I have been working with the AWS “vpc” module of Terraform - Terraform Registry.
Until this point we have used a single Availability Zone. I have created several different private, intra, and public subnets all within the one availability zone via the “vpc” module config and so far that has been working well. Our config looks something like:
resource "aws_eip" "vpc_subnet_nats" {
count = 1 # NOTE: must match the number of NAT Gateways in the VPC!
vpc = true
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "3.19.0"
name = "beta_vpc"
cidr = "17.0.17.0/24"
azs = [ "eu-west-2a" ]
private_subnets = [ "17.0.17.0/27", "17.0.17.96/27", "17.0.17.32/28", "17.0.17.48/28", "17.0.17.192/28"]
private_subnet_tags = {
Type = "private_subnet"
}
intra_subnets = [ "17.0.17.128/28" ]
intra_subnet_tags = {
Type = "intra_subnet"
}
public_subnets = [ "17.0.17.224/27" ]
public_subnet_tags = {
Type = "public_subnet"
}
enable_ipv6 = true
assign_ipv6_address_on_creation = true
enable_nat_gateway = true
single_nat_gateway = true
one_nat_gateway_per_az = false
reuse_nat_ips = true # <= Skip creation of EIPs for the NAT Gateways
external_nat_ip_ids = aws_eip.vpc_subnet_nats.*.id # <= IPs specified here as input to the module
manage_default_network_acl = true
private_dedicated_network_acl = true
private_inbound_acl_rules = [
...
]
private_outbound_acl_rules = [
...
]
vpc_tags = {
Name = "vpc"
}
}
We are now looking to deploy an Amazon RDS Service. RDS appears to require at least 2 Availability Zones. So now we need to expand our VPC to 2 or 3 Availability Zones.
I cannot find any information on how the “vpc” module chooses which of the subnets (e.g. private_subnets, intra_subnets, and public_subnets) should be created in which Availability Zone.
Ideally I would like to control that aspect, so that I can choose myself which subnets go into which Availability Zone. Is this possible with the “vpc” module?
I have also seen that there is a “vpc” resource that might be used instead. However, it seems to me that replacing the “vpc module” would be a lot of work, as it does lots of nice things for us kind of magically (effectively sets up a whole bunch of resources that otherwise we would need to manually write the Terraform config for). Even if we were to decide to do that, how does one figure out all the things the “vpc module” is doing so that I can recreate that explicitly with various ‘resource’(s) instead?
Also, my final question, is it “unusual” to want to have multiple private subnets within a single Availability Zone?