I deployed a VPC using a For loop in terraform
#All VPCs being deployed
resource "aws_vpc" "All_VPCs" {
for_each = var.All_VPCs
cidr_block = each.value.ip
instance_tenancy = each.value.instance_tenancy
tags = {
Name = each.key
}
}
This For loop referenced my Variable.tf file
#VPC CIDRs
variable "All_VPCs" {
type = map(any)
default = {
Dev_VPC = {
ip = "10.0.3.0/24"
instance_tenancy = "default"
}
Transit_VPC = {
ip = "10.0.4.0/23"
instance_tenancy = "default"
description = "Transit_VPC"
}
}
}
I tried to call it inside an Internet gateway resource, but it failed.
#Transit Internet Gateway
resource "aws_internet_gateway" "Transit_Internet_Gateway" {
vpc_id = var.All_VPCs.Transit_VPC
tags = {
Name = "Transit VPC Internet_Gateway"
}
}
Here is the error message
vpc_id = var.All_VPCs.Transit_VPC
│ ├
│ │ var.All_VPCs.Transit_VPC is map of string with 3 elements
│
│ Inappropriate value for attribute "vpc_id": string required.
It makes me wonder. Do I need to specify an ID when calling a Variable?
Or do I need to call the VPC resource in some way inside the Internet gateway resource, instead of calling its variable?
Okay, I just realized I simply had to refer to the VPC resource, but also a string of the Tier one value. This value is "Transit_VPC." I must also reference the VPCs ID, as this is a Resource and not a Variable.
#Transit Internet Gateway
resource "aws_internet_gateway" "Transit_Internet_Gateway" {
vpc_id = aws_vpc.All_VPCs["Transit_VPC"].id
tags = {
Name = "Transit VPC Internet_Gateway"
}
}
Related
I am trying to map my ENI to my subnet and its throwing an error.
Because there is a for_each loop on the subnet the ENI pointing to it must also have a looped key/value added to it hence the problem
main.tf
# VPC
resource "aws_vpc" "main" {
cidr_block = local.json.vpc.cidr
tags = {
Name = "vpc"
}
}
# Subnet
resource "aws_subnet" "public" {
for_each = local.api
vpc_id = aws_vpc.main.id
cidr_block = each.value.subnet_cidr
availability_zone = each.value.subnet_az
}
# ENI
resource "aws_network_interface" "eni" {
for_each = local.api
subnet_id = aws_subnet.public[each.key].id
private_ips = ["172.16.10.100"] # Might need to add another IP
tags = {
Name = "primary_network_interface"
}
}
my locals look like this
locals {
json = jsondecode(file("API.json"))
api = merge([
for vpc in local.json : {
for subnet in vpc.subnets :
"${vpc.name}-${subnet.name}" => {
vpc_name = vpc.name
vpc_cidr = vpc.cidr
subnet_name = subnet.name
subnet_cidr = subnet.cidr
subnet_az = subnet.az
}
}
]...)
}
their output (local.api) from terraform console
{
"vpc-subnet-one" = {
"subnet_az" = "eu-central-1a"
"subnet_cidr" = "192.168.1.0/24"
"subnet_name" = "subnet-one"
"vpc_cidr" = "192.168.0.0/16"
"vpc_name" = "vpc"
}
"vpc-subnet-two" = {
"subnet_az" = "eu-central-1b"
"subnet_cidr" = "192.168.4.0/24"
"subnet_name" = "subnet-two"
"vpc_cidr" = "192.168.0.0/16"
"vpc_name" = "vpc"
}
}
error message
status code: 400, request id: 64e031e5-11ea-4f6d-a03c-9a36a1ff56af
with aws_network_interface.eni["vpc-subnet-one"],
on main.tf line 20, in resource "aws_network_interface" "eni":
20: resource "aws_network_interface" "eni" {
Error: creating EC2 Network Interface: InvalidParameterValue: Address does not fall within the subnet's address range
status code: 400, request id: 7842f089-08b4-4042-b928-7830a37ffe28
with aws_network_interface.eni["vpc-subnet-two"],
on main.tf line 20, in resource "aws_network_interface" "eni":
20: resource "aws_network_interface" "eni" {
I've followed this documenation and validated everything else is correct. I still can't seem to figure out what value should be set on subnet_id
Bonus cheeky points - I am trying to configure 2 EC2's, Should i give our eni a secondary private_ips?
