How to create new subnet block size in the current VPC with some used cidr range on AWS using Terraform?

Miantian

1/27/23, 6:07 AM

I want to use Terraform to create a new subnet for EKS. In the same account, the VPC has already been created and some subnets have been created.

locals {
  vpc_cidr_block = "10.148.52.0/22"

  public_subnets = [
    "10.148.52.0/27",
    "10.148.54.0/27",
  ]
  # ...
  private_subnets_3 = [
    "10.148.52.80/28",
    "10.148.54.80/28",
  ]
  subnets_4 = [
    "10.148.52.240/28",
    "10.148.54.240/28",
  ]
  eks_private_subnets = [
    "10.148.52.128/25",
    "10.148.54.128/25",
  ]
}

resource "aws_subnet" "eks_private" {
  count = length(local.eks_private_subnets)

  vpc_id            = aws_vpc.this.id
  cidr_block        = local.eks_private_subnets[count.index]
  availability_zone = local.azs[count.index]
}

When run the deployment, it got these errors:

Error: error creating subnet: InvalidSubnet.Conflict: The CIDR '10.148.54.128/25' conflicts with another subnet
    status code: 400, request id: 11111111111-111111-1111111-1111111111111

  on main.tf line 50, in resource "aws_subnet" "eks_private":
 50: resource "aws_subnet" "eks_private" {


Error: error creating subnet: InvalidSubnet.Conflict: The CIDR '10.148.52.128/25' conflicts with another subnet
    status code: 400, request id: 22222222222-222222-22222-222222222222222

  on network.tf line 50, in resource "aws_subnet" "eks_private":
 50: resource "aws_subnet" "eks_private" {

It seems the .128/25 size is conflicts with other subnet. But I want to create a /25 size subnet in this VPC, isn't it possible? Otherwise, may I need to create a new VPC to use?

274

0 + 0

amazon-web-services

terraform

Tim

1/27/23, 6:49 AM

Your subnet CIDR ranges overlap. Change the CIDR range. The Visual CIDR Calculator can help you visualize this http://www.davidc.net/sites/default/subnets/subnets.html

Miantian

1/27/23, 7:32 AM

@Tim I calculated it by the tool you provided. The `Range of addresses` got `10.148.52.128 - 10.148.52.255`. How can I reset the private subnet range?

Tim

1/27/23, 5:13 PM

What do you mean "rest the private subnet range"? What you need to do is allocate a CIDR range within your VPC range that is currently unused. You're using a lot of different sized CIDR blocks so that will be a bit of a job to work out. I tend to use /16 and /24 networks for most networks where there's plenty of IP space, but when I'm doing corporate networks where IP space is limited I often use the visual CIDR calculator to divide it up properly. If you don't do CIDR maths regularly most people would need a tool to help them.

Martin Atkins

1/28/23, 12:59 AM

If you're trying to allocate a bunch of non-overlapping ranges to use together in the same overall network then you might consider using [the module `hashicorp/subnets/cidr`](https://registry.terraform.io/modules/hashicorp/subnets/cidr/latest), which is designed to help with that situation. You can always assign the results from that module into separate local values like you have in your question if you need to do something more complicated than just a flat set of `aws_subnet` instances in a single resource.

Miantian

1/28/23, 2:50 AM

@Tim @MartinAtkins Thank you! I am clear about the additional subnet cidr issue now. [the module hashicorp/subnets/cidr](https://registry.terraform.io/modules/hashicorp/subnets/cidr/latest#amazon-virtual-private-cloud) looks good but I will try to use other segment in `10.148.5x` first.

Score:1

Server

Tim

1/28/23, 2:57 AM

To close this question off, the problem is you are trying to allocate the same CIDR range to two subnets. You need to allocate your subnet CIDR range out of the available range. Two tools you might find helpful

You might find this easier if you use more common CIDR block sizes, though that's not always possible. /16 VPC with /24 subnets are fairly common and easy to mentally work with.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to create new subnet block size in the current VPC with some used cidr range on AWS using Terraform?

TH: จะสร้างขนาดบล็อกเครือข่ายย่อยใหม่ใน VPC ปัจจุบันด้วยช่วง cidr ที่ใช้บน AWS โดยใช้ Terraform ได้อย่างไร

RO: Cum se creează o nouă dimensiune a blocului de subrețea în VPC-ul actual cu un interval cidr utilizat pe AWS folosind Terraform?

RU: Как создать новый размер блока подсети в текущем VPC с некоторым используемым диапазоном cidr на AWS с помощью Terraform?

VI: Làm cách nào để tạo kích thước khối mạng con mới trong VPC hiện tại với một số phạm vi cidr đã sử dụng trên AWS bằng Terraform?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.