Increment cidr_block for count based subnets

1,332 views
Skip to first unread message

John Parfitt

unread,
Jul 19, 2017, 12:02:24 PM7/19/17
to Terraform
What I want is 4 DMZ subnets, all in a /24, with the third octet incrementing by 1:

resource "aws_subnet" "dmz" {
    count = 4
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "${var.network_prefix}.0.0/24"
    availability_zone = "${element(var.azs, count.index)}"
    tags {
        Name = "Infrastructure DMZ ${count.index}"
    }
}

This is what i want each to have:

cidr_block = "${var.network_prefix}.0.0/24"
cidr_block = "${var.network_prefix}.1.0/24"
cidr_block = "${var.network_prefix}.2.0/24"
cidr_block = "${var.network_prefix}.3.0/24"


I'm aware of the cidrsubnet function

cidr_block = "${cidrsubnet(10.25.0.0/16, 8, 1)}"

John Parfitt

unread,
Jul 19, 2017, 12:09:23 PM7/19/17
to Terraform
Additionally i want to have another 4 subnets that just continue incrementing by 1

resource "aws_subnet" "infrastructure" {
    count = 4
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "${var.network_prefix}.4.0/24"
    cidr_block = "${var.network_prefix}.5.0/24"
    cidr_block = "${var.network_prefix}.6.0/24"
    cidr_block = "${var.network_prefix}.7.0/24"
    availability_zone = "${element(var.azs, count.index)}"
    tags {
        Name = "Infrastructure Internal ${count.index}"
Message has been deleted

John Parfitt

unread,
Jul 19, 2017, 12:44:54 PM7/19/17
to Terraform
This would be easy if i could just tell "count.index" to start counting from a certain number.

Rob Coward

unread,
Jul 19, 2017, 12:56:54 PM7/19/17
to Terraform
Can you not do:

resource "aws_subnet" "dmz" {
    count = 4
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "${var.network_prefix}.${count.index}.0/24"
    availability_zone = "${element(var.azs, count.index)}"
    tags {
        Name = "Infrastructure DMZ ${count.index}"
    }
}
resource "aws_subnet" "infrastructure" {
    count = 4
    vpc_id = "${aws_vpc.main.id}"
    cidr_block = "${var.network_prefix}.${count.index + 4}.0/24"

Andrew Hodgson

unread,
Jul 19, 2017, 6:02:41 PM7/19/17
to terrafo...@googlegroups.com

Hi,

 

Why can you not use the cidrsubnet function?

 

It would help if we know the address space for the VPC and what you want in terms of subnets.

 

Andrew.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/8c94aba4-b717-4bb4-8f73-f5d2d0934e30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

John Parfitt

unread,
Jul 20, 2017, 12:10:30 PM7/20/17
to Terraform
i got the cidrsubnet function to work, as well as Andrew's suggestion. however i'm having trouble getting it to work with a /22, starting from a specific number (12), in the third octet.

i now want to create 8 subnets:


If i use either of these, i get the same result:

cidr_block = "${cidrsubnet("10.25.0.0/16", 6, count.index)}"    <<<<<    i'd rather use this, since 10.25.0.0/16 is stored as "var.base_network"
cidr_block = "${cidrsubnet("10.25.12.0/16", 6, count.index)}"

they both start at 10.25.0.0/22, which overlaps with an existing one. how can i make it start at 10.25.12.0/22?

Andrew Hodgson

unread,
Jul 20, 2017, 12:45:23 PM7/20/17
to terrafo...@googlegroups.com
Hi,

Are these all in the same VPC, and are they all going to be the same (i.e, private, dmz, database etc)?

I use cidr_block = "${cidrsubnet(aws_vpc.main.cidr_block, 3, count.index + x)}"

Where x is the netnum I want following the existing subnets.

So for example I create the public subnets at the beginning of the block, so use:

cidr_block = "${cidrsubnet(aws_vpc.main.cidr_block, 3, count.index)}"

My code creates 3 public subnets, so I want the private subnets to come after that, so use something like this:

cidr_block = "${cidrsubnet(aws_vpc.main.cidr_block, 3, count.index + 3)}"

I have 3 private subnets, and I want to create the DB subnets after those, so use this:

cidr_block = "${cidrsubnet(aws_vpc.main.cidr_block, 3, count.index + 6)}"

Hope this helps.
Andrew.