The error means that your IP 172.16.10.100 is invalid for your subnet CIDR range 192.168.1.0/24 and 192.168.4.0/24. Obviously this is correct because your IP should be in the correct range. For example:
private_ips = ["192.168.1.100"] # for the first subnet
private_ips = ["192.168.4.100"] # for the second subnet
I want to create elastic beanstalk with tf. Here is the main.tf
resource "aws_elastic_beanstalk_application" "elasticapp" {
name = var.elasticapp
}
resource "aws_elastic_beanstalk_environment" "beanstalkappenv" {
name = var.beanstalkappenv
application = aws_elastic_beanstalk_application.elasticapp.name
solution_stack_name = var.solution_stack_name
tier = var.tier
setting {
namespace = "aws:ec2:vpc"
name = "VPCId"
value = var.vpc_id
}
setting {
namespace = "aws:ec2:vpc"
name = "Subnets"
value = var.public_subnets
}
setting {
namespace = "aws:elasticbeanstalk:environment:process:default"
name = "MatcherHTTPCode"
value = "200"
}
setting {
namespace = "aws:elasticbeanstalk:environment"
name = "LoadBalancerType"
value = "application"
}
setting {
namespace = "aws:autoscaling:launchconfiguration"
name = "InstanceType"
value = "t2.micro"
}
setting {
namespace = "aws:ec2:vpc"
name = "ELBScheme"
value = "internet facing"
}
setting {
namespace = "aws:autoscaling:asg"
name = "MinSize"
value = 1
}
setting {
namespace = "aws:autoscaling:asg"
name = "MaxSize"
value = 2
}
setting {
namespace = "aws:elasticbeanstalk:healthreporting:system"
name = "SystemType"
value = "enhanced"
}
}
I have variables defined in vars.tf.
This is the provider.tf
provider "aws" {
region = "eu-west-3"
}
When I try to apply I get the following message
Error: ConfigurationValidationException: Configuration validation exception: Invalid option value: 'subnet-xxxxxxxxxxxxxxx' (Namespace: 'aws:ec2:vpc', OptionName: 'ELBSubnets'): The subnet 'subnet-xxxxxxxxxxxxxxx' does not exist.
│ status code: 400, request id: be485042-a653-496b-8510-b310d5796eef
│
│ with aws_elastic_beanstalk_environment.beanstalkappenv,
│ on main.tf line 9, in resource "aws_elastic_beanstalk_environment" "beanstalkappenv":
│ 9: resource "aws_elastic_beanstalk_environment" "beanstalkappenv" {
I created the subnet inside the vpc that I provided in main.tf.
EDIT: I have only one subnet.
EDIT: adding vars.tf
variable "elasticapp" {
default = "pos-eb"
}
variable "beanstalkappenv" {
type = string
default = "pos-eb-env"
}
variable "solution_stack_name" {
type = string
default = "64bit Amazon Linux 2 v3.2.0 running Python 3.8"
}
variable "tier" {
type = string
default = "WebServer"
}
variable "vpc_id" {
default = "vpc-xxxxxxxxxxx"
}
variable "public_subnets" {
type = string
default = "subnet-xxxxxxxxxxxxxxx"
}
Ok, so first, check if the error message is correct.
As mentioned above, there is a chance you are working in the wrong account/region.
So check if terraform can find that subnet by using a datasource:
data "aws_subnet" "selected" {
id = var.public_subnets # based on your code above, this is a single subnet_id
}
output "subnet_detail" {
value = data.aws_subnet.selected
}
If the above code fails, that means terraform is not able to use/find that subnet.
So, if the subnet was created by terraform there is a chance regions/alias/account got mixed on the way to this module.
If it was manually created and you are only using the ID as manually inputted string, than the chances are that you copied the wrong subnet_id, vpc_id or that you are working in the wrong account/region.
If the above return data, and terraform can indeed find that subnet, check if it belongs to the VPC you are using on elastic_beanstalk.
If all the above is correct, than the issue may by in the "aws_elastic_beanstalk_environment" definition.
As you have an ELBScheme but you don't have the rest of the fields related to that ELB it could be throwing an error.
Since ELBSubnets was not provided in the "aws_elastic_beanstalk_environment" definition, it may be trying to use a default subnet from the default vpc.
