I have a CIDR block 172.30.0.0/21 and have created 2 private subnets and 2 public subnets for it. They are up and running in the AWS console!
These are the subnets:
# List of private subnets to create in the environment, e.g. ["172.18.0.0/21", "172.18.8.0/21"]
variable "private_subnets-west-2" {
type = list(string)
default = ["172.30.0.0/23", "172.30.6.0/23"]
}
# List of public subnets to create in the environment, e.g. ["172.18.168.0/22", "172.18.172.0/22"]
variable "public_subnets-west-2" {
type = list(string)
default = ["172.30.4.0/23", "172.30.2.0/23"]
}
My private subnets seem fine with the terraform plan. However, my public subnet dont seem to run in apply and are giving me errors.
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
Terraform will perform the following actions:
# module.rds_replica.aws_db_subnet_group.db_subnet_group[0] will be updated in-place
~ resource "aws_db_subnet_group" "db_subnet_group" {
arn = "arn:aws:rds:us-west-2"
description = "Database subnet group for app-replica"
id = "app-replica-"
name = "app-replica-"
name_prefix = "app-replica-"
~ subnet_ids = [
- "subnet-048e730",
- "subnet-0be733e",
] -> (known after apply)
}
# module.vpc-us-west-2.aws_nat_gateway.this[0] will be created
+ resource "aws_nat_gateway" "this" {
+ allocation_id = "eipalloc-0c"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc-us-west-2.aws_nat_gateway.this[1] will be created
+ resource "aws_nat_gateway" "this" {
+ allocation_id = "eipalloc-0a"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc-us-west-2.aws_route.private_nat_gateway[0] will be updated in-place
~ resource "aws_route" "private_nat_gateway" {
destination_cidr_block = "0.0.0.0/0"
id = "r-rtb-09"
~ nat_gateway_id = "nat-00" -> (known after apply)
origin = "CreateRoute"
route_table_id = "rtb-09"
state = "blackhole"
timeouts {
create = "5m"
}
}
# module.vpc-us-west-2.aws_route.private_nat_gateway[1] will be updated in-place
~ resource "aws_route" "private_nat_gateway" {
destination_cidr_block = "0.0.0.0/0"
id = "r-rtb-0c"
~ nat_gateway_id = "nat-0d" -> (known after apply)
origin = "CreateRoute"
route_table_id = "rtb-0c"
state = "blackhole"
timeouts {
create = "5m"
}
}
# module.vpc-us-west-2.aws_route_table_association.public[0] will be created
+ resource "aws_route_table_association" "public" {
+ id = (known after apply)
+ route_table_id = "rtb-0"
+ subnet_id = (known after apply)
}
# module.vpc-us-west-2.aws_route_table_association.public[1] will be created
+ resource "aws_route_table_association" "public" {
+ id = (known after apply)
+ route_table_id = "rtb-09"
+ subnet_id = (known after apply)
}
# module.vpc-us-west-2.aws_subnet.public[0] will be created
+ resource "aws_subnet" "public" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-west-2a"
+ availability_zone_id = (known after apply)
+ cidr_block = "172.30.4.0/23"
+ id = (known after apply)
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ vpc_id = "vpc-0d"
}
# module.vpc-us-west-2.aws_subnet.public[0] (deposed object 840b9b87) will be destroyed
- resource "aws_subnet" "public" {
- arn = "arn:aws:ec2:us-west-2:4" -> null
- assign_ipv6_address_on_creation = false -> null
- availability_zone = "us-west-2a" -> null
- availability_zone_id = "usw2-az2" -> null
- cidr_block = "172.30.4.0/23" -> null
- id = "subnet-0b" -> null
- map_public_ip_on_launch = true -> null
- owner_id = "463" -> null
- vpc_id = "vpc-0d" -> null
}
# module.vpc-us-west-2.aws_subnet.public[1] will be created
+ resource "aws_subnet" "public" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-west-2c"
+ availability_zone_id = (known after apply)
+ cidr_block = "172.30.2.0/23"
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ vpc_id = "vpc-0d2"
}
Plan: 6 to add 3 to change, 1 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
module.vpc-us-west-2.aws_subnet.public[0]: Creating...
module.vpc-us-west-2.aws_subnet.public[1]: Creating...
Error: Error creating subnet: InvalidSubnet.Conflict: The CIDR '172.30.2.0/23' conflicts with another subnet
status code: 400, request id:
on .terraform/modules/vpc-us-west-2/main.tf line 335, in resource "aws_subnet" "public":
335: resource "aws_subnet" "public" {
Error: Error creating subnet: InvalidSubnet.Conflict: The CIDR '172.30.4.0/23' conflicts with another subnet
status code: 400, request id:
on .terraform/modules/vpc-us-west-2/main.tf line 335, in resource "aws_subnet" "public":
335: resource "aws_subnet" "public" {
When my subnets in AWS are working.. why are they not coming up in plan as no changes?
It says that it will create the "172.30.4.0/23" and destroy the previous one? Why? If there is already that subnet made, why is it creating and then destroying already one?
The second subnet is also already made in my account, so instead of picking it up in the plan, why is it creating it?
I am not sure how to fix these errors...
UPDATE:
I imported my second subnet 172.30.2.0/23 using terraform import. The import was successful. However, now when I run plan... it is doing the same which it was doing for the subnet 172.30.4.0/23
- This has been added in the plan now:
# module.vpc-us-west-2.aws_subnet.public will be destroyed
- resource "aws_subnet" "public" {
- arn = "arn:aws:ec2:us-west-2:46***" -> null
- assign_ipv6_address_on_creation = false -> null
- availability_zone = "us-west-2c" -> null
- availability_zone_id = "usw2-az3" -> null
- cidr_block = "172.30.2.0/23" -> null
- id = "subnet-0186d**" -> null
- map_public_ip_on_launch = false -> null
- owner_id = "46**" -> null
} -> null
- vpc_id = "vpc-0d2f6cb2feaf3c95e" -> null
- timeouts {}
}
- so again it is saying it will destroy the one already made in aws console and then create a new one?!
