Home > Mobile >  Create subnets with tag Name that include the AZ of the subnet using Terraform
Create subnets with tag Name that include the AZ of the subnet using Terraform

Time:10-15

I am creating a VPC using terraform VPC module, and trying to give the subnets names that make sense like: data-vpc-private-subnet-a, the "a" represents the availability zone that the subnet is located in.

but I am not sure how to do that, this is what I have so far:

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = "${local.name}"
  cidr = "10.70.0.0/16"

  azs             = ["${local.region}a", "${local.region}b"]
  az              = ["a", "b"]

  private_subnets = ["10.70.1.0/24", "10.70.2.0/24"]
  public_subnets  = ["10.70.3.0/24", "10.70.4.0/24"]

  manage_default_network_acl = true
  default_network_acl_tags   = { Name = "${local.name}-default-nacl" }

  manage_default_route_table = true
  default_route_table_tags   = { Name = "${local.name}-default-route-table" }

  manage_default_security_group = true
  default_security_group_tags   = { Name = "${local.name}-default-sg" }

  enable_dns_hostnames = true
  enable_dns_support   = true

  map_public_ip_on_launch = false
  enable_nat_gateway      = true
  enable_vpn_gateway      = true
  single_nat_gateway      = false
  one_nat_gateway_per_az  = false
  reuse_nat_ips           = true                    # <= Skip creation of EIPs for the NAT Gateways
  external_nat_ip_ids     = "${aws_eip.nat.*.id}"   # <= IPs specified here as input to the module

  # VPC Flow Logs (Cloudwatch log group and IAM role will be created)
  enable_flow_log                      = true
  create_flow_log_cloudwatch_log_group = true
  create_flow_log_cloudwatch_iam_role  = true
  flow_log_max_aggregation_interval    = 60

  tags =     var.vpc_tags
  private_subnet_tags = { Name = "${local.name}-private-subnet-${az[count.index]}" }
  public_subnet_tags = { Name = "${local.name}-public-subnet-${az[count.index]}" }

}

Any help would be appriciated.

CodePudding user response:

In the public vpc module, subnet tags are defined in the module like this (example for public subnets):

    "Name" = format(
        "${var.name}-${var.public_subnet_suffix}-%s",
        element(var.azs, count.index),
      )

So in the main module you would have to set up:

data "aws_availability_zones" "zones" {}

locals
{
  [...]
  azs = data.aws_availability_zones.zones.names
}

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  [...]

  name = "my-project"
  azs = slice(local.azs, 0, 3)
  
}

and then the name od the subnet is e.g. my-project-private-eu-central-1a.

If you mean to get rid of the region and leave only a, then you would have to download the module, modify lines that define tags (for example main.tf line 394 for private networks) and use this code as a local module source:

  tags = merge(
    {
      "Name" = format(
        "${var.name}-${var.private_subnet_suffix}-%s",
        replace(element(var.azs, count.index), var.region ,""),
      )
    }

The above code removes region from the subnet's name, provided of course that you also push the region variable into the module.

CodePudding user response:

With a great help from @Maciej Rostański answer, I was able to give the subnets their own unique names.

To also won't have to get rid of the tags I wanted to put on all the resources I used each resource default-tag.

So this is what I got at the end:

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = "${local.name}"
  cidr = "10.70.0.0/16"
  azs = slice(local.azs, 0, 3)

  private_subnets = ["10.70.1.0/24", "10.70.2.0/24"]
  public_subnets  = ["10.70.3.0/24", "10.70.4.0/24"]

  manage_default_network_acl = true
  default_network_acl_tags   = var.default_network_acl_tags

  manage_default_route_table = true
  default_route_table_tags   = var.default_route_table_tags

  manage_default_security_group = true
  default_security_group_tags   = var.default_security_group_tags

  enable_dns_hostnames = true
  enable_dns_support   = true

  map_public_ip_on_launch = false
  enable_nat_gateway      = true
  enable_vpn_gateway      = true
  single_nat_gateway      = false
  one_nat_gateway_per_az  = false
  reuse_nat_ips           = true                    # <= Skip creation of EIPs for the NAT Gateways
  external_nat_ip_ids     = "${aws_eip.nat.*.id}"   # <= IPs specified here as input to the module

  # VPC Flow Logs (Cloudwatch log group and IAM role will be created)
  enable_flow_log                      = true
  create_flow_log_cloudwatch_log_group = true
  create_flow_log_cloudwatch_iam_role  = true
  flow_log_max_aggregation_interval    = 60
  # Additional tags
  vpc_tags                   = var.vpc_tags
  nat_eip_tags               = var.nat_eip_tags
  nat_gateway_tags           = var.nat_gateway_tags
  private_acl_tags           = var.private_acl_tags
  igw_tags                   = var.igw_tags
  vpc_flow_log_tags          = var.vpc_flow_log_tags
}

Page link:https//www.codepudding.com/Mobile/576666.html

Prev:Conditional inline_policy in aws_iam_role
Next:Create waf rule if environment is nonprod Terraform
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding