Merge pull request #165 from ivan-aws/main

feat: sort subnets to calculate by their netmask to efficiently use ip space + feature flag and tests

Author: pablo19sc

examples/optimized_ipv4_subnets/.header.md

@@ -0,0 +1,6 @@
+# Creating subnets with sorted CIDR ranges
+
+This example shows how you can use this module to efficiently use the VPC CIDR range. Before calculating CIDR ranges, subnets are sorted from largest to smallest.
+
+* The VPC module creates the following:
+  * Four sets of subnets (*public*, *private*, *database*, and *infrastructure*)

examples/optimized_ipv4_subnets/.terraform-docs.yaml

@@ -0,0 +1,21 @@
+formatter: markdown
+header-from: .header.md
+settings:
+  anchor: true
+  color: true
+  default: true
+  escape: true
+  html: true
+  indent: 2
+  required: true
+  sensitive: true
+  type: true
+  lockfile: false
+
+sort:
+  enabled: true
+  by: required
+
+output:
+  file: README.md
+  mode: replace

examples/optimized_ipv4_subnets/README.md

@@ -0,0 +1,46 @@
+<!-- BEGIN_TF_DOCS -->
+# Creating subnets with sorted CIDR ranges
+
+This example shows how you can use this module to efficiently use the VPC CIDR range. Before calculating CIDR ranges, subnets are sorted from largest to smallest.
+
+* The VPC module creates the following:
+  * Four sets of subnets (*public*, *private*, *database*, and *infrastructure*)
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.9 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 5.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | aws-ia/vpc/aws | ~> 4.4 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_availability_zones.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS Region to create resources in. | `string` | `"eu-west-2"` | no |
+| <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | VPC cidr range | `string` | `"10.0.0.0/22"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_private_subnets_tags_length"></a> [private\_subnets\_tags\_length](#output\_private\_subnets\_tags\_length) | Count of private subnet tags for a single az. |
+<!-- END_TF_DOCS -->

examples/optimized_ipv4_subnets/main.tf

@@ -0,0 +1,32 @@
+data "aws_availability_zones" "current" {
+  filter {
+    name   = "opt-in-status"
+    values = ["opt-in-not-required"]
+  }
+}
+
+module "vpc" {
+  source  = "aws-ia/vpc/aws"
+  version = "~> 4.4"
+
+  name                        = "sorted-subnets"
+  cidr_block                  = var.vpc_cidr
+  az_count                    = 3
+  optimize_subnet_cidr_ranges = true
+
+  subnets = {
+    private = {
+      netmask = 24
+    }
+    database = {
+      netmask = 27
+    }
+    public = {
+      netmask                   = 28
+      nat_gateway_configuration = "single_az"
+    }
+    infrastructure = {
+      netmask = 28
+    }
+  }
+}

examples/optimized_ipv4_subnets/outputs.tf

@@ -0,0 +1,6 @@
+## Used for Testing, do not delete
+
+output "private_subnets_tags_length" {
+  description = "Count of private subnet tags for a single az."
+  value       = try(length(module.vpc.private_subnet_attributes_by_az["private/${data.aws_availability_zones.current.names[0]}"].tags), null)
+}

examples/optimized_ipv4_subnets/providers.tf

@@ -0,0 +1,15 @@
+terraform {
+  required_version = "~> 1.9"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
+
+# Provider definition
+provider "aws" {
+  region = var.aws_region
+}
+

examples/optimized_ipv4_subnets/variables.tf

@@ -0,0 +1,11 @@
+variable "aws_region" {
+  description = "AWS Region to create resources in."
+  type        = string
+  default     = "eu-west-2"
+}
+
+variable "vpc_cidr" {
+  type        = string
+  description = "VPC cidr range"
+  default     = "10.0.0.0/22"
+}

main.tf

@@ -7,7 +7,8 @@ module "calculate_subnets" {
   cidr = local.cidr_block
   azs  = local.azs
 
-  subnets = var.subnets
+  subnets                     = var.subnets
+  optimize_subnet_cidr_ranges = var.optimize_subnet_cidr_ranges
 }
 
 module "calculate_subnets_ipv6" {

modules/calculate_subnets/main.tf

@@ -16,6 +16,30 @@ locals {
     }
   ]])
 
+  # map of subnet names to netmask values for looking up netmask by name
+  netmasks_for_subnets = { for subnet in local.calculated_subnet_objects : subnet.name => subnet.netmask }
+
+  # sorted list of netmasks from largest to smallest so we can efficiently use the ip address space
+  sorted_subnet_netmasks = reverse(distinct(sort([
+    for subnet in local.calculated_subnet_objects : format("%05d", subnet.netmask)
+  ])))
+
+  # list of subnet names sorted based on their netmask value (large to small)
+  sorted_subnet_names = compact(flatten([
+    for netmask in local.sorted_subnet_netmasks : [
+      for subnet in local.calculated_subnet_objects :
+      subnet.name if subnet.netmask == tonumber(netmask)
+    ]
+  ]))
+
+  # list of subnet the original calculated subnet objects, but sorted based on their netmask value (large to small)
+  sorted_subnet_objects = [
+    for name in local.sorted_subnet_names : {
+      name    = name
+      netmask = local.netmasks_for_subnets[name]
+    }
+  ]
+
   # map of explicit cidrs to az
   explicit_cidrs_grouped = { for _, type in local.types_with_explicit : type => zipmap(var.azs, var.subnets[type].cidrs[*]) }
 }
@@ -27,6 +51,5 @@ module "subnet_calculator" {
   version = "1.0.2"
 
   base_cidr_block = var.cidr
-  networks        = local.calculated_subnet_objects
+  networks        = var.optimize_subnet_cidr_ranges ? local.sorted_subnet_objects : local.calculated_subnet_objects
 }
-

modules/calculate_subnets/variables.tf

@@ -12,3 +12,9 @@ variable "cidr" {
   description = "CIDR value to use as base for calculating IP address prefixes."
   type        = string
 }
+
+variable "optimize_subnet_cidr_ranges" {
+  description = "Sort subnets to calculate by their netmask to efficiently use IP space."
+  type        = bool
+  default     = false
+}