https://pulumi.com logo
#aws
Title
# aws
b

brief-church-51632

06/09/2023, 11:33 PM
Hi, I'm trying to use awsx to create a VPC with 9 subnets. I want 2 sets of 3 smaller subnets, and one set of 3 large subnets. My VPC uses a
/16
mask. I'm trying to use a
/18
mask for my 3 large subnets, and a
/21
mask for my 6 smaller subnets. But VPC creation fails because it cannot come up with non-overlapping subnets. Am I missing something, or is this maybe a gap in the awsx VPC computation? the
/18
mask gives me 4 prefixes that I can assign to the 3 subnets, leaving one prefix I can give to the 6 smaller subnets.
/21
should give me 8 subnets using the remaining prefix.
b

billowy-army-68599

06/09/2023, 11:41 PM
It’s a gap in the computation. You’ll have to define your own cidrs
b

brief-church-51632

06/09/2023, 11:48 PM
is there some way to do that using awsx? Or I'd have to use the raw aws interfaces?
b

billowy-army-68599

06/10/2023, 1:38 AM
I’m not on my laptop, but there’s an option to define subnets and their mask
Inside awsx
s

salmon-account-74572

06/12/2023, 12:22 PM
The details for specifying subnets with AWSX VPC can be found here: https://www.pulumi.com/registry/packages/awsx/api-docs/ec2/vpc/#subnetspec
OK, if I’m following your desired subnet design correctly, you’d end up with four /18 prefixes:
Copy code
10.0.0.0/18
10.0.64.0/18
10.0.128.0/18
10.0.192.0/18
And then you’d like to take one of these four prefixes (I’ll use the last one) and subdivide it into eight smaller subnets:
Copy code
10.0.192.0/21
10.0.200.0/21
10.0.208.0/21
… (omitting for brevity)
10.0.248.0/21
Is that right?
@brief-church-51632 I’ve been having some conversations with our engineering team, and—assuming I am understanding what you’re trying to do—we are reasonably certain that AWSX can’t be configured to do what you’re trying to do. You can, however, use the AWS provider and construct the VPC, subnets, routes, route tables, Internet and NAT gateways, etc., according to the plan you’re describing. Let me know if you want some help building this out.
b

brief-church-51632

06/13/2023, 1:48 AM
The snippet above is exactly right. Thanks a bunch for following up. I think I can live with the limitations of the current implementation for now, though it would be nice to get some more control over this from awsx. I did start down the road of setting it all up on my own and it's quite onerous - awsx takes care of a lot of boilerplate for you.
like maybe just a wrapper around Subnet, which lets you set the CIDR but takes care of creating a ngw if requested, creates the route table, and sets up the routes to the ngw/igw would be nice
s

salmon-account-74572

06/13/2023, 2:12 PM
@brief-church-51632 That’s a neat idea! Maybe I’ll play around with something like that, if I can find some extra time. 😄 One of our engineers does have an in-flight PR that allows some additional flexibility around subnets and CIDRs with the AWSX VPC. Their implementation would come in the form of “reservations, ” each of which defines the CIDR for a particular subnet. The subnet creation engine would then consume these reservations when it creates the subnets, or calculate the CIDR if no reservation is present. I think that would enable you to do what you’re seeking, although it would require you to define all the subnet CIDRs as reservations (so a bit of a trade-off).
5 Views