使用 terraform 在每个可用区创建多个子网
creating multiple subnets per availability zone using terraform
我是 Terraform 的新手。我想使用 terraform 在 AWS 的特定区域中为每个可用区创建单个 public 子网和三个私有子网。通过参考以下 link https://medium.com/@maneetkum/create-subnet-per-availability-zone-in-aws-through-terraform-ea81d1ec1883,我可以为每个可用区创建一个私有和 public 子网。但是,我需要将创建的一个私有子集拆分为另一个 2 个。在 terraform 中这可能吗?
data "aws_availability_zones" "available" {}resource "aws_vpc" "myVpc" {
cidr_block = "10.20.0.0/16"
enable_dns_hostnames = true
tags {
Name = "myVpc"
}
}
resource "aws_subnet" "public_subnet" {
count = "${length(data.aws_availability_zones.available.names)}"
vpc_id = "${aws_vpc.myVpc.id}"
cidr_block = "10.20.${10+count.index}.0/24"
availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
map_public_ip_on_launch = true
tags {
Name = "PublicSubnet"
}
}
resource "aws_subnet" "private_subnet" {
count = "${length(data.aws_availability_zones.available.names)}"
vpc_id = "${aws_vpc.myVpc.id}"
cidr_block = "10.20.${20+count.index}.0/24"
availability_zone= "${data.aws_availability_zones.available.names[count.index]}"
map_public_ip_on_launch = false
tags {
Name = "PrivateSubnet"
}
}
以上代码用于为每个可用区创建一个私有 public 子网。
您可以简单地复制 private_subnet 资源元素以在每个 AZ 中创建两个新子网:
...
resource "aws_subnet" "private_subnet" {
count = "${length(data.aws_availability_zones.available.names)}"
vpc_id = "${aws_vpc.myVpc.id}"
cidr_block = "10.20.${20+count.index}.0/24"
availability_zone= "${data.aws_availability_zones.available.names[count.index]}"
map_public_ip_on_launch = false
tags {
Name = "PrivateSubnet"
}
}
resource "aws_subnet" "private_subnet_2" {
count = "${length(data.aws_availability_zones.available.names)}"
vpc_id = "${aws_vpc.myVpc.id}"
cidr_block = "10.30.${20+count.index}.0/24"
availability_zone= "${data.aws_availability_zones.available.names[count.index]}"
map_public_ip_on_launch = false
tags {
Name = "PrivateSubnet2"
}
}
您将需要修改每个子网的 CIDR 块,以确保它们不会相互重叠。
可以创建多个子网,并自动将它们放入可用区,而无需重复代码。让我们保留 DRY. To avoid duplicating the code, use the magic of Terraform meta-arguments and built-in functions. Specifically, use "count" and "cidrsubnet". The "count",将根据需要生成任意数量的子网副本。
如果您想为每个子网提供唯一的值,例如子网的标签 名称,您可以通过创建数据字典为每个子网提供一个唯一且便于记忆的名称使用要分配给每个子网的名称。然后在创建子网时分配它们,方法是在名称中也使用“count.index". IF that is too much work, you could also just embed the count.index。
不同地区有不同数量的可用区。为确保您将子网分配给实际存在的可用区,您应该动态生成 list of the Availability Zones。这样,您就知道列表中的所有可用区实际上在您工作的区域中可用。
如果您的子网多于该区域的可用区,会发生什么情况?使用列表的 modulo arithmetic to wrap your working index. Rather than using the index.count directly, do a modulo on the index.count, using the length。这将环绕索引,因此您的工作索引永远不会溢出可用区列表的长度。
但是,真正的魔法是“cidrsubnet”命令。下面的示例将采用传递的基本 CIDR 块的大小(恰好是 /16),添加第二个参数 (4),并生成一个 /20 CIDR 块。第三个参数通过可用的 CIDR 块进行索引,从而确保每个子网获得不同的子 CIDR 块。
注意:相关的cidrsubnets命令有很大的不同。所以,要小心,不要混淆这两个功能。
resource "aws_subnet" "area_subnets" {
count = 4 # creates four subnets
vpc_id = var.area_vpc_id
map_public_ip_on_launch = var.map_public_ip_on_launch
cidr_block = cidrsubnet(var.area_subnet_cidr, 4, count.index)
availability_zone_id = data.aws_availability_zones.available.zone_ids[count.index % length(data.aws_availability_zones.available.zone_ids)]
tags = tomap({ "Name" = "${var.subnet_names[count.index]}" })
}
variable "subnet_names" {
type = list(string)
default = [
"Primary NAT Gateway Subnet",
"Secondary NAT Gateway Subnet",
"Channel A Subnet",
"Channel B Subnet"
]
}
variable "map_public_ip_on_launch" {
type = bool
default = true
}
variable "area_vpc_id"
documentation = "The Terraform ID of the containing VPC"
type = string
default = "vpc-abcdefghijklmno"
}
variable "area_subnet_cidr"
documentation = "The base CIDR that you are working with"
type = string
default = "10.0.0.0/16"
}
data "aws_availability_zones" "available" {
state = "available"
filter { # Only fetch Availability Zones (no Local Zones)
name = "opt-in-status"
values = ["opt-in-not-required"]
}
}
我是 Terraform 的新手。我想使用 terraform 在 AWS 的特定区域中为每个可用区创建单个 public 子网和三个私有子网。通过参考以下 link https://medium.com/@maneetkum/create-subnet-per-availability-zone-in-aws-through-terraform-ea81d1ec1883,我可以为每个可用区创建一个私有和 public 子网。但是,我需要将创建的一个私有子集拆分为另一个 2 个。在 terraform 中这可能吗?
