I have a scenario where I’m using AWS server setup with an EFS and RDS setup. To enable high availability, I’ve configured a PCS cluster, and as a result, some IP addresses have been reserved as virtual IPs.
For deployment, I’m using a Terraform script. However, I’ve noticed that sometimes during deployments, Terraform automatically assigns these reserved IPs to some resources.
To illustrate, in this setup, the app servers are in a private subnet, and the RDS is also in this private subnet. Sometimes, Terraform assigns one of the IPs, which are reserved for app servers as Virtual IPs, to the RDS.
I want to prevent Terraform from assigning these reserved IPs to any other resource during deployment. What are the best practices or solutions to achieve this in Terraform?
2
Answers
Agree with @MarkB . It is AWS that is assigning the IPs, not terraform.
To manage this, I think you could probably use AWS’ IPAM, although I haven’t used it in this way.
Another approach would be to define the network interfaces in terraform and assign them the reserved IPs. This will create the interfaces with the IPs and then you can assign these interfaces to the resources that need them.
A final approach would be to have a subnet of the reserved IPs and only put the resources that should get them into that subnet.
Not sure how you "reserved" those virtual IPs, but the easy way is to define your private subnet CIDR range to avoid/exclude those virtual IPs. By doing this, you can make sure all resources created in this private subnet won’t be assigned those "reserved" virtual IPs.
Furthermore, if you want, you can define private subnet for app servers and another database subnet for RDS to avoid IP conflicts in your case.