I'm creating two public subnets that will each contain a nat gateay. My code, attempts to create these nats per subnet, and then allocate the eip to each. However, since my for each starts the code block, it looks like the allocation id became us-east-* instead of the id of the eip.
Variables.tf:
variable "public_subnet_numbers" {
type = map(number)
description = "Map of AZ to a number that should be used for public subnets"
default = {
"us-east-1a" = 1
"us-east-1b" = 2
#"us-east-1c" = 3
}
}
variable "private_subnet_numbers" {
type = map(number)
description = "Map of AZ to a number that should be used for private subnets"
default = {
"us-east-1a" = 4
"us-east-1b" = 5
#"us-east-1c" = 6
}
}
variable "vpc_cidr" {
type = string
description = "The IP range to use for the VPC"
default = "192.168.0.0/16"
}
Main.tf:
resource "aws_eip" "nat" {
count = 2
vpc = true
lifecycle {
# prevent_destroy = true
}
tags = {
Name = "cf-${var.infra_env}-eip"
Project = "cf.io"
Environment = var.infra_env
VPC = aws_vpc.vpc.id
ManagedBy = "terraform"
Role = "private"
}
}
resource "aws_nat_gateway" "ngw" {
for_each = var.private_subnet_numbers
subnet_id = each.value.id #aws_subnet.public[each.key].id
allocation_id = aws_eip.nat[each.key].id
tags = {
Name = "cf-${var.infra_env}-ngw"
Project = "cf.io"
VPC = aws_vpc.vpc.id
Environment = var.infra_env
ManagedBy = "terraform"
Role = "private"
}
}
Error:
Error: Invalid index
│
│ on ../terraform/modules/networking/gateways.tf line 42, in resource "aws_nat_gateway" "ngw":
│ 42: allocation_id = aws_eip.nat[each.key].id
│ ├────────────────
│ │ aws_eip.nat is tuple with 2 elements
│ │ each.key is "us-east-1a"
│
│ The given key does not identify an element in this collection value: a number is required.
╵
╷
│ Error: Invalid index
│
│ on ../terraform/modules/networking/gateways.tf line 42, in resource "aws_nat_gateway" "ngw":
│ 42: allocation_id = aws_eip.nat[each.key].id
│ ├────────────────
│ │ aws_eip.nat is tuple with 2 elements
│ │ each.key is "us-east-1b"
│
│ The given key does not identify an element in this collection value: a number is required.
You're mixing count and for_each. The easiest way to solve this would be to use for_each in your EIP creation as well, which makes sense because you are creating an EIP for each NAT. That would also make your code work better if you decided to add another subnet later, you wouldn't need to go in and change the count from 2 to 3.
Otherwise, you need to use the index function to convert the each value to an index number.
As Mark B mentioned mixing the count and for_each is not recommended. In your current setup using exclusively for_each is the way to go based on the private_subnet_numbers variable.
In your aws_eip.nat resource change count to for_each
resource "aws_eip" "nat" {
for_each = var.private_subnet_numbers
vpc = true
}
Next in your resource aws_nat_gateway.ngw you should refer to subnet ids using each
resource "aws_nat_gateway" "ngw" {
for_each = var.private_subnet_numbers
subnet_id = aws_subnet.public[each.key].id
....
}
And the code as a whole for clarity
resource "aws_vpc" "vpc" {
... vpc configurations ...
}
resource "aws_subnet" "public" {
for_each = var.private_subnet_numbers
vpc_id = aws_vpc.vpc.id
... subnet configurations ...
}
resource "aws_eip" "nat" {
for_each = var.private_subnet_numbers
vpc = true
lifecycle {
# prevent_destroy = true
}
tags = {
Name = "cf-${var.infra_env}-eip"
Project = "cf.io"
Environment = var.infra_env
VPC = aws_vpc.vpc.id
ManagedBy = "terraform"
Role = "private"
}
}
resource "aws_nat_gateway" "ngw" {
for_each = var.private_subnet_numbers
subnet_id = aws_subnet.public[each.key].id
allocation_id = aws_eip.nat[each.key].id
tags = {
Name = "cf-${var.infra_env}-ngw"
Project = "cf.io"
VPC = aws_vpc.vpc.id
Environment = var.infra_env
ManagedBy = "terraform"
Role = "private"
}
}
I am trying to create a aws_route_table_association resource for public subnets. The number of public subnets will be determined at runtime and hence the number of associations to be created.