data "aws_availability_zones" "available" {}resource "aws_vpc" "myVpc" {
cidr_block = "10.20.0.0/16"
enable_dns_hostnames = true
tags {
Name = "myVpc"
}
}
resource "aws_subnet" "public_subnet" {
count = "${length(data.aws_availability_zones.available.names)}"
vpc_id = "${aws_vpc.myVpc.id}"
cidr_block = "10.20.${10+count.index}.0/24"
availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
map_public_ip_on_launch = true
tags {
Name = "PublicSubnet"
}
}
resource "aws_subnet" "private_subnet" {
count = "${length(data.aws_availability_zones.available.names)}"
vpc_id = "${aws_vpc.myVpc.id}"
cidr_block = "10.20.${20+count.index}.0/24"
availability_zone= "${data.aws_availability_zones.available.names[count.index]}"
map_public_ip_on_launch = false
tags {
Name = "PrivateSubnet"
}
}
以上代码用于为每个可用区创建一个私有 public 子网。
您可以简单地复制 private_subnet 资源元素以在每个 AZ 中创建两个新子网:
...
resource "aws_subnet" "private_subnet" {
count = "${length(data.aws_availability_zones.available.names)}"
vpc_id = "${aws_vpc.myVpc.id}"
cidr_block = "10.20.${20+count.index}.0/24"
availability_zone= "${data.aws_availability_zones.available.names[count.index]}"
map_public_ip_on_launch = false
tags {
Name = "PrivateSubnet"
}
}
resource "aws_subnet" "private_subnet_2" {
count = "${length(data.aws_availability_zones.available.names)}"
vpc_id = "${aws_vpc.myVpc.id}"
cidr_block = "10.30.${20+count.index}.0/24"
availability_zone= "${data.aws_availability_zones.available.names[count.index]}"
map_public_ip_on_launch = false
tags {
Name = "PrivateSubnet2"
}
}
您将需要修改每个子网的 CIDR 块,以确保它们不会相互重叠。
可以创建多个子网,并自动将它们放入可用区,而无需重复代码。让我们保留 DRY. To avoid duplicating the code, use the magic of Terraform meta-arguments and built-in functions. Specifically, use "count" and "cidrsubnet". The "count",将根据需要生成任意数量的子网副本。
如果您想为每个子网提供唯一的值,例如子网的标签 名称,您可以通过创建数据字典为每个子网提供一个唯一且便于记忆的名称使用要分配给每个子网的名称。然后在创建子网时分配它们,方法是在名称中也使用“count.index". IF that is too much work, you could also just embed the count.index。
不同地区有不同数量的可用区。为确保您将子网分配给实际存在的可用区,您应该动态生成 list of the Availability Zones。这样,您就知道列表中的所有可用区实际上在您工作的区域中可用。
如果您的子网多于该区域的可用区,会发生什么情况?使用列表的 modulo arithmetic to wrap your working index. Rather than using the index.count directly, do a modulo on the index.count, using the length。这将环绕索引,因此您的工作索引永远不会溢出可用区列表的长度。
但是,真正的魔法是“cidrsubnet”命令。下面的示例将采用传递的基本 CIDR 块的大小(恰好是 /16),添加第二个参数 (4),并生成一个 /20 CIDR 块。第三个参数通过可用的 CIDR 块进行索引,从而确保每个子网获得不同的子 CIDR 块。
注意:相关的cidrsubnets命令有很大的不同。所以,要小心,不要混淆这两个功能。
resource "aws_subnet" "area_subnets" {
count = 4 # creates four subnets
vpc_id = var.area_vpc_id
map_public_ip_on_launch = var.map_public_ip_on_launch
cidr_block = cidrsubnet(var.area_subnet_cidr, 4, count.index)
availability_zone_id = data.aws_availability_zones.available.zone_ids[count.index % length(data.aws_availability_zones.available.zone_ids)]
tags = tomap({ "Name" = "${var.subnet_names[count.index]}" })
}
variable "subnet_names" {
type = list(string)
default = [
"Primary NAT Gateway Subnet",
"Secondary NAT Gateway Subnet",
"Channel A Subnet",
"Channel B Subnet"
]
}
variable "map_public_ip_on_launch" {
type = bool
default = true
}
variable "area_vpc_id"
documentation = "The Terraform ID of the containing VPC"
type = string
default = "vpc-abcdefghijklmno"
}
variable "area_subnet_cidr"
documentation = "The base CIDR that you are working with"
type = string
default = "10.0.0.0/16"
}
data "aws_availability_zones" "available" {
state = "available"
filter { # Only fetch Availability Zones (no Local Zones)
name = "opt-in-status"
values = ["opt-in-not-required"]
}
}