user subnets

[kees-cambrian]

Is your request related to a new offering from AWS?

Is this functionality available in the AWS provider for Terraform?

• Yes ✅: subnet functionality is there for many years already.

We want to replace our current custom terraform module with this. Our custom module support the creation of user subnets. We run AWS Appstream fleets and AWS Workspaces in those subnets.

Add possibility to create user subnets, please.

Alternatively I upgrade with features we need and keep using my custom module.

Kind regards Kees van Winden

[ForbiddenEra]

Is your request related to a new offering from AWS?

Is this functionality available in the AWS provider for Terraform?

* Yes ✅: subnet functionality is there for many years already.

We want to replace our current custom terraform module with this. Our custom module support the creation of user subnets. We run AWS Appstream fleets and AWS Workspaces in those subnets.

Add possibility to create user subnets, please.

Alternatively I upgrade with features we need and keep using my custom module.

Kind regards Kees van Winden

Not sure what you mean by "user subnets" but you can create as many private subnets as you need.

I had forked and was going to add subnet groups for EKS and other stuff but ended up just adding more private subnets. I may still, but the only reason really is aesthetics/naming convention in the AWS console.

[kees-cambrian]

Ah I see what you mean. I could create give the subnets my own names by passing it to the module using the variable private_subnet_names. Did not notice this variable until now. Thanks for the reply

[ForbiddenEra]

Ah I see what you mean. I could create give the subnets my own names by passing it to the module using the variable private_subnet_names. Did not notice this variable until now. Thanks for the reply

Yes, that's one way to do it. The only downside I personally have with this is that, while private_subnet_names works for the subnet names, it doesn't work for the associated security groups etc that are also created for each subnet.

I do think it would be useful to have some other subnet options for other common cases though, even with being able to name them it can be easier to manage sometimes when they're in separate groups, as an example, for a while I was using the database subnets for my EKS nodes and I may do something like that again, I only changed it to see if I could make things work using only private subnets but it's not the most ideal.

I think #892 should be considered as a potential way forward for handling subnets; if not exactly how suggested there, at least improving the flexibility should be considered.

[kees-cambrian]

Indeed, it does not work properly for the associated route tables either, you get duplicate names in the "Name" tag. This is a no go for me

[ForbiddenEra]

Indeed, it does not work properly for the associated route tables either, you get duplicate names in the "Name" tag. This is a no go for me

Yeah I was originally going to add my own extra subnet groups or as I said was using the existing ones for uses not related to their name/intended use and while I've currently switched to just having them all as private ones, it's definitely not ideal to have a big list of sgs + route tables with all the same names that aren't related at all, even if most of my management is IaC - I'm going to have to change this somehow before this particular infra goes to prod and I haven't decided on my path forward. Ideally, this module would be updated for better subnet flexibility + better flexibility and tagging of subnet-related resources like sgs and route tables but I can't expect or even hope that this might happen anytime soon.

My potential solutions are

• go back to using existing subnet types/groups like 'database' for unrelated purposes; this has the con that each of these types has potentially slightly different behavior towards their original intended purpose (part of the reason I stopped using the DB one is that when auditing my resources I noticed the database subnet had an additional resource tagged to it where the auditing software knew it was a database subnet; I can't recall OTOH exactly what that was but in general each type has slightly different/specific behavior)
• fork the module and add my own subnet groups for my needs; I did attempt this but it was feeling a bit PITA-ish and also feel like having 10 different subnet types with the ones I added being functionally identical to private with different labeling wasn't ideal
• fork the module and make it so that route tables/sg's/etc can be tagged/labelled with an array in the same way subnet names can be

Likely I'll go with the last option; depending on how it works out, maybe I'll make a PR for it but I think some better method for defining subnets and their related resources with more flexibility would be the best (hence the linked subnet flexibility issue)

If I do implement the third option, if you're interested (as it sounds like you're in a similar boat and even tried tagging the route tables like the subnet names can be in hopes it would work) and if I don't make a PR for it I can post back here and at least link you to that fork if it would be useful for you. However, if it's something many users want and it's likely the PR would be accepted then I'd much more likely put up the PR for review

[hpschry]

@ForbiddenEra we have more or less the same use case. We want to attach the tags for EKS load balancer allocation to specific subnets only and it seems, that in the current implementation this is not possible. The obvious solution could be to provide a vector of tag maps to attach to specific subnets, I guess, this is what you describe.

[github-actions]

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

[jjdiazgarcia]

We are facing the same issue @hpschry described. Can we create a PR to address it?

@ForbiddenEra Do we need to wait for someone/something?

[jjdiazgarcia]

Apologies for my previous question @ForbiddenEra

I have just noticed that there is an open PR that address the issue we are facing. Is there any plan to merge it? It looks like some people is using it since some time.

[github-actions]

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

[ForbiddenEra]

Apologies for my previous question @ForbiddenEra

I have just noticed that there is an open PR that address the issue we are facing. Is there any plan to merge it? It looks like some people is using it since some time.

I have no idea; I'm not a maintainer or even a contributor here, sorry if something I said implied as much, just another user.

If a PR has already been made, hopefully we can get some attention on this and get it merged though!

@maintainers? :)