Channels
#python
Title
h
hallowed-animal-47023
05/30/2021, 1:48 PM Copy code
import pulumi
from pulumi_aws import ec2, get_availability_zones
# Create AWS VPC with specified name, CIDR block, and enable DNS
class VPC(pulumi.ComponentResource):
"""
This creates a base VPC with subnets in every available availability zone
"""
def __init__(
self,
name,
opts=None
):
vpc = ec2.Vpc(name,
cidr_block="10.0.0.0/16",
enable_dns_support=True,
enable_dns_hostnames=True,
tags={
'Name': name
})
availability_zones = get_availability_zones(state="available")
public_subnets = []
private_subnets = []
for x in range(len(availability_zones.names)):
public_subnets.append(
ec2.Subnet(f"Prod-Public-{availability_zones.names[x]}",
availability_zone=availability_zones.names[x],
cidr_block=f"10.0.{x + 1}.0/24",
vpc_id=vpc.id,
tags={
'Name': f"Prod-Public-{availability_zones.names[x]}"
})
)
private_subnets.append(
ec2.Subnet(f"Prod-Private-{availability_zones.names[x]}",
availability_zone=availability_zones.names[x],
cidr_block=f"10.0.{x + len(availability_zones.names) + 1}.0/24",
vpc_id=vpc.id,
tags={
'Name': f"Prod-Private-{availability_zones.names[x]}"
})
)
nat_gateways = []
nat_eips = []
for x in range(2):
nat_eips.append(
ec2.Eip(
f"NAT-Gateway-IP-{x}",
vpc=True,
tags={
"Name": f"NAT-Gateway-IP-{x}"
}
)
)
# nat_gateways.append(
# ec2.NatGateway(
# f"{name}-NAT-Gateway",
# allocation_id=nat_eips[x],
# subnet_id=public_subnets[x].id,
# tags = {
# "Name": f"NAT-Gateway-{x}"
# })
# )
# Export VPC Id
pulumi.export('vpc_id', vpc.id)
url = vpc.id.apply(lambda vpc_id: "https//"+vpc_id)s
sticky-bear-14421
06/01/2021, 7:12 AMI think the problem are the two nested loops, the outer loop iterates over the availability zones and the inner one over the range of 0 and 1.
Well, just the inner loop, as you create EIPs with distinct names NAT-Gateway-IP-0 and NAT-Gateway-IP-1 for each iteration of your availability zones and then you get the same named EIPs for each of them.
And I guess you'll get six of them, which will raise another problem, as the soft limit for EIPs per account is five.
Or, if you are using a region with more than three AZ you'll get even more EIPs
h
hallowed-animal-47023
06/01/2021, 12:40 PMYep, I didn’t realize those were nested - completely unintended. Was looking too far down in my code.
s
sticky-bear-14421
06/02/2021, 5:06 AMAs I wrote in my problem-thread below, I have a rather similar setup. I suggest you skip the inner loop and just create one EIP/NATGW per AZ, this way you have no cross-az-traffic for reaching the NATGW
I iterate over the AZ and:
• create a private subnet
• create a public subnet
• allocate an EIP
• create a NATGW with this EIP
• create a routing table and associate it with the private network
• add a default route pointing to the NATGW
Outside this loop I have an Internet Gateway and an additional routing table which I associate the public subnets to, as they can have one global rt whereas the private-rt's in my setup have to have their az-natgw
2 Views