________________________________________
From: terrafo...@googlegroups.com [terrafo...@googlegroups.com] on behalf of John Parfitt [john.p...@gmail.com]
Sent: 20 July 2017 17:10
To: Terraform
Subject: Re: [terraform] Increment cidr_block for count based subnets
vpc_id = "${aws_vpc.main.id<http://aws_vpc.main.id>}"
cidr_block = "${var.network_prefix}.0.0/24"
availability_zone = "${element(var.azs, count.index)}"
tags {
Name = "Infrastructure DMZ ${count.index}"
}
}

This is what i want each to have:

cidr_block = "${var.network_prefix}.0.0/24"
cidr_block = "${var.network_prefix}.1.0/24"
cidr_block = "${var.network_prefix}.2.0/24"
cidr_block = "${var.network_prefix}.3.0/24"


I'm aware of the cidrsubnet function

cidr_block = "${cidrsubnet(10.25.0.0/16<http://10.25.0.0/16>, 8, 1)}"
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/8c94aba4-b717-4bb4-8f73-f5d2d0934e30%40googlegroups.com<https://groups.google.com/d/msgid/terraform-tool/8c94aba4-b717-4bb4-8f73-f5d2d0934e30%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com<mailto:terraform-too...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/54baf266-d632-4a2f-bdfa-1c2c2e9e8506%40googlegroups.com<https://groups.google.com/d/msgid/terraform-tool/54baf266-d632-4a2f-bdfa-1c2c2e9e8506%40googlegroups.com?utm_medium=email&utm_source=footer>.

David Adams

unread,
Jul 20, 2017, 12:56:58 PM7/20/17
to terrafo...@googlegroups.com
I think you'll want to do `count.index + 3` to start with the fourth /22. You are getting the same result using either 10.25.0.0/16 or 10.25.12.0/16 because they are equivalent cidrs (the extra bits past the first 16 are ignored... so any IP from 10.25.0.0/16 to 10.25.255.255/16 would be equivalent to 10.25.0.0/16).

To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/54baf266-d632-4a2f-bdfa-1c2c2e9e8506%40googlegroups.com.

John

unread,
Jul 20, 2017, 1:08:34 PM7/20/17
to Terraform
yes - same VPC.

and yes, i'm doing exactly what you are for the /24 subnets. however, the "count.index + n" only works with /8, /16, and /24, since it increments the subnet by 1. 

i have this, which is good:

cidr_block = "${cidrsubnet(10.25.0.0/16, 8, count.index)}"
cidr_block = "${cidrsubnet(10.25.0.0/16, 8, count.index + 4)}"
cidr_block = "${cidrsubnet(10.25.0.0/16, 8, count.index + 8)}"

all of that ends at 10.25.11.0/24, and from there I want to create some /22 subnets starting at 10.25.12.0/24 (if it started at 10.25.{0-11}.0/22, it would overlap with the /24 subnets.)

the below works for starting it at 12, but it will increment by 1, which isn't compatible with a /22 subnet:

cidr_block = " ${var.network_prefix}.${count.index + 12}.0/24

and this, it will properly increment the subnet by 4, but it starts at 10.245.0.0/22, which overlaps:

cidr_block = "${cidrsubnet(10.25.0.0/16, 6, count.index)}"

for the cidrsubnet i was hoping to be able to make the base_network = 10.25.12.0/16, but it seems to do the same thing as above.

each method does 1 of the 2 things i need it to do.

hope that makes sense..


To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com<mailto:terraform-tool+unsubscribe@googlegroups.com>.

Andrew Hodgson

unread,
Jul 20, 2017, 5:27:59 PM7/20/17
to terrafo...@googlegroups.com

Hi,

 

Try this:

 

# First set of 3 /24 subnets

cidr_block = "${cidrsubnet(10.25.0.0/16, 8, count.index)}" # 10.25.0.0/24, 10.25.1.0/24, 10.25.2.0/24 and 10.25.3.0/24

 

# Second set of 3 /24 subnets

cidr_block = "${cidrsubnet(10.25.0.0/16, 8, count.index + 4)}" # 10.25.4.0/24, 10.25.5.0/24, 10.25.6.0/24 and 10.25.7.0/24

 

# Third set of 3 /24 subnets

cidr_block = "${cidrsubnet(10.25.0.0/16, 8, count.index + 8)}" # 10.25.8.0/24, 10.25.9.0/24, 10.25.10.0/24 and 10.25.11.0/24

 

# First set of /22 subnets after the /24 subnets

cidr_block = "${cidrsubnet(10.25.0.0/16, 6, count.index + 3)}" # 10.25.12.0/22, 10.25.16.0/22, 10.25.19.0/22 and 10.25.23.0/22

 

The netnum parameter is the number of the subnet in the given range (i.e, the bits you are specifying in the second parameter).

 

So, for example, if you wanted to put some more /24 subnets after 10.25.23.255 starting from 10.25.24.0, you would use something like this:

 

cidr_block = "${cidrsubnet(10.25.0.0/16, 24, count.index)}”

 

It’s a bit late so may have missed something, hope this gives you a pointer however.

 

On another note I wanted at some point to modify the tf_aws_vpc community module to use this function to work out subnets, however not sure if this would be easy work.

To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com<mailto:terraform-too...@googlegroups.com>.

--

This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.

Reply all
Reply to author
Forward
0 new messages