"
"subnet_id" = "subnet-0a7c4b117b2105a69"
},
{
"az" = "us-east-2b"
"route_table_id" = "rtb-01533922e675db6b6"
"subnet_id" = "subnet-074fd7ad2b902bec2"
},
]
"services" = [
{
"az" = "us-east-2a"
"route_table_id" = "rtb-05cbce79950652f38"
"subnet_id" = "subnet-02c63d0c0c2f84bf5"
},
{
"az" = "us-east-2b"
"route_table_id" = "rtb-076348138f550ebab"
"subnet_id" = "subnet-0f6d042c659cc1346"
},
]
}
named_public_route_table_ids_map = {
"backend" = tolist([
"rtb-0046629cc751e775d",
"rtb-0046629cc751e775d",
])
"db" = tolist([
"rtb-0046629cc751e775d",
"rtb-0046629cc751e775d",
])
"services" = tolist([
"rtb-0046629cc751e775d",
"rtb-0046629cc751e775d",
])
}
named_public_subnets_map = {
"backend" = tolist([
"subnet-03e27e41e0b818080",
"subnet-00155e6b64925ba51",
])
"db" = tolist([
"subnet-04e5d57b1e2035c7c",
"subnet-0a326693cfee8e68d",
])
"services" = tolist([
"subnet-05647fc1f31a30896",
"subnet-01cc440339718014e",
])
}
named_public_subnets_stats_map = {
"backend" = [
{
"az" = "us-east-2a"
"route_table_id" = "rtb-0046629cc751e775d"
"subnet_id" = "subnet-03e27e41e0b818080"
},
{
"az" = "us-east-2b"
"route_table_id" = "rtb-0046629cc751e775d"
"subnet_id" = "subnet-00155e6b64925ba51"
},
]
"db" = [
{
"az" = "us-east-2a"
"route_table_id" = "rtb-0046629cc751e775d"
"subnet_id" = "subnet-04e5d57b1e2035c7c"
},
{
"az" = "us-east-2b"
"route_table_id" = "rtb-0046629cc751e775d"
"subnet_id" = "subnet-0a326693cfee8e68d"
},
]
"services" = [
{
"az" = "us-east-2a"
"route_table_id" = "rtb-0046629cc751e775d"
"subnet_id" = "subnet-05647fc1f31a30896"
},
{
"az" = "us-east-2b"
"route_table_id" = "rtb-0046629cc751e775d"
"subnet_id" = "subnet-01cc440339718014e"
},
]
}
private_route_table_ids = [
"rtb-05cbce79950652f38",
"rtb-03a545f25ef6ce3f9",
"rtb-0ef8d1698f424e77b",
"rtb-076348138f550ebab",
"rtb-0bd3baf8916948c3f",
"rtb-01533922e675db6b6",
]
private_subnet_cidrs = tolist([
"172.16.0.0/21",
"172.16.8.0/21",
"172.16.16.0/21",
"172.16.24.0/21",
"172.16.32.0/21",
"172.16.40.0/21",
])
public_subnet_cidrs = tolist([
"172.16.72.0/21",
"172.16.80.0/21",
"172.16.88.0/21",
"172.16.96.0/21",
"172.16.104.0/21",
"172.16.112.0/21",
])
Published by cloudpossebot about 2 years ago
🚀 Enhancements
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/utils/aws (source) | module | minor |
1.0.0 -> 1.1.0
|
🤖 Automatic Updates
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/utils/aws (source) | module | minor |
1.0.0 -> 1.1.0
|
Published by cloudpossebot about 2 years ago
🚀 Enhancements
what
- Updates documentation for
ipv4_cidr_block
why
- The current documentation is wrong
additional info
I tried to run make init && make readme to generate the README, however make readme fails with:
❯ make readme
* Package gomplate already installed
* Package terraform-docs already installed
make: gomplate: No such file or directory
make: *** [readme/build] Error 1
on my machine. (MacBook Pro, macOS Monterey 12.4)
Published by cloudpossebot over 2 years ago
🤖 Automatic Updates
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/utils/aws (source) | module | major |
0.8.1 -> 1.0.0
|
Published by cloudpossebot over 2 years ago
🐛 Bug Fixes
what
- Fix configuration of public subnets when private subnets are not created
why
- Bug fix
what
To check if create public subnet when set public_subnets_enabled false
why
Currently, when set set public_subnets_enabled false, module still creates public subnet, according to the logic of creating private subnet, there should be a check if public_subnets_enabled is false, not creating public subnet.
references
Slack thread: https://sweetops.slack.com/archives/CCT1E7JJY/p1652862041154429
Published by cloudpossebot over 2 years ago
Version v2.0.0 has breaking changes, documented here.
The highlights:
- Full support for IPv6
- Addresses nearly all open issues and PRs against version 1
- More inputs made optional, allowing you, among other things, to create subnets without direct access to the public internet
- Additional control over whether or not certain resources are created, allowing you to substitute your own resources (e.g. a combination bastion host and NAT instance instead of the NAT instance this module creates)
- Additional outputs allowing you to connect and configure outside resources to work with this module's resources
- Ability to use a single NAT Gateway to cover all the private subnets (for cost savings in non-critical environments)
- Optional inputs converted to lists due to Terraform limitations.
