Do you want to do everything as code ?

Do you know that you CAN manage your CIDRs allocations as code, and that it’s very simple, much more than you probably think ?

I’m not telling you that everybody should do it, but here I’ll try to show you that’s possible and very simple.

What are the main benefits ?

• You’ll have a central place to manage every VPC network address
• Everyone could query this central place to discover another team network address

We just need a centralized terraform state that everyone could read.

This terraform project just outputs our CIDRs allocations onto a state every other project can read: https://bitbucket.org/arglabs/arglabs-main-org-cidr-control/src/master/

Just put the CIDRs by environment on the cidr local map variable as following:

# CIDRs delegations:
  cidr = {

    # Entire company cidr by env:
    org = { 
      dev = "10.200.0.0/16"
      stg = "10.100.0.0/16"
      prd = "10.0.0.0/16"
      default = "" 
    }

    # Teams cidrs:
    sre = { 
      dev = "10.200.0.0/24"
      stg = "10.100.0.0/24"
      prd = "10.0.0.0/24"
      default = ""
    }
    
    team01 = {
      dev = "10.200.1.0/24"
      stg = "10.100.1.0/24"
      prd = "10.0.1.0/24"
      default = ""
    }
    # And so on...

  }

And let the pipeline run:

Then, in every project you need to get your own CIDR or any other CIDR, you can just read the terraform state as following:

data "terraform_remote_state" "cidr" {
  backend   = "s3"
  workspace = "default"
  #workspace = local.env
  config = {
    bucket   = "arglabs-terraform-states"
    region   = "us-east-1"
    role_arn = "arn:aws:iam::005801295308:role/deployer"
    key      = "main/org-cidr-control.tfstate"
  }
}

locals {

  cidr     = data.terraform_remote_state.cidr.outputs.cidr
  org_cidr = data.terraform_remote_state.cidr.outputs.cidr["org"][local.env]
  my_cidr  = data.terraform_remote_state.cidr.outputs.cidr[local.infra_scope_parsed][local.env]
}

output "my_cidr" { value = local.my_cidr }