/terraform-cidr-subnets

A Terraform module for calculating subnet IP address prefixes

Primary LanguageHCLMozilla Public License 2.0MPL-2.0

Terraform CIDR Subnets Module

This is a simple Terraform module for calculating subnet addresses under a particular CIDR prefix.

This module requires Terraform v0.12.10 or later.

module "subnet_addrs" {
  source = "hashicorp/subnets/cidr"

  base_cidr_block = "10.0.0.0/8"
  networks = [
    {
      name     = "foo"
      new_bits = 8
    },
    {
      name     = "bar"
      new_bits = 8
    },
    {
      name     = "baz"
      new_bits = 4
    },
    {
      name     = "beep"
      new_bits = 8
    },
    {
      name     = "boop"
      new_bits = 8
    },
  ]
}

The module assigns consecutive IP address blocks to each of the requested networks, packing them densely in the address space. The network_cidr_blocks output is then a map from the given name strings to the allocated CIDR prefixes:

{
  foo  = "10.0.0.0/16"
  bar  = "10.1.0.0/16"
  baz  = "10.16.0.0/12"
  beep = "10.32.0.0/16"
  boop = "10.33.0.0/16"
}

The new_bits values are the number of additional address bits to use for numbering the new networks. Because network foo has a new_bits of 8, and the base CIDR block has an existing prefix of 8, its final prefix length is 8 + 8 = 16. baz has a new_bits of 8, so its final prefix length is only 8 + 4 = 12 bits.

If the order of the given networks is significant, the alternative output networks is a list with an object for each requested network that has the following attributes:

  • name is the same name that was given in the request.
  • new_bits echoes back the number of new bits given in the request.
  • cidr_block is the allocated CIDR prefix for the network.

If you need the CIDR block addresses in order and don't need the names, you can use module.subnet_addrs.networks[*].cidr_block to obtain that flattened list.

Changing Networks Later

When initially declaring your network addressing scheme, you can declare your networks in any order. However, the positions of the networks in the request list affects the assigned network numbers, so when making changes later it's important to take care to avoid implicitly renumbering other networks.

The safest approach is to only add new networks to the end of the list and to never remove an existing network or or change its new_bits value. If an existing allocation becomes obsolute, you can set its name explicitly to null to skip allocating it a prefix but to retain the space it previously occupied in the address space:

module "subnet_addrs" {
  source = "hashicorp/subnets/cidr"

  base_cidr_block = "10.0.0.0/8"
  networks = [
    {
      name     = null # formerly "foo", but no longer used
      new_bits = 8
    },
    {
      name     = "bar"
      new_bits = 8
    },
  ]
}

In the above example, the network_cidr_blocks output would have the following value:

{
  bar = "10.1.0.0/16"
}

foo has been excluded, but its former prefix 10.0.0.0/16 is now skipped altogether so bar retains its allocation of 10.1.0.0/16.

Because the networks output is a list that preserves the element indices of the requested networks, it does still include the skipped networks, but with their name and cidr_blocks attributes set to null:

[
  {
    name       = null
    new_bits   = 8
    cidr_block = null
  },
  {
    name       = "bar"
    new_bits   = 8
    cidr_block = "10.1.0.0/16"
  },
]

We don't recommend using the networks output when networks are skipped in this way, but if you do need to preserve the indices while excluding the null items you could use a for expression to project the indices into attributes of the objects:

[
  for i, n in module.subnet_addrs.networks : {
    index      = i
    name       = n.name
    cidr_block = n.cidr_block
  }
  if n.cidr_block != null
]

Certain edits to existing allocations are possible without affecting subsequent allocations, as long as you are careful to ensure that the new allocation occupies the same address space as whatever replaced it.

For example, it's safe to replace a single allocation anywhere in the list with a pair of consecutive allocations whose new_bits value is one greater. If you have an allocation with new_bits set to 4, you can replace it with two allocations that have new_bits set to 5 as long as those two new allocations retain their position in the overall list:

  networks = [
    # "foo-1" and "foo-2" replace the former "foo", taking half of the
    # former address space each: 10.0.0.0/17 and 10.0.128.0/17, respectively.
    {
      name     = "foo-1"
      new_bits = 9
    },
    {
      name     = "foo-2"
      new_bits = 9
    },

    # "bar" is still at 10.1.0.0/16
    {
      name     = "bar"
      new_bits = 8
    },
  ]

When making in-place edits to existing networks, be sure to verify that the result is as you expected using terraform plan before applying, to avoid disruption to already-provisioned networks that you want to keep.

