Reputation: 783
AWS VPC CIDR Subnets in Terraform giving error
I have a CIDR block 172.30.0.0/21 and have created 2 private subnets and 2 public subnets for it. They are up and running in the AWS console!
These are the subnets:
# List of private subnets to create in the environment, e.g. ["172.18.0.0/21", "172.18.8.0/21"]
variable "private_subnets-west-2" {
type = list(string)
default = ["172.30.0.0/23", "172.30.6.0/23"]
}
# List of public subnets to create in the environment, e.g. ["172.18.168.0/22", "172.18.172.0/22"]
variable "public_subnets-west-2" {
type = list(string)
default = ["172.30.4.0/23", "172.30.2.0/23"]
}
My private subnets seem fine with the terraform plan. However, my public subnet dont seem to run in apply and are giving me errors.
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
Terraform will perform the following actions:
# module.rds_replica.aws_db_subnet_group.db_subnet_group[0] will be updated in-place
~ resource "aws_db_subnet_group" "db_subnet_group" {
arn = "arn:aws:rds:us-west-2"
description = "Database subnet group for app-replica"
id = "app-replica-"
name = "app-replica-"
name_prefix = "app-replica-"
~ subnet_ids = [
- "subnet-048e730",
- "subnet-0be733e",
] -> (known after apply)
}
# module.vpc-us-west-2.aws_nat_gateway.this[0] will be created
+ resource "aws_nat_gateway" "this" {
+ allocation_id = "eipalloc-0c"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc-us-west-2.aws_nat_gateway.this[1] will be created
+ resource "aws_nat_gateway" "this" {
+ allocation_id = "eipalloc-0a"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc-us-west-2.aws_route.private_nat_gateway[0] will be updated in-place
~ resource "aws_route" "private_nat_gateway" {
destination_cidr_block = "0.0.0.0/0"
id = "r-rtb-09"
~ nat_gateway_id = "nat-00" -> (known after apply)
origin = "CreateRoute"
route_table_id = "rtb-09"
state = "blackhole"
timeouts {
create = "5m"
}
}
# module.vpc-us-west-2.aws_route.private_nat_gateway[1] will be updated in-place
~ resource "aws_route" "private_nat_gateway" {
destination_cidr_block = "0.0.0.0/0"
id = "r-rtb-0c"
~ nat_gateway_id = "nat-0d" -> (known after apply)
origin = "CreateRoute"
route_table_id = "rtb-0c"
state = "blackhole"
timeouts {
create = "5m"
}
}
# module.vpc-us-west-2.aws_route_table_association.public[0] will be created
+ resource "aws_route_table_association" "public" {
+ id = (known after apply)
+ route_table_id = "rtb-0"
+ subnet_id = (known after apply)
}
# module.vpc-us-west-2.aws_route_table_association.public[1] will be created
+ resource "aws_route_table_association" "public" {
+ id = (known after apply)
+ route_table_id = "rtb-09"
+ subnet_id = (known after apply)
}
# module.vpc-us-west-2.aws_subnet.public[0] will be created
+ resource "aws_subnet" "public" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-west-2a"
+ availability_zone_id = (known after apply)
+ cidr_block = "172.30.4.0/23"
+ id = (known after apply)
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ vpc_id = "vpc-0d"
}
# module.vpc-us-west-2.aws_subnet.public[0] (deposed object 840b9b87) will be destroyed
- resource "aws_subnet" "public" {
- arn = "arn:aws:ec2:us-west-2:4" -> null
- assign_ipv6_address_on_creation = false -> null
- availability_zone = "us-west-2a" -> null
- availability_zone_id = "usw2-az2" -> null
- cidr_block = "172.30.4.0/23" -> null
- id = "subnet-0b" -> null
- map_public_ip_on_launch = true -> null
- owner_id = "463" -> null
- vpc_id = "vpc-0d" -> null
}
# module.vpc-us-west-2.aws_subnet.public[1] will be created
+ resource "aws_subnet" "public" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-west-2c"
+ availability_zone_id = (known after apply)
+ cidr_block = "172.30.2.0/23"
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ vpc_id = "vpc-0d2"
}
Plan: 6 to add 3 to change, 1 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
module.vpc-us-west-2.aws_subnet.public[0]: Creating...
module.vpc-us-west-2.aws_subnet.public[1]: Creating...
Error: Error creating subnet: InvalidSubnet.Conflict: The CIDR '172.30.2.0/23' conflicts with another subnet
status code: 400, request id:
on .terraform/modules/vpc-us-west-2/main.tf line 335, in resource "aws_subnet" "public":
335: resource "aws_subnet" "public" {
Error: Error creating subnet: InvalidSubnet.Conflict: The CIDR '172.30.4.0/23' conflicts with another subnet
status code: 400, request id:
on .terraform/modules/vpc-us-west-2/main.tf line 335, in resource "aws_subnet" "public":
335: resource "aws_subnet" "public" {
When my subnets in AWS are working.. why are they not coming up in plan as no changes?
It says that it will create the "172.30.4.0/23" and destroy the previous one? Why? If there is already that subnet made, why is it creating and then destroying already one?
The second subnet is also already made in my account, so instead of picking it up in the plan, why is it creating it?
I am not sure how to fix these errors...
UPDATE:
I imported my second subnet 172.30.2.0/23 using terraform import. The import was successful. However, now when I run plan... it is doing the same which it was doing for the subnet 172.30.4.0/23
- This has been added in the plan now:
# module.vpc-us-west-2.aws_subnet.public will be destroyed
- resource "aws_subnet" "public" {
- arn = "arn:aws:ec2:us-west-2:46***" -> null
- assign_ipv6_address_on_creation = false -> null
- availability_zone = "us-west-2c" -> null
- availability_zone_id = "usw2-az3" -> null
- cidr_block = "172.30.2.0/23" -> null
- id = "subnet-0186d**" -> null
- map_public_ip_on_launch = false -> null
- owner_id = "46**" -> null
} -> null
- vpc_id = "vpc-0d2f6cb2feaf3c95e" -> null
- timeouts {}
}
- so again it is saying it will destroy the one already made in aws console and then create a new one?!
Upvotes: 1
Views: 978
Answers (1)
Reputation: 24271
Multiple issues here.
It says that it will create the "172.30.4.0/23" and destroy the previous one?
For some objects there's no such a operation in AWS like "update" and even in the AWS Console you need to delete and create new. I am not sure why that would be the case for your subnet though.
The second subnet is also already made in my account, so instead of picking it up in the plan, why is it creating it?
If the second subnet has been created outside of Terraform, you need to explicitly tell Terraform to use the existing resource.
In Terraform the operation is called import, e.g.
$ terraform import aws_subnet.public subnet-9d4a7b6c
Upvotes: 1
Related Questions
- Import terraform AWS VPC subnet having CIDR in resource name
- Choosing CIDR blocks
- Invalid subnet range for aws subnet using Terraform
- How to create valid CIDR block values for subnets in Terraform
- no matching subnet found for vpc with id vpc
- Terraform fix no matching subnet found for vpc with id vpc
- Terraform throwing invalid subnet range error
- Configure subnets using terraform cidrsubnet
- Terraform Error: Incorrect attribute value type for subnet_ids vpc modules
- Terraform AWS subnet_id list is treated as single value string for ec2 instance