-
subnet_type_tag_keydeprecated.
Known issues:
- Public subnets are not properly configured when
private_subnets_enabledisfalse - Some outputs have changed from
tupletolist, causing plans to contain confusing output like:
Changes to Outputs:
~ private_subnet_cidrs = [
- "172.16.0.0/19",
- "172.16.32.0/19",
] -> [
+ "172.16.0.0/19",
+ "172.16.32.0/19",
]
See https://github.com/hashicorp/terraform/issues/31102 for details.
Details:
what
- Full support for IPv6
why
- Requested feature
references
- Closes #21
- Resolves #73
- Fixes #120
- Supersedes and closes #139
- Supersedes and closes #147
- Fixes #148
- Supersedes and closes #151
- Supersedes and closes #152
- Fixes #153
- Supersedes and closes #154
notes
- Migration notes are here
Changes from v1.0.0: https://github.com/cloudposse/terraform-aws-dynamic-subnets/compare/1.0.0...2.0.0
Published by Nuru over 2 years ago
This is candidate code for the v2.0.0 release. It has breaking changes, documented here. If you want to use try it out, please do, and add comments to PR #159 if you find problems.
The highlights:
- Full support for IPv6
- Addresses nearly all open issues and PRs
- More inputs made optional.
- Additional control over whether or not certain resources are created.
- Optional inputs converted to lists due to Terraform limitations.
-
subnet_type_tag_keydeprecated.
Changes from v2.0.0-rc4: https://github.com/cloudposse/terraform-aws-dynamic-subnets/compare/2.0.0-rc4...2.0.0-rc5
Published by Nuru over 2 years ago
This is candidate code for the v2.0.0 release. It has breaking changes, documented here. If you want to use try it out, please do, and add comments to PR #159 if you find problems.
The highlights:
- Full support for IPv6
- Addresses nearly all open issues and PRs
- More inputs made optional.
- Additional control over whether or not certain resources are created.
- Optional inputs converted to lists due to Terraform limitations.
-
subnet_type_tag_keydeprecated.
Published by Nuru over 2 years ago
This is candidate code for the v2.0.0 release. It has breaking changes, documented here. If you want to use try it out, please do, and add comments to PR #159 if you find problems.
The highlights:
- Full support for IPv6
- More inputs made optional.
- Additional control over whether or not certain resources are created.
- Optional inputs converted to lists due to Terraform limitations.
-
subnet_type_tag_keydeprecated.
Published by Nuru over 2 years ago
This is candidate code for the v2.0.0 release. It has breaking changes, and is missing the migration documentation on how to upgrade from v1.0. Nevertheless, if you want to use try it out, please do, and add comments to PR #159 if you find problems.
The highlights:
- Full support for IPv6
- More inputs made optional.
- Additional control over whether or not certain resources are created.
- Optional inputs converted to lists due to Terraform limitations.
-
subnet_type_tag_keydeprecated.
Published by cloudpossebot over 2 years ago
Initial release with production Semantic Versioning, part of Cloud Posse's general policy to convert to production versioning as we make updates to relatively mature modules, especially those where we see breaking changes coming in the near future.
- This release is functionally equivalent to v0.40.1
- We anticipate a v2.0.0 release in the very near future with breaking changes in the way we handle network ACLs
- We will also be enhancing IPv6 support
what
- Update testing framework
- Fix and enable incomplete "existing IPs" test
- Update
git.io->cloudposse.tools
why
- Bring up to current standard
- Better test coverage
- EOL for
git.io
Published by cloudpossebot over 2 years ago
🚀 Enhancements
what
Using the current version you get a deprecated warning:
│ Warning: Argument is deprecated
│
│ with module.dynamic-subnets.aws_route.nat_instance,
│ on .terraform/modules/dynamic-subnets/nat-instance.tf line 130, in resource "aws_route" "nat_instance":
│ 130: instance_id = element(aws_instance.nat_instance.*.id, count.index)
│
│ Use network_interface_id instead
I have updated the code to use the recommended network_interface_id, as a result I have also had to point it to primary_network_interface_id.
Published by cloudpossebot over 2 years ago
what
- Module allows user to specify either
standard,unilimited, or the default credit specification for NAT instances - Updates to the credit specification will update the instance in place
why
- Provides more predictable bills
- No longer need to worry about how much bursting could cost
references
Published by cloudpossebot almost 3 years ago
🚀 Enhancements
what
- Bump providers
why
- so consumers don't see errors based on new features used by this module
references
Published by cloudpossebot about 3 years ago
🤖 Automatic Updates
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/utils/aws (source) | module | patch |
0.8.0 -> 0.8.1
|
Release Notes
v0.8.1
🚀 Enhancements
Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- If you want to rebase/retry this PR, check this box.
This PR has been generated by WhiteSource Renovate. View repository job log here.