While doing a terraform plan my code fails. Below is the source code and error i am getting. Anybody able to advise on a way to accomplish this.
// required subnets and their configurations
variable "required_subnets" {
description = "list of subnets required"
default = ["public-1a", "private-1a", "public-1b", "private-1b"]
}
#create public and provate subnets
resource "aws_subnet" "subnets" {
count = length(var.required_subnets)
vpc_id = aws_vpc.my_vpc.id
cidr_block = lookup(var.subnet_conf[var.required_subnets[count.index]], "cidr")
availability_zone = lookup(var.subnet_conf[var.required_subnets[count.index]], "availability_zone")
# enable public ip addresses in public subnet
map_public_ip_on_launch = false
tags = {
Name = var.required_subnets[count.index]
}
}
//fetch reference to public subnets
data "aws_subnets" "public_subnets" {
filter {
name = "vpc-id"
values = [data.aws_vpc.vpc.id]
}
tags = {
Name = "public-*"
}
}
#assosiate public route table with public subnet
resource "aws_route_table_association" "public" {
count = length(data.aws_subnets.public_subnets.ids)
subnet_id = data.aws_subnets.public_subnets.ids[count.index]
route_table_id = aws_route_table.my_public_route_table.id
}
the error is as below:
│ Error: Invalid count argument
│
│ on vpc.tf line 62, in resource "aws_route_table_association" "public":
│ 62: count = length(data.aws_subnets.public_subnets.ids)
│
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how
│ many instances will be created. To work around this, use the -target argument to first apply only the resources that the
│ count depends on.
I
If required_subnets is all you need, then there is no reason for your data.aws_subnets.public_subnets. Also it would be much better to use for_each, not count, as for_each does not depend on the order of items. Thus, you can simply your code as follows:
// required subnets and their configurations
variable "required_subnets" {
description = "list of subnets required"
default = ["public-1a", "private-1a", "public-1b", "private-1b"]
}
#create public and provate subnets
resource "aws_subnet" "subnets" {
for_each = toset(var.required_subnets)
vpc_id = aws_vpc.my_vpc.id
cidr_block = lookup(var.subnet_conf[each.key], "cidr")
availability_zone = lookup(var.subnet_conf[each.key], "availability_zone")
# enable public ip addresses in public subnet
map_public_ip_on_launch = false
tags = {
Name = each.key
}
}
#assosiate public route table with public subnet
resource "aws_route_table_association" "public" {
for_each = {for name, subnet in aws_subnet.subnets: name => subnet if length(regexall("public-", name)) > 0}
subnet_id = each.value.id
route_table_id = aws_route_table.my_public_route_table.id
}
I am trying to create nat gateway from terraform by using AWS as provider but subnet_id in resource aws_nat_gateway always gives me error. I am trying to assign public subnet in subnet_id on resource "aws_nat_gateway" "sample_nat_gateway" from variables.tf file but failing in doing so and need support if someone can assist ?
Below is my vpc.tf file of vpc module
resource "aws_subnet" "public-subnet" {
for_each = var.prefix
availability_zone_id = each.value["az"]
cidr_block = each.value["cidr"]
vpc_id = aws_vpc.sample_vpc.id
tags = {
Name = "${var.name}-${each.value["az"]}"
}
}
resource "aws_nat_gateway" "sample_nat_gateway" {
allocation_id = aws_eip.sample_eip.id
subnet_id = ""
tags = {
Name = "${var.name}-sample-nat-gateway"
Environment = var.environment
}
depends_on = [aws_internet_gateway.sample_igw]
}
variables.tf
variable "prefix" {
type = map
default = {
sub-1 = {
az = "use2-az1"
cidr = "10.0.1.0/16"
}
sub-2 = {
az = "use2-az2"
cidr = "10.0.2.0/24"
}
}
}
Subent's can't be empty You have to provide valid subnet id where the NAT is going to be placed. For example:
resource "aws_nat_gateway" "sample_nat_gateway" {
allocation_id = aws_eip.sample_eip.id
subnet_id = aws_subnet.public-subnet["sub-1"].id
tags = {
Name = "${var.name}-sample-nat-gateway"
Environment = var.environment
}
depends_on = [aws_internet_gateway.sample_igw]
}
where aws_subnet.example is one of the public subnets in your VPC.