[AWS] Filtering Subnets in Different Availability Zones for EFS Mount Targets with Terraform

Posted on By nim No Comments on [AWS] Filtering Subnets in Different Availability Zones for EFS Mount Targets with Terraform

Bài toán ở đây là client sẽ đưa ra cho chúng ta 1 list subnet. Mục đích của chúng ta là chỉ lựa ra mỗi Zone chúng ta sẽ lấy ra 1 subnet để sử dụng để cài đặt hệ thông:

The Solution:

  1. Check the AZ of each subnet: We’ll fetch the AZ for each subnet.
  2. Only apply EFS Mount Targets to subnets in different AZs: Ensure we create EFS Mount Targets in unique AZs.

Step-by-Step Example

  1. List of Subnets: Let’s assume you provide a list of subnets like this:
variable "eks_private_subnets" {
  type = list(string)
  default = ["subnet-abc123", "subnet-def456", "subnet-ghi789"]
}

2. Fetch Subnet Information: You want to check the availability zone of each subnet. To do this, we use a data "aws_subnet" block to get the AZ of each subnet.

3. Create EFS Mount Targets in Different AZs: Now, we will apply the EFS Mount Target only in subnets that are in unique AZs.

# Fetch the AZ of each subnet
data "aws_subnet" "subnets" {
  for_each = toset(var.eks_private_subnets)
  id       = each.value
}

# Extract the AZ for each subnet
locals {
  subnet_azs = { for s in data.aws_subnet.subnets : s.id => s.availability_zone }
}

# Create EFS Mount Targets in different AZs only
resource "aws_efs_mount_target" "efs_mount_target" {
  count = length(distinct(local.subnet_azs))  # Only count unique AZs

  file_system_id  = aws_efs_file_system.efs_file_system.id
  subnet_id       = element(var.eks_private_subnets, count.index)
  security_groups = [aws_security_group.efs_allow_access.id]
}

Breakdown:

  1. data "aws_subnet": This block fetches the AZ for each subnet in var.eks_private_subnets. It returns the AZ (like us-east-1a, us-east-1b, etc.).
  2. locals { subnet_azs = ... }: We create a local map subnet_azs to store the AZ for each subnet. It looks something like this:
{
  "subnet-abc123" = "us-east-1a",
  "subnet-def456" = "us-east-1b",
  "subnet-ghi789" = "us-east-1a"
}

3. resource "aws_efs_mount_target": In this block, we create an EFS Mount Target. The count is determined by the number of unique AZs in local.subnet_azs using distinct(). So, if two subnets are in the same AZ, it will only count once.

  • If subnet-abc123 and subnet-ghi789 are in the same AZ (us-east-1a), then only 1 EFS Mount Target will be created for AZ us-east-1a and another for AZ us-east-1b.
AWS - Amazon Web Service

More Related Articles

[EKS/IPs] Increase most many IPs as possible on each Node of your EKS. AWS - Amazon Web Service
[AWS] Provision AWS IAM Admin User as EKS Admin AWS - Amazon Web Service
[AWS] Pull images from ECR AWS - Amazon Web Service
[AWS/EKS] Cache Docker image to accelerate EKS container deployment. AWS - Amazon Web Service
[EKS] Adjusting things to migrate EKS legacy to new versions. AWS - Amazon Web Service
[terraform] Error: InvalidPermission.Duplicate: the specified rule AWS - Amazon Web Service

Leave a Reply

Your email address will not be published. Required fields are marked *