Vendor-specific Examples

The following sections show how you might use a result from this module to declare real network subnets in various specific cloud virtual network systems.

module.subnet_addrs in the following examples represent references to the declared module. You are free to name the module whatever makes sense in your context, but the names must agree between the declaration and the references.

AliCloud Virtual Private Cloud

module "subnet_addrs" {
  source = "hashicorp/subnets/cidr"

  base_cidr_block = "10.0.0.0/16"
  networks = [
    {
      name     = "cn-beijing-a"
      new_bits = 8
    },
    {
      name     = "cn-beijing-b"
      new_bits = 8
    },
  ]
}

resource "alicloud_vpc" "example" {
  name       = "example"
  cidr_block = module.subnet_addrs.base_cidr_block
}

resource "alicloud_vswitch" "example" {
  for_each = module.subnet_addrs.network_cidr_blocks

  vpc_id            = alicloud_vpc.example.id
  availability_zone = each.key
  cidr_block        = each.value
}

Amazon Virtual Private Cloud

module "subnet_addrs" {
  source = "hashicorp/subnets/cidr"

  base_cidr_block = "10.0.0.0/16"
  networks = [
    {
      name     = "us-west-2a"
      new_bits = 8
    },
    {
      name     = "us-west-2b"
      new_bits = 8
    },
  ]
}

resource "aws_vpc" "example" {
  cidr_block = module.subnet_addrs.base_cidr_block
}

resource "aws_subnet" "example" {
  for_each = module.subnet_addrs.network_cidr_blocks

  vpc_id            = aws_vpc.example.id
  availability_zone = each.key
  cidr_block        = each.value
}

Microsoft Azure Virtual Networks

module "subnet_addrs" {
  source = "hashicorp/subnets/cidr"

  base_cidr_block = "10.0.0.0/16"
  networks = [
    {
      name     = "foo"
      new_bits = 8
    },
    {
      name     = "bar"
      new_bits = 8
    },
  ]
}

resource "azurerm_resource_group" "example" {
  name     = "example"
  location = "West US"
}

resource "azurerm_virtual_network" "example" {
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location

  name          = "example"
  address_space = [module.subnet_addrs.base_cidr_block]

  dynamic "subnet" {
    for_each = module.subnet_addrs.network_cidr_blocks
    content {
      name           = subnet.key
      address_prefix = subnet.value
    }
  }
}

Google Cloud Platform

module "subnet_addrs" {
  source = "hashicorp/subnets/cidr"

  base_cidr_block = "10.0.0.0/16"
  networks = [
    {
      name     = "us-central"
      new_bits = 8
    },
    {
      name     = "us-west2"
      new_bits = 8
    },
  ]
}

resource "google_compute_network" "example" {
  name                    = "example"
  auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "example" {
  for_each = module.subnet_addrs.network_cidr_blocks

  network       = google_compute_network.example.self_link
  name          = each.key
  ip_cidr_range = each.value
  region        = each.key
}

Network Allocations in a CSV file

It may be convenient to represent your table of network definitions in a CSV file rather than writing them out as object values directly in the Terraform configuration, because CSV allows for a denser representation of such a table that might be easier to quickly scan.

You can create a CSV file subnets.csv containing the following and place it inside your own calling module:

"name","newbits"
"foo","8"
"","8"
"baz","8"

Since CSV cannot represent null, we'll use the empty string to represent an obsolete network that must still have reserved address space. When editing the CSV file after the resulting allocations have been used, be sure to keep in mind the restrictions under Changing Networks Later above.

We can use Terraform's csvdecode function to parse this file and pass the result into the CIDR Subnets Module:

module "subnet_addrs" {
  source = "hashicorp/subnets/cidr"

  base_cidr_block = "10.0.0.0/16"
  networks = [
    for r in csvdecode(file("${path.module}/subnets.csv")) : {
      name     = r.name != "" ? r.name : null
      new_bits = tonumber(r.new_bits)
    }
  ]
}

Contributing

This module is intentionally simple and is considered feature complete. We do not plan to add any additional functionality and we're unlikely to accept pull requests proposing new functionality.

If you find errors in the documentation above, please open an issue or a pull request!