Network spaces with AWS


#1

I’d like to hear from anyone who has successfully used network spaces with Amazon AWS. How is this supposed to work?

My default VPC has the following subnet in it:

172.30.2.0/24

After having created the controller, this is what happened:

$ juju add-space aws-space-20 172.30.2.0/24
ERROR cannot add space "aws-space-20": adding space "aws-space-20": subnet "172.30.2.0/24" not found

#2

Seems correct.

Here is a live example I just ran.

[pdl-aws:pdl-api-staging]
bdx @ bionic-dev ~/allcode/charms/layers
└─ $ ▶ juju spaces
Space  Subnets
igw    172.31.100.0/24
       172.31.98.0/24
       172.31.99.0/24
       252.100.0.0/16
       252.98.0.0/16
       252.99.0.0/16
nat    172.31.102.0/24
       172.31.103.0/24
       172.31.104.0/24
       252.102.0.0/16
       252.103.0.0/16
       252.104.0.0/16

[pdl-aws:pdl-api-staging]
bdx @ bionic-dev ~/allcode/charms/layers
└─ $ ▶ juju add-model spaces-test --credential jamesbeedy-pdl aws/us-west-2
Uploading credential 'aws/bdx/jamesbeedy-pdl' to controller
Added 'spaces-test' model on aws/us-west-2 with credential 'jamesbeedy-pdl' for user 'bdx'

[pdl-aws:spaces-test]
bdx @ bionic-dev ~/allcode/charms/layers
└─ $ ▶ juju spaces
no spaces to display

[pdl-aws:spaces-test]
bdx @ bionic-dev ~/allcode/charms/layers
└─ $ ▶ juju add-space igw 172.31.100.0/24
added space "igw" with subnets 172.31.100.0/24

[pdl-aws:spaces-test]
bdx @ bionic-dev ~/allcode/charms/layers
└─ $ ▶ juju spaces
Space  Subnets
igw    172.31.100.0/24
       252.100.0.0/16

Where 172.31.100.0/24 is a subnet in my default VPC in us-west-2.

Possibly your subnet was created in a different region then your model?


#3

Yeah, I don’t know why it doesn’t work for me.


#4

I have the same issue. I tried to add a new model, then add the default VPC space I own in AWS, and it refuses. I do not see a way to verify in which aws region this VPC is from, I assume it should work with my aws credentials?

crodriguez@camille-hp:$ juju add-model spaces-test
Added 'spaces-test' model on aws/us-east-1 with credential 'camille-aws' for user 'admin'
crodriguez@camille-hp:$ juju add-space aws-vpc 172.31.0.0/16
ERROR cannot add space "aws-vpc": adding space "aws-vpc": subnet "172.31.0.0/16" not found

#5

@camille.rodriguez I think you create a subnet in the default VPC and use that subnet.

Juju allows you to create arbitrary number of subnets inside your vpc with different access requirements and use them as needed inside your Juju models.

For a simple IGW/NAT example:

  1. Create an IGW and a NATGW in your VPC.
  2. Create a routing table for nat-rtg, and one for igw-rtg and add the rule for 0.0.0.0 -> igw to the igw-rtg and 0.0.0.0 -> natgw to the nat-rtg.
  3. Create a subnet for each nat and igw in your vpc, assign each subnet the respective routing table.
  4. Use juju to add each subnet to your model juju add-space nat <your nat cidr>, juju add-space igw <your igw cidr>
  5. Deploy infrastructure/application to each subnet depending on what type of access you want. juju deploy ubuntu ubuntu-igw --constraints "spaces=igw", juju deploy ubuntu ubuntu-nat --constraints "spaces=nat"

Hope this helps!