Skip to content

The vpc_subnets.tf File

Filename Location Group Project/Repository
vpc_subnets.tf ./vpc_subnets.tf infrastructure terraform

Why?

Our VPC would be pretty useless without subnets. A subnet is used, in simple terms, to further slice up our VPC into smaller networks that we can use to separate parts of our infrastructure.

In more advanced terms, a subnet is a separate collision and broadcast domain, but that's not really that important in the public Cloud space.

We'll be using two Availability Zones: A & B in Sydney, Australia. You're free to change your region to another - it's extremely likely to have at least two AZs.

Each subnet is a /27 for the same reasons as above: get into the habit of being efficient with resources as you never know when or how you'll scale. Plus if you join this network to another, say an on-premise network via a VPN, you might have two overlapping networks because you created /24s when you didn't need them.

Breakdown

First we define our subnets. This is the subnet for AZ A:

1
2
3
4
5
6
7
8
9
resource "aws_subnet" "httpcats-http-az-a" {
  vpc_id            = aws_vpc.httpcats.id
  cidr_block        = "10.1.1.0/27"
  availability_zone = "ap-southeast-2a"

  tags = merge(local.common_tags, {
    "Name" = "httpcats AZ A"
  })
}

Then we define the subnet for AZ B:

1
2
3
4
5
6
7
8
9
resource "aws_subnet" "httpcats-http-az-b" {
  vpc_id            = aws_vpc.httpcats.id
  cidr_block        = "10.1.1.32/27"
  availability_zone = "ap-southeast-2b"

  tags = merge(local.common_tags, {
    "Name" = "httpcats AZ B"
  })
}

But without the ability to route traffic a subnet is pretty useless.

Route Tables

A routing table is a set of rules that define how traffic moves between networks. Traffic inside the network is resolved using localised protocols such as ARP, but when we need to talk to another system in a network outside of our own, we consult the route table and it tells us how-to get a traffic to that system.

Our route table is simple right now: we just need a rule that allows our systems to talk to the Internet to handle inbound requests for the system's resources:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
resource "aws_route_table" "httpcats" {
  vpc_id = aws_vpc.httpcats.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.httpcats.id
  }

  tags = merge(local.common_tags, {
    "Name" = "httpcats Internet Route Table"
  })
}

After defining the route table we proceed to associate it with the subnets we've created:

1
2
3
4
5
6
7
8
9
resource "aws_route_table_association" "httpcats-http-az-a" {
  subnet_id      = aws_subnet.httpcats-http-az-a.id
  route_table_id = aws_route_table.httpcats.id
}

resource "aws_route_table_association" "httpcats-http-az-b" {
  subnet_id      = aws_subnet.httpcats-http-az-b.id
  route_table_id = aws_route_table.httpcats.id
}

The Solution

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
resource "aws_subnet" "httpcats-http-az-a" {
  vpc_id            = aws_vpc.httpcats.id
  cidr_block        = "10.1.1.0/27"
  availability_zone = "ap-southeast-2a"

  tags = merge(local.common_tags, {
    "Name" = "httpcats AZ A"
  })
}

resource "aws_subnet" "httpcats-http-az-b" {
  vpc_id            = aws_vpc.httpcats.id
  cidr_block        = "10.1.1.32/27"
  availability_zone = "ap-southeast-2b"

  tags = merge(local.common_tags, {
    "Name" = "httpcats AZ B"
  })
}

resource "aws_route_table" "httpcats" {
  vpc_id = aws_vpc.httpcats.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.httpcats.id
  }

  tags = merge(local.common_tags, {
    "Name" = "httpcats Internet Route Table"
  })
}

resource "aws_route_table_association" "httpcats-http-az-a" {
  subnet_id      = aws_subnet.httpcats-http-az-a.id
  route_table_id = aws_route_table.httpcats.id
}

resource "aws_route_table_association" "httpcats-http-az-b" {
  subnet_id      = aws_subnet.httpcats-http-az-b.id
  route_table_id = aws_route_table.httpcats.id
}

Terraform Documentation

Type Documentation
aws_subnet Terraform AWS Provider
aws_route_table Terraform AWS Provider
aws_route_table_association Terraform AWS Provider

Committing the Code

  1. Set your working directory to the infrastructure/terraform repository
  2. Save the file as vpc_subnets.tf and use git add vpc_subnets.tf to add it to the Git staging area
  3. Use git commit -am 'creating our subnets and defining their routing rules' to commit the file to our repository
  4. Push the code to GitLab.com: git push

Last update: August 25, 2021