amazon-web-services - Terraform 中的 AWS VPC CIDR 子网给出错误

问题描述

我有一个 CIDR 块 172.30.0.0/21 并为其创建了 2 个私有子网和 2 个公共子网。它们已在 AWS 控制台中启动并运行！

这些是子网：

# List of private subnets to create in the environment, e.g. ["172.18.0.0/21", "172.18.8.0/21"]
variable "private_subnets-west-2" {
  type    = list(string)
  default = ["172.30.0.0/23", "172.30.6.0/23"]
}

# List of public subnets to create in the environment, e.g. ["172.18.168.0/22", "172.18.172.0/22"]
variable "public_subnets-west-2" {
  type    = list(string)
  default = ["172.30.4.0/23", "172.30.2.0/23"]
}

我的私有子网似乎适合 terraform 计划。但是，我的公共子网似乎没有在应用中运行并且给我错误。

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy

Terraform will perform the following actions:

  # module.rds_replica.aws_db_subnet_group.db_subnet_group[0] will be updated in-place
  ~ resource "aws_db_subnet_group" "db_subnet_group" {
        arn         = "arn:aws:rds:us-west-2"
        description = "Database subnet group for app-replica"
        id          = "app-replica-"
        name        = "app-replica-"
        name_prefix = "app-replica-"
      ~ subnet_ids  = [
          - "subnet-048e730",
          - "subnet-0be733e",
        ] -> (known after apply)
    }

  # module.vpc-us-west-2.aws_nat_gateway.this[0] will be created
  + resource "aws_nat_gateway" "this" {
      + allocation_id        = "eipalloc-0c"
      + id                   = (known after apply)
      + network_interface_id = (known after apply)
      + private_ip           = (known after apply)
      + public_ip            = (known after apply)
      + subnet_id            = (known after apply)
    }

  # module.vpc-us-west-2.aws_nat_gateway.this[1] will be created
  + resource "aws_nat_gateway" "this" {
      + allocation_id        = "eipalloc-0a"
      + id                   = (known after apply)
      + network_interface_id = (known after apply)
      + private_ip           = (known after apply)
      + public_ip            = (known after apply)
      + subnet_id            = (known after apply)
    }

  # module.vpc-us-west-2.aws_route.private_nat_gateway[0] will be updated in-place
  ~ resource "aws_route" "private_nat_gateway" {
        destination_cidr_block = "0.0.0.0/0"
        id                     = "r-rtb-09"
      ~ nat_gateway_id         = "nat-00" -> (known after apply)
        origin                 = "CreateRoute"
        route_table_id         = "rtb-09"
        state                  = "blackhole"

        timeouts {
            create = "5m"
        }
    }

  # module.vpc-us-west-2.aws_route.private_nat_gateway[1] will be updated in-place
  ~ resource "aws_route" "private_nat_gateway" {
        destination_cidr_block = "0.0.0.0/0"
        id                     = "r-rtb-0c"
      ~ nat_gateway_id         = "nat-0d" -> (known after apply)
        origin                 = "CreateRoute"
        route_table_id         = "rtb-0c"
        state                  = "blackhole"

        timeouts {
            create = "5m"
        }
    }

  # module.vpc-us-west-2.aws_route_table_association.public[0] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = "rtb-0"
      + subnet_id      = (known after apply)
    }

  # module.vpc-us-west-2.aws_route_table_association.public[1] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = "rtb-09"
      + subnet_id      = (known after apply)
    }

  # module.vpc-us-west-2.aws_subnet.public[0] will be created
  + resource "aws_subnet" "public" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "us-west-2a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "172.30.4.0/23"
      + id                              = (known after apply)
      + map_public_ip_on_launch         = true
      + owner_id                        = (known after apply)
      + vpc_id                          = "vpc-0d"
    }

  # module.vpc-us-west-2.aws_subnet.public[0] (deposed object 840b9b87) will be destroyed
  - resource "aws_subnet" "public" {
      - arn                             = "arn:aws:ec2:us-west-2:4" -> null
      - assign_ipv6_address_on_creation = false -> null
      - availability_zone               = "us-west-2a" -> null
      - availability_zone_id            = "usw2-az2" -> null
      - cidr_block                      = "172.30.4.0/23" -> null
      - id                              = "subnet-0b" -> null
      - map_public_ip_on_launch         = true -> null
      - owner_id                        = "463" -> null
      - vpc_id                          = "vpc-0d" -> null
    }

  # module.vpc-us-west-2.aws_subnet.public[1] will be created
  + resource "aws_subnet" "public" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "us-west-2c"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "172.30.2.0/23"
      + map_public_ip_on_launch         = true
      + owner_id                        = (known after apply)
      + vpc_id                          = "vpc-0d2"
    }

Plan: 6 to add 3 to change, 1 to destroy.


Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.vpc-us-west-2.aws_subnet.public[0]: Creating...
module.vpc-us-west-2.aws_subnet.public[1]: Creating...

Error: Error creating subnet: InvalidSubnet.Conflict: The CIDR '172.30.2.0/23' conflicts with another subnet
        status code: 400, request id:

  on .terraform/modules/vpc-us-west-2/main.tf line 335, in resource "aws_subnet" "public":
 335: resource "aws_subnet" "public" {



Error: Error creating subnet: InvalidSubnet.Conflict: The CIDR '172.30.4.0/23' conflicts with another subnet
        status code: 400, request id:

  on .terraform/modules/vpc-us-west-2/main.tf line 335, in resource "aws_subnet" "public":
 335: resource "aws_subnet" "public" {

当我在 AWS 中的子网正常工作时......为什么它们没有按计划提出，因为没有变化？

• 它说它将创建“172.30.4.0/23”并销毁前一个？为什么？如果已经创建了该子网，为什么要创建然后销毁已经有的子网？

• 第二个子网也已经在我的帐户中创建，所以不是在计划中选择它，为什么要创建它？

• 我不确定如何解决这些错误...

• 更新：

• 我使用 terraform import 导入了我的第二个子网 172.30.2.0/23。导入成功。但是，现在当我运行计划时......它正在执行与子网 172.30.4.0/23 相同的操作

  • 这已被添加到现在的计划中：

  # module.vpc-us-west-2.aws_subnet.public will be destroyed
  - resource "aws_subnet" "public" {
      - arn                             = "arn:aws:ec2:us-west-2:46***" -> null
      - assign_ipv6_address_on_creation = false -> null
      - availability_zone               = "us-west-2c" -> null
      - availability_zone_id            = "usw2-az3" -> null
      - cidr_block                      = "172.30.2.0/23" -> null
      - id                              = "subnet-0186d**" -> null
      - map_public_ip_on_launch         = false -> null
      - owner_id                        = "46**" -> null
        } -> null
      - vpc_id                          = "vpc-0d2f6cb2feaf3c95e" -> null

      - timeouts {}
    }

• 所以又是说它会破坏已经在 aws 控制台中制作的那个，然后创建一个新的？！

标签： amazon-web-servicesterraformamazon-vpcterraform-provider-awssubnet