AWS Amazon EC2 Subnet
This page shows how to write Terraform and CloudFormation for Amazon EC2 Subnet and write them securely.
aws_default_subnet (Terraform)
The Subnet in Amazon EC2 can be configured in Terraform with the resource name aws_default_subnet
. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_default_subnet" "us-east-1a" {
availability_zone = "us-east-1a"
}
resource "aws_default_subnet" "us-east-1b" {
availability_zone = "us-east-1b"
resource "aws_default_subnet" "default_aza" {
availability_zone = "eu-west-2a"
tags = local.tags
}
resource "aws_default_subnet" "default_azb" {
resource "aws_default_subnet" "default_subnet_a" {
availability_zone = "eu-west-1a"
}
resource "aws_default_subnet" "default_subnet_b" {
availability_zone = "eu-west-1b"
resource "aws_default_subnet" "default_subnet_a" {
availability_zone = var.availability_zones[0]
}
resource "aws_default_subnet" "default_subnet_b" {
availability_zone = var.availability_zones[1]
Parameters
-
arn
optional computed - string -
assign_ipv6_address_on_creation
optional computed - bool -
availability_zone
required - string -
availability_zone_id
optional computed - string -
cidr_block
optional computed - string -
customer_owned_ipv4_pool
optional - string -
id
optional computed - string -
ipv6_cidr_block
optional computed - string -
ipv6_cidr_block_association_id
optional computed - string -
map_customer_owned_ip_on_launch
optional - bool -
map_public_ip_on_launch
optional computed - bool -
outpost_arn
optional - string -
owner_id
optional computed - string -
tags
optional - map from string to string -
tags_all
optional computed - map from string to string -
vpc_id
optional computed - string -
timeouts
single block
Explanation in Terraform Registry
Provides a resource to manage a default AWS VPC subnet in the current region. The
aws_default_subnet
behaves differently from normal resources, in that Terraform does not create this resource but instead "adopts" it into management. Theaws_default_subnet
resource allows you to manage a region's default VPC subnet but Terraform cannot destroy it. Removing this resource from your configuration will remove it from your statefile and Terraform management.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
AWS::EC2::Subnet (CloudFormation)
The Subnet in EC2 can be configured in CloudFormation with the resource name AWS::EC2::Subnet
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::EC2::Subnet
AppSubnetANACLAssociation:
Properties:
NetworkAclId:
Ref: AppNACL
SubnetId:
Type: "AWS::EC2::Subnet"
Properties:
CidrBlock: 172.32.100.0/24
AvailabilityZone: "us-west-2a"
VpcId: !Ref TBPSVpc
Tags:
Type: "AWS::EC2::Subnet"
Properties:
CidrBlock: 172.32.100.0/24
AvailabilityZone: "us-west-2a"
VpcId: !Ref TBPSVpc
Tags:
Type: AWS::EC2::Subnet
HQPrivateSubnet100:
Properties:
AvailabilityZone:
Fn::Select:
- 0
Type: 'AWS::EC2::Subnet'
Properties:
VpcId:
Ref: VPC
CidrBlock:
'Fn::Join':
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : {"Ref" : "vpc1"},
"Tags" : [ {"Key" : "Name", "Value" : "vpc1_sn_A1"} ],
"AvailabilityZone" : {
"Fn::Select" : [
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : {"Ref" : "vpc1"},
"Tags" : [ {"Key" : "Name", "Value" : "vpc1_sn_A1"} ],
"AvailabilityZone" : {
"Fn::Select" : [
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : {"Ref" : "vpc1"},
"Tags" : [ {"Key" : "Name", "Value" : "vpc1_sn_A1"} ],
"AvailabilityZone" : {
"Fn::Select" : [
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : {"Ref" : "vpc1"},
"Tags" : [ {"Key" : "Name", "Value" : "vpc1_sn_A1"} ],
"AvailabilityZone" : {
"Fn::Select" : [
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Fn::Select": [
"0",
{
Parameters
-
AssignIpv6AddressOnCreation
optional - Boolean -
AvailabilityZone
optional - String -
CidrBlock
required - String -
Ipv6CidrBlock
optional - String -
MapPublicIpOnLaunch
optional - Boolean -
OutpostArn
optional - String -
Tags
optional - List of Tag -
VpcId
required - String
Explanation in CloudFormation Registry
Specifies a subnet for a VPC.
When you create each subnet, you provide the VPC ID and IPv4 CIDR block for the subnet. After you create a subnet, you can't change its CIDR block. The size of the subnet's IPv4 CIDR block can be the same as a VPC's IPv4 CIDR block, or a subset of a VPC's IPv4 CIDR block. If you create more than one subnet in a VPC, the subnets' CIDR blocks must not overlap. The smallest IPv4 subnet (and VPC) you can create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 netmask (65,536 IPv4 addresses).
If you've associated an IPv6 CIDR block with your VPC, you can create a subnet with an IPv6 CIDR block that uses a /64 prefix length.
Frequently asked questions
What is AWS Amazon EC2 Subnet?
AWS Amazon EC2 Subnet is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EC2 Subnet?
For Terraform, the hsinha2019/CICDPipeline, ministryofjustice/modernisation-platform and beuleal/flask-app source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the shalupov/idea-cloudformation, thoughtbend/ps-java-aws and thoughtbend/ps-java-aws source code examples are useful. See the CloudFormation Example section for further details.