amazon-web-services - 在 Terraform 中循环创建子网

Question

我是 Terraform 的新手。我正在尝试创建一个代码，我可以在其中循环创建子网，但 cidrsubnet 函数无法正常工作，因为我不想更改子网掩码。例如：我想用这些 IP 创建子网：子网 1：10.90.46.0/27，子网 2：10.90.46.32/27 子网 3：10.90.46.64/27 等等，直到子网 8：10.90.46.224/27 谢谢

Answer 1

应用计数，这将乘以资源的数量。

variable "vpc_id" {
  default = "vpc-123"
}

#Here add all your 8 CIDR's to the list in "subnet_cidr" and for each one add one entry in "subnet_azs". You can repeat values in "subnet_azs" but not in subnet_cidr"

variable "subnet_cidr" {
  default = ["10.90.46.0/27", "10.90.46.32/27", "10.90.46.64/27", "10.90.46.224/27"]
}

variable "subnet_azs" {
  default = ["us-east-1a", "us-east-1b", "us-east-1c", "us-east-1c"]
}

resource "aws_subnet" "my_subnets" {
  count             = 8
  vpc_id            = "${var.vpc_id}"
  cidr_block        = "${element(var.subnet_cidr, count.index)}"
  availability_zone = "${element(var.subnet_azs, count.index)}"
}

Answer 2

自动分配一系列 IP 地址范围的一种方法是使用Terraform Registry中的hashicorp/subnets/cidr模块：

module "subnet_addrs" {
  source  = "hashicorp/subnets/cidr"
  version = "1.0.0"

  base_cidr_block = "10.90.46.0/24"
  networks = [
    { name = "us-east-1a", new_bits = 3 },
    { name = "us-east-1b", new_bits = 3 },
    { name = "us-east-1c", new_bits = 3 },
    { name = "us-east-1d", new_bits = 3 },
    { name = "us-east-1e", new_bits = 3 },
    { name = "us-east-1f", new_bits = 3 },
    { name = "us-east-1g", new_bits = 3 },
    { name = "us-east-1h", new_bits = 3 },
  ]
}

对于上面的例子，module.subnet_addrs.network_cidr_blocks将是这样的地图：

{
  "us-east-1a" = "10.90.46.0/27"
  "us-east-1b" = "10.90.46.32/27"
  "us-east-1c" = "10.90.46.64/27"
  "us-east-1d" = "10.90.46.96/27"
  "us-east-1e" = "10.90.46.128/27"
  "us-east-1f" = "10.90.46.160/27"
  "us-east-1g" = "10.90.46.192/27"
  "us-east-1h" = "10.90.46.224/27"
}

像这样的地图可以直接用作for_each资源的，因此我们可以像这样声明子网，使用 AWS 为例（因为您没有说明您使用的是哪个云供应商）：

resource "aws_subnet" "my_subnets" {
  for_each = module.subnet_addrs.network_cidr_blocks

  vpc_id            = var.vpc_id
  availability_zone = each.key
  cidr_block        = each.value
}

本模块的自述文件中有一些关于 [如果您打算稍后重命名或重新编号网络时要记住的事情，以确保您所做的更改与已经存在的对象兼容。我建议在采用此路径之前查看该文档，以确保您能够将任何未来的更改应用于您可能想象在未来进行的网络拓扑。

例如，上面示例中的分配已经覆盖了整个寻址空间"10.90.46.0/24"，因此如果您想在将来添加一个新子网而不引入任何新的寻址空间，您需要将其中一个现有子网替换为一对替换子网两者都具有new_bits = 4前缀长度/28而不是/27，因此您将有一个额外的位可用于网络编号。