4

I am trying to create RDS that would operate only in intranet (aka some private subnet). The access to it will be provided only to the applications.

I've created vpc configuration in a separate terraform file link The file contains vpc configuration, routes, nat and so on.

resource "aws_vpc" "vpc" {
  cidr_block = "10.0.0.0/16"
  enable_dns_support = true
  enable_dns_hostnames = true

  tags {
    Environment = "Dev"
  }
}

resource "aws_subnet" "intranet" {
  vpc_id = "${aws_vpc.vpc.id}"
  cidr_block = "10.0.1.0/24"
  availability_zone = "eu-central-1a"
  tags {
    Name = "Intranet"
    Environemnt = "Dev"
  }
}
....

resource "aws_route_table_association" "intranet" {
   subnet_id = "${aws_subnet.intranet.id}"
   route_table_id = "${aws_route_table.intranet_routetable.id}"
}

For my RDS configuration I created a separate terraform file with the similar content

terraform {
  backend "s3" {
    bucket = "s3-terraform-state-backend"
    region = "eu-central-1"
    key = "common/terraform.tfstate"
  }
}

provider "aws" {
  region = "eu-central-1"
}

resource "aws_vpc" "vpc" {
  cidr_block = "10.0.0.0/16"
  enable_dns_support = true
  enable_dns_hostnames = true

  tags {
    Environment = "Dev"
  }
}

resource "aws_subnet" "intranet" {
  vpc_id = "${aws_vpc.vpc.id}"
  cidr_block = "10.0.1.0/24"
  availability_zone = "eu-central-1a"
  tags {
    Name = "Intranet"
    Environemnt = "Dev"
  }
}

# should contain configuration for common components (rds, sqs etc.)
resource "aws_db_subnet_group" "db_subnet" {
  name = "intranet"
  subnet_ids = ["${aws_subnet.intranet.id}"]
}

resource "aws_db_instance" "core" {
  name = "gj-core-db"
  engine = "postgres"

  allocated_storage = 10
  storage_type = "gp2"
  instance_class = "db.t2.micro"

  db_subnet_group_name = "${aws_db_subnet_group.db_subnet.name}"
}

Basically I duplicated the subnet and vpc configuration from another file (as I need it here too). File itself is here link

When I try to apply the configuration I get the error

* aws_db_subnet_group.db_subnet: Error creating DB Subnet Group: DBSubnetGroupDoesNotCoverEnoughAZs: DB Subnet Group doesn't meet availability zone coverage requirement
. Please add subnets to cover at least 2 availability zones. Current coverage: 1
        status code: 400, request id: 44e37b59-1db1-4519-847f-d35f5d150592

I have only one subnet. What is the problem? Should I created more subnets? Or make this intranet subnet to cover more zones?

Improve this question

2 Answers 2

Reset to default
6

One subnet can not span multiple-AZ. You should create multiple subnets and assign them to the subnet group that you are creating. This is to ensure HA. If you configure multi-AZ RDS DB instance and your primary database fails, RDS will ensure that your database is moved to a different AZ (with the same endpoint).

In case of subnet groups, AWS makes it mandatory that every subnet group should have subnets spread across multiple availability zones. More details can be found here.

Below is the relevant section from the AWS documentation.

Each DB subnet group should have subnets in at least two Availability Zones in a given region. When creating a DB instance in VPC, you must select a DB subnet group. Amazon RDS uses that DB subnet group and your preferred Availability Zone to select a subnet and an IP address within that subnet to associate with your DB instance. If the primary DB instance of a Multi-AZ deployment fails, Amazon RDS can promote the corresponding standby and subsequently create a new standby using an IP address of the subnet in one of the other Availability Zones

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

does that mean that I have to create multiple aws_subnet resources with different cidr blocks?
Yes, you need to have at least 2 subnets in different availability zones.
If you are testing / developing and want a single-AZ RDS, the RDS still needs a subnet group ( and all subnet groups have multiple AZ's ), even if it only uses one AZ?
I don't understand why multi_az can be false but there is still a req to have two AZs (which would require two nats)? aws.amazon.com/blogs/database/… "You can set up Amazon RDS in a Single-AZ database (DB) instance or a Multi-AZ DB instance for high availability requirements." @krishna_mee2004
0

I just fell into the same problem/question and even though the accepted answer feels right, I would like to increment it answering the following question in the comments from @Davos:

"If you are testing / developing and want a single-AZ RDS, the RDS still needs a subnet group ( and all subnet groups have multiple AZ's ), even if it only uses one AZ?"

YES, it does. This seems to be a preparation in case you want to convert RDS to Multi-AZ in the future.

More details can be found here (check "Step 3")

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.