Conflicting address prefix and subnets for multi-regional deployments #365
Description
Affected modules
https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/
Terraform CLI and Terraform provider versions
- Terraform version: v1.3.8
- Provider version: 1.49.0
Expected behavior
Non-conflicting CIDRs between regions. Please use VPC defaults. Ideally use the VPC defaults without creating new address prefixes. The work-around is creating a local map with address prefixes for each region and defining the subnets manually.
This causes a few issues:
- Impossible to use transit gateway with defaults
- Default address prefixes are not used and not cleaned up
- Kludge code to workaround (for each usage):
address_prefixes = {
zone-1 = ["10.40.10.0/24"]
zone-2 = ["10.50.10.0/24"]
zone-3 = ["10.60.10.0/24"]
}
subnets = {
zone-1 = [{
acl_name = "vpc-acl"
name = "zone-1"
cidr = "10.40.10.0/24"
}]
zone-2 = [{
acl_name = "vpc-acl"
name = "zone-2"
cidr = "10.50.10.0/24"
}]
zone-3 = [{
acl_name = "vpc-acl"
name = "zone-3"
cidr = "10.60.10.0/24"
}]
}
See: https://github.ibm.com/mathewss/SLZ-Demo/blob/main/main.tf
Actual behavior
Address prefixes conflict between regions, which could cause long term issues for slz adopters as they scale.
Steps to reproduce (including links and screen captures)
Create an SLZ with defaults in 2 or more regions.
Anything else
Unintuitive use of vpc-acl for the network_acl index. Without looking at the code, its very difficult to know the name that should be specified for acl_name when specifying the subnets object.