feat: add per-tier subnet sizing support

[thiago4go]

• Add optional per-tier newbits variables (public_newbits, private_newbits, etc.)
• Maintain 100% backward compatibility with existing 'newbits' variable
• Enable mixed subnet sizes within same VPC (e.g., /24 for private, /26 for transit)
• Update README with usage example

Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request. If it fixes a bug or resolves a feature request, be sure to link to that issue.

Types of changes

What types of changes does your code introduce to <repo_name>?
Put an x in the boxes that apply

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation Update (if none of the other choices apply)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

• I have read the CONTRIBUTING.md doc.
• I have added necessary documentation (if appropriate).
• Any dependent changes have been merged and published in downstream modules.

Further comments

Adds optional per-tier subnet sizing support for mixed subnet sizes within a VPC.

Changes

• Add optional public_newbits, private_newbits, secure_newbits, transit_newbits, firewall_newbits variables
• Update all subnet resources to use tier-specific newbits
• Add usage example to README

Backward Compatibility

✅ 100% backward compatible - existing configurations work unchanged

• If tier-specific variables not set, falls back to newbits (existing behavior)

Use Case

Enables efficient IP allocation for hub-and-spoke architectures:
hcl
vpc_cidr = "10.39.32.0/21"
newbits = 5 # Default /26
private_newbits = 3 # Override: /24 for applications

Testing

• Terraform syntax validated
• Backward compatibility maintained
• Documentation updated

Suggested Release

v2.4.0 (minor version - new feature, backward compatible)

[amazon-q-developer]

⏳ Code review in progress. Analyzing for code quality issues and best practices. You can monitor the review status in the checks section at the bottom of this pull request. Detailed findings will be posted upon completion.

Using Amazon Q Developer for GitHub

Amazon Q Developer¹ is an AI-powered assistant that integrates directly into your GitHub workflow, enhancing your development process with intelligent features for code development, review, and transformation.

Slash Commands

Command	Description
/q <message>	Chat with the agent to ask questions or request revisions
/q review	Requests an Amazon Q powered code review
/q help	Displays usage information

Features

Agentic Chat
Enables interactive conversation with Amazon Q to ask questions about the pull request or request specific revisions. Use /q <message> in comment threads or the review body to engage with the agent directly.

Code Review
Analyzes pull requests for code quality, potential issues, and security concerns. Provides feedback and suggested fixes. Automatically triggered on new or reopened PRs (can be disabled for AWS registered installations), or manually with /q review slash command in a comment.

Customization

You can create project-specific rules for Amazon Q Developer to follow:

1. Create a .amazonq/rules folder in your project root.
2. Add Markdown files in this folder to define rules (e.g., cdk-rules.md).
3. Write detailed prompts in these files, such as coding standards or best practices.
4. Amazon Q Developer will automatically use these rules when generating code or providing assistance.

Example rule:

All Amazon S3 buckets must have encryption enabled, enforce SSL, and block public access.
All Amazon DynamoDB Streams tables must have encryption enabled.
All Amazon SNS topics must have encryption enabled and enforce SSL.
All Amazon SNS queues must enforce SSL.

Feedback

To provide feedback on Amazon Q Developer, create an issue in the Amazon Q Developer public repository.

For more detailed information, visit the Amazon Q for GitHub documentation.

Footnotes

1. Amazon Q Developer uses generative AI. You may need to verify generated code before using it in your environment. See the AWS Responsible AI Policy. ↩

[amazon-q-developer]

⚠️ Review Failed

I was unable to finalize my review because the pull request head or merge base was modified since I began my review. Please try again.

Request ID: b7e0e955-430e-542a-8f10-88d2380ad055

[Copilot]

Pull Request Overview

This PR adds support for per-tier subnet sizing by introducing tier-specific newbits variables that can override the global newbits setting. This allows users to create subnets of different sizes for different tiers (public, private, secure, transit, firewall) within the same VPC.

• Introduced five new optional variables (public_newbits, private_newbits, secure_newbits, transit_newbits, firewall_newbits) that override the global newbits when set
• Updated all subnet resources to use tier-specific effective newbits values computed via coalesce() logic
• Added documentation and usage examples in README

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
_variables.tf	Added five new tier-specific newbits variables with null defaults and updated the global newbits description
_data.tf	Added local values to compute effective newbits per tier using coalesce to fallback to global newbits
subnet-public.tf	Updated to use local.public_newbits_effective instead of var.newbits
subnet-private.tf	Updated to use local.private_newbits_effective instead of var.newbits
subnet-secure.tf	Updated to use local.secure_newbits_effective instead of var.newbits
subnet-transit.tf	Updated to use local.transit_newbits_effective instead of var.newbits
subnet-firewall.tf	Updated to use local.firewall_newbits_effective instead of var.newbits
README.md	Added usage example demonstrating per-tier subnet sizing configuration

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.