amazon-web-services - 如何在 Terraform 中为子网创建有效的 CIDR block 值

Question

您好，我正在使用 Terraform 项目来允许我的 Lambda 函数访问互联网 + RDS 数据库。我已经在控制台中手动构建了所有内容并且它正在运行，现在我正在 Terraform 中制作相同的结构。

我一直在为我的公共(public)和私有(private)子网的 cidr_blocks 设置什么，以及为我正在创建的 EIP 的 private_ip 设置什么。同样，我通过在控制台中摆弄手动为这些参数创建了有效值，但肯定有一种编程方式可以做到这一点？

resource "aws_default_vpc" "jacobs_vpc_tf" {

}

resource "aws_subnet" "jacobs_public_subnet" {
  vpc_id     = aws_default_vpc.jacobs_vpc_tf.id
  cidr_block = aws_default_vpc.jacobs_vpc_tf.cidr_block # idk what to put here or how to make it automatically select a valid cidr block
  map_public_ip_on_launch = true

}

resource "aws_subnet" "jacobs_private_subnet" {
  vpc_id     = aws_default_vpc.jacobs_vpc_tf.id
  cidr_block = aws_default_vpc.jacobs_vpc_tf.cidr_block # idk what to put here or how to make it automatically select a valid cidr block


}
resource "aws_internet_gateway" "jacobs_gw" {
  vpc_id = aws_default_vpc.jacobs_vpc_tf.id

}

resource "aws_nat_gateway" "jacobs_nat_gw" {
  allocation_id = aws_eip.jacobs_eip.id
  subnet_id     = aws_subnet.jacobs_public_subnet.id


  depends_on = [aws_internet_gateway.jacobs_gw]
}

resource "aws_network_interface" "jacobs_network_interface" {
  subnet_id       = aws_subnet.jacobs_public_subnet.id
  private_ips     = ["10.0.0.50"] # idk what to put here or how to make it automatically select a valid IP

  attachment {
    instance     = aws_nat_gateway.jacobs_nat_gw.id
    device_index = 1
  }

}

resource "aws_eip" "jacobs_eip" {
  vpc = true
  network_interface = aws_network_interface.jacobs_network_interface.id
  depends_on                = [aws_internet_gateway.jacobs_gw]
}

### route tables & associations - these cidr block values should be correct and don't need to be changed

resource "aws_route_table" "jacobs_private_route_table" {
  vpc_id = aws_default_vpc.jacobs_vpc_tf.id
  nat_gateway_id = aws_nat_gateway.jacobs_nat_gw.id

  route = [
    {
      cidr_block = "0.0.0.0/0"
      gateway_id = aws_nat_gateway.jacobs_nat_gw.id
    }
  ]

}

resource "aws_route_table" "jacobs_public_route_table" {
  vpc_id = aws_default_vpc.jacobs_vpc_tf.id
  gateway_id = aws_internet_gateway.jacobs_gw.id

  route = [
    {
      cidr_block = "0.0.0.0/0"
      gateway_id = aws_internet_gateway.jacobs_gw.id
    }
  ]

}

resource "aws_route_table_association" "jacobs_private_route" {
  subnet_id      = aws_subnet.jacobs_private_subnet.id
  route_table_id = aws_route_table.jacobs_private_route_table.id


}

resource "aws_route_table_association" "jacobs_public_route" {
  subnet_id      = aws_subnet.jacobs_public_subnet.id
  route_table_id = aws_route_table.jacobs_public_route_table.id


}

我认为我不关心 cidr_blocks 和私有(private) ip 的值是什么，我只需要将一些有效值放入其中以便我可以获得访问权限。如果有人有解决方案或可以指出一些相关资源，我将不胜感激!

Answer 1

我修改了代码以创建自定义 VPC(不是重新创建默认 VPC)并自动设置所有内容。对于 CIDR 范围，您可以使用 cidrsubnet :

resource "aws_vpc" "jacobs_vpc_tf" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "jacobs-vpc"
  }
}

resource "aws_subnet" "jacobs_public_subnet" {
  vpc_id     = aws_vpc.jacobs_vpc_tf.id
  cidr_block = cidrsubnet(aws_vpc.jacobs_vpc_tf.cidr_block, 8, 1)
  map_public_ip_on_launch = true
}

resource "aws_subnet" "jacobs_private_subnet" {
  vpc_id     = aws_vpc.jacobs_vpc_tf.id
  cidr_block = cidrsubnet(aws_vpc.jacobs_vpc_tf.cidr_block, 8, 2)
}

resource "aws_internet_gateway" "jacobs_gw" {
  vpc_id = aws_vpc.jacobs_vpc_tf.id
}


resource "aws_eip" "jacobs_eip" {
  vpc = true
  #network_interface = aws_network_interface.jacobs_network_interface.id
  depends_on        = [aws_internet_gateway.jacobs_gw]
}


resource "aws_nat_gateway" "jacobs_nat_gw" {
  allocation_id = aws_eip.jacobs_eip.id
  subnet_id     = aws_subnet.jacobs_public_subnet.id

  #depends_on = [aws_internet_gateway.jacobs_gw]
}

### route tables & associations - these cidr block values should be correct and don't need to be changed

resource "aws_route_table" "jacobs_private_route_table" {
  vpc_id = aws_vpc.jacobs_vpc_tf.id
  #nat_gateway_id = aws_nat_gateway.jacobs_nat_gw.id

  route  {
      cidr_block = "0.0.0.0/0"
      nat_gateway_id = aws_nat_gateway.jacobs_nat_gw.id
    }
}

resource "aws_route_table" "jacobs_public_route_table" {
  vpc_id = aws_vpc.jacobs_vpc_tf.id
  #gateway_id = aws_internet_gateway.jacobs_gw.id

  route  {
      cidr_block = "0.0.0.0/0"
      gateway_id = aws_internet_gateway.jacobs_gw.id
    }
}

resource "aws_route_table_association" "jacobs_private_route" {
  subnet_id      = aws_subnet.jacobs_private_subnet.id
  route_table_id = aws_route_table.jacobs_private_route_table.id


}

resource "aws_route_table_association" "jacobs_public_route" {
  subnet_id      = aws_subnet.jacobs_public_subnet.id
  route_table_id = aws_route_table.jacobs_public_route_table.id
}