{"id":1635,"date":"2023-10-16T15:26:42","date_gmt":"2023-10-16T20:26:42","guid":{"rendered":"https:\/\/cloudlearning365.com\/?p=1635"},"modified":"2023-10-30T18:32:27","modified_gmt":"2023-10-30T23:32:27","slug":"picking-the-correct-subnet-from-aviatrix-created-vpc","status":"publish","type":"post","link":"https:\/\/cloudlearning365.com\/?p=1635","title":{"rendered":"Picking the correct subnet from Aviatrix created VPC"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Resource <strong>aviatrix_vpc<\/strong> creates a VPC\/vNet\/VCN in various cloud types. For Aviatrix Transit VPC, there would be various different subnets created for the purpose of integrating with SDWan appliances, insertion of Firewalls, integration with AWS TGW (Aviatrix Orchestrated), or utilizing AWS Gateway Load Balancer etc.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">An example of subnets created in AWS for Aviatrix Transit VPC with High-Performance Encryption, TGW-O integration, and Firewall integration with GWLB.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"356\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2023\/10\/image-22-1024x356.png\" alt=\"\" class=\"wp-image-1636\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2023\/10\/image-22-1024x356.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2023\/10\/image-22-300x104.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2023\/10\/image-22-768x267.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2023\/10\/image-22-1536x534.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2023\/10\/image-22-2048x712.png 2048w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2023\/10\/image-22-500x174.png 500w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<!--more-->\n\n\n\n<p class=\"wp-block-paragraph\"><strong>aviatrix_vpc<\/strong> resource object with name <strong><em>region1_ew_firenet<\/em><\/strong>, would have following content<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&gt; aviatrix_vpc.region1_ew_firenet\n{\n  \"account_name\" = \"aws-lab\"\n  \"availability_domains\" = tolist(&#91;])\n  \"aviatrix_firenet_vpc\" = true\n  \"aviatrix_transit_vpc\" = false\n  \"azure_vnet_resource_id\" = tostring(null)\n  \"cidr\" = \"10.100.128.0\/23\"\n  \"cloud_type\" = 1\n  \"enable_native_gwlb\" = false\n  \"enable_private_oob_subnet\" = false\n  \"fault_domains\" = tolist(&#91;])\n  \"id\" = \"ue1-ew-firenet\"\n  \"name\" = \"ue1-ew-firenet\"\n  \"num_of_subnet_pairs\" = tonumber(null)\n  \"private_mode_subnets\" = false\n  \"private_subnets\" = tolist(&#91;])\n  \"public_subnets\" = tolist(&#91;\n    {\n      \"cidr\" = \"10.100.128.0\/28\"\n      \"name\" = \"ue1-ew-firenet-Public-gateway-and-firewall-mgmt-us-east-1a\"\n      \"subnet_id\" = \"subnet-0207386fd45f13cf2\"\n    },\n    {\n      \"cidr\" = \"10.100.128.16\/28\"\n      \"name\" = \"ue1-ew-firenet-Public-FW-ingress-egress-us-east-1a\"\n      \"subnet_id\" = \"subnet-0403cbe5100a5945c\"\n    },\n    {\n      \"cidr\" = \"10.100.128.32\/28\"\n      \"name\" = \"ue1-ew-firenet-Public-gateway-and-firewall-mgmt-us-east-1b\"\n      \"subnet_id\" = \"subnet-0a43b6f28b5eb88a6\"\n    },\n    {\n      \"cidr\" = \"10.100.128.48\/28\"\n      \"name\" = \"ue1-ew-firenet-Public-FW-ingress-egress-us-east-1b\"\n      \"subnet_id\" = \"subnet-09341d45fdfbf24bc\"\n    },\n  ])\n  \"region\" = \"us-east-1\"\n  \"resource_group\" = tostring(null)\n  \"route_tables\" = tolist(&#91;\n    \"rtb-0bc87db01bd3574d8\",\n    \"rtb-0e4ad8aa554f1b83f\",\n    \"rtb-0c43ff50047c5c660\",\n    \"rtb-0cfe274b484b5a8a3\",\n    \"rtb-004e80e2c046768d3\",\n    \"rtb-077653aaf6f9bc65b\",\n    \"rtb-0add1518acb0bab5b\",\n  ])\n  \"subnet_size\" = tonumber(null)\n  \"subnets\" = tolist(&#91;\n    {\n      \"cidr\" = \"10.100.128.0\/28\"\n      \"name\" = \"ue1-ew-firenet-Public-gateway-and-firewall-mgmt-us-east-1a\"\n      \"region\" = \"\"\n      \"subnet_id\" = \"subnet-0207386fd45f13cf2\"\n    },\n    {\n      \"cidr\" = \"10.100.128.16\/28\"\n      \"name\" = \"ue1-ew-firenet-Public-FW-ingress-egress-us-east-1a\"\n      \"region\" = \"\"\n      \"subnet_id\" = \"subnet-0403cbe5100a5945c\"\n    },\n    {\n      \"cidr\" = \"10.100.128.32\/28\"\n      \"name\" = \"ue1-ew-firenet-Public-gateway-and-firewall-mgmt-us-east-1b\"\n      \"region\" = \"\"\n      \"subnet_id\" = \"subnet-0a43b6f28b5eb88a6\"\n    },\n    {\n      \"cidr\" = \"10.100.128.48\/28\"\n      \"name\" = \"ue1-ew-firenet-Public-FW-ingress-egress-us-east-1b\"\n      \"region\" = \"\"\n      \"subnet_id\" = \"subnet-09341d45fdfbf24bc\"\n    },\n  ])\n  \"vpc_id\" = \"vpc-094f072505996b378\"\n}<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Occasionally in your Terraform programming, you will need to reference these subnets by their CIDR range, here below is an example of deploying a Palo Firewall associated with the primary Aviatrix Transit Gateway. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Eg: <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>egress_subnet<\/strong> needs to reference a public subnet name containing: <strong>Public-FW-ingress-egress<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>management_subnet<\/strong> needs to reference a public subnet name containing: <strong>Public-gateway-and-firewall-mgmt<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In Terraform version 1.5 and later, a function <strong>strcontains<\/strong> has been introduced to provide a boolean value if a string contains a substring.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In the following example: <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">egress_subnet = element([for s in aviatrix_vpc.region1_ew_firenet.public_subnets : s[&#8220;cidr&#8221;] if strcontains(s[&#8220;name&#8221;], &#8220;Public-FW-ingress-egress&#8221;)], 0)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In <strong>public_subnets<\/strong> list, get the list of cidrs for the subnets name containing &#8220;Public-FW-ingress-egress&#8221; sub-string. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Then use <strong>element<\/strong> function to retrieve the first cidr in the list using index of 0<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>resource \"aviatrix_firewall_instance\" \"region1_ew_fw_1\" {\n  firewall_name          = \"${var.region1_code}-ew-fw-1\"\n  firewall_size          = \"m5.xlarge\"\n  vpc_id                 = aviatrix_vpc.region1_ew_firenet.vpc_id\n  firewall_image         = \"Palo Alto Networks VM-Series Next-Generation Firewall (BYOL)\"\n  firewall_image_version = \"11.0.2\"\n  egress_subnet          = element(&#91;for s in aviatrix_vpc.region1_ew_firenet.public_subnets : s&#91;\"cidr\"] if strcontains(s&#91;\"name\"], \"Public-FW-ingress-egress\")], 0)\n  firenet_gw_name        = aviatrix_transit_gateway.region1_ew_transit_firenet.gw_name\n\n  management_subnet = element(&#91;for s in aviatrix_vpc.region1_ew_firenet.public_subnets : s&#91;\"cidr\"] if strcontains(s&#91;\"name\"], \"Public-gateway-and-firewall-mgmt\")], 0)\n}<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">If we are going to deploy another Firewall instance, we just have to use the <strong>element<\/strong> function to retrieve the second cidr in the list using index of 1<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">egress_subnet = element([for s in aviatrix_vpc.region1_ew_firenet.public_subnets : s[&#8220;cidr&#8221;] if strcontains(s[&#8220;name&#8221;], &#8220;Public-FW-ingress-egress&#8221;)], <strong>1<\/strong>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Resource aviatrix_vpc creates a VPC\/vNet\/VCN in various cloud types. For Aviatrix Transit VPC, there would be various different subnets created for the purpose of integrating with SDWan appliances, insertion of Firewalls, integration with AWS TGW (Aviatrix Orchestrated), or utilizing AWS &hellip; <a href=\"https:\/\/cloudlearning365.com\/?p=1635\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,3,8],"tags":[],"class_list":["post-1635","post","type-post","status-publish","format-standard","hentry","category-aviatrix","category-aws","category-terraform"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/1635","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1635"}],"version-history":[{"count":2,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/1635\/revisions"}],"predecessor-version":[{"id":1639,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/1635\/revisions\/1639"}],"wp:attachment":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1635"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1635"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1635"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}