InvalidSubnet.Conflict: The CIDR 'XXX' conflicts with another subnet

[brikis98]

I am creating a fairly complicated VPC setup with multiple VPCs, subnets, route tables, and network ACLs. I am intermittently seeing a number of different eventual consistency bugs, such as #7038, #5335, #5185, and #6813, most of which go away when I re-run terraform apply. Unfortunately, re-running apply seems to intermittently cause a different bug that does not go away related to some sort of subnet conflict.

Terraform Version

Terraform v0.6.16

Affected Resource(s)

• aws_subnet

Terraform Configuration Files

There is a lot of Terraform code, so I'm trying to focus just on the relevant parts:

resource "aws_subnet" "public" {
    count = "${length(split(",", var.aws_availability_zones))}"
    vpc_id = "${aws_vpc.main.id}"
    availability_zone = "${element(split(",", var.aws_availability_zones), count.index)}"
    cidr_block = "${cidrsubnet(var.cidr_block, 5, count.index)}"
    tags {
        Name = "${var.vpc_name}-public-${count.index}"
    }
}

Expected Behavior

Subnets should be created without errors.

Actual Behavior

I sometimes get the following error:

InvalidSubnet.Conflict: The CIDR '10.2.2.0/23' conflicts with another subnet

Note that there are no duplicate subnets in the templates. I suspect that, given all the other intermittent errors I'm seeing, Terraform is somehow not recording correctly that it already created one of the subnets, and is trying to create it again.

[Bowbaq]

Definitely running into this & all the aforementioned consistency issues when running on CircleCI. I can provide log files if that's helpful.

This is making terraform unusable in a CI context for us.

[catsby]

Thanks @brikis98 – you don't happen to have logs around this by chance, do you? It does sound like a subnet was created, but then we mistakenly don't record it or encounter some other kind of error that prevents us from tracking it. A follow up plan/apply would then result in the duplicate.

Unfortunately tracking this down requires knowing how/why it's failing to save. You don't by chance have a config that reproduces this, do you?

[brikis98]

@catsby I believe this was one of the many bugs that was a side-effect of #7527. Ever since I applied the workaround described in that issue, I have not seen this bug either. Therefore, I'm not sure the particular config matters (the Terraform snippet in the bug description is enough): the important thing is that you get some really crazy errors if you start adding things to a VPC before the gateways are ready.

[catsby]

Thanks @brikis98 – I'm going to close this then and we'll focus on #7527

[smaillns]

Thanks @brikis98 – I'm going to close this then and we'll focus on #7527

Please @catsby did you find a consistent answer to this issue ?

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.