https://pulumi.com logo
#python
Title
# python
h

hallowed-animal-47023

05/30/2021, 1:48 PM
Copy code
import pulumi
from pulumi_aws import ec2, get_availability_zones

# Create AWS VPC with specified name, CIDR block, and enable DNS


class VPC(pulumi.ComponentResource):
    """
    This creates a base VPC with subnets in every available availability zone
    """
    def __init__(
            self,
            name,
            opts=None
    ):
        vpc = ec2.Vpc(name,
                          cidr_block="10.0.0.0/16",
                          enable_dns_support=True,
                          enable_dns_hostnames=True,
                          tags={
                              'Name': name
                      })

        availability_zones = get_availability_zones(state="available")
        public_subnets = []
        private_subnets = []
        for x in range(len(availability_zones.names)):
            public_subnets.append(
                ec2.Subnet(f"Prod-Public-{availability_zones.names[x]}",
                           availability_zone=availability_zones.names[x],
                           cidr_block=f"10.0.{x + 1}.0/24",
                           vpc_id=vpc.id,
                           tags={
                               'Name': f"Prod-Public-{availability_zones.names[x]}"
                           })
            )
            private_subnets.append(
                ec2.Subnet(f"Prod-Private-{availability_zones.names[x]}",
                           availability_zone=availability_zones.names[x],
                           cidr_block=f"10.0.{x + len(availability_zones.names) + 1}.0/24",
                           vpc_id=vpc.id,
                           tags={
                               'Name': f"Prod-Private-{availability_zones.names[x]}"
                       })
            )

            nat_gateways = []
            nat_eips = []
            for x in range(2):
                nat_eips.append(
                    ec2.Eip(
                        f"NAT-Gateway-IP-{x}",
                        vpc=True,
                        tags={
                            "Name": f"NAT-Gateway-IP-{x}"
                        }
                    )
                )
                # nat_gateways.append(
                #     ec2.NatGateway(
                #         f"{name}-NAT-Gateway",
                #         allocation_id=nat_eips[x],
                #         subnet_id=public_subnets[x].id,
                #     tags = {
                #         "Name": f"NAT-Gateway-{x}"
                #     })
                # )



        # Export VPC Id
        pulumi.export('vpc_id', vpc.id)
        url = vpc.id.apply(lambda vpc_id: "https//"+vpc_id)
s

sticky-bear-14421

06/01/2021, 7:12 AM
I think the problem are the two nested loops, the outer loop iterates over the availability zones and the inner one over the range of 0 and 1.
Well, just the inner loop, as you create EIPs with distinct names NAT-Gateway-IP-0 and NAT-Gateway-IP-1 for each iteration of your availability zones and then you get the same named EIPs for each of them.
And I guess you'll get six of them, which will raise another problem, as the soft limit for EIPs per account is five.
Or, if you are using a region with more than three AZ you'll get even more EIPs
h

hallowed-animal-47023

06/01/2021, 12:40 PM
Yep, I didn’t realize those were nested - completely unintended. Was looking too far down in my code.
s

sticky-bear-14421

06/02/2021, 5:06 AM
As I wrote in my problem-thread below, I have a rather similar setup. I suggest you skip the inner loop and just create one EIP/NATGW per AZ, this way you have no cross-az-traffic for reaching the NATGW
I iterate over the AZ and: • create a private subnet • create a public subnet • allocate an EIP • create a NATGW with this EIP • create a routing table and associate it with the private network • add a default route pointing to the NATGW
Outside this loop I have an Internet Gateway and an additional routing table which I associate the public subnets to, as they can have one global rt whereas the private-rt's in my setup have to have their az-natgw
3 Views