TerraForm Issues: "error creating application Load Balancer: ValidationError: At least two subnets in two different Availability Zones must be specified"

jp4g · September 23, 2022, 4:47pm

Hello!

I am having issues now with the subnets/ availability zones.

Issue
Running terraform plan -var-file="vars.tfvars" passes this check. However, running terraform apply -var-file="vars.tfvars" causes the following error:

Error: error creating application Load Balancer: ValidationError: At least two subnets in two different Availability Zones must be specified
	status code: 400, request id: XXXXX
  on .terraform/modules/ceramic_ecs.ceramic.alb/main.tf line 1, in resource "aws_lb" "this":
   1: resource "aws_lb" "this" {

Error: error creating application Load Balancer: ValidationError: At least two subnets in two different Availability Zones must be specified
	status code: 400, request id: XXXXX
  on .terraform/modules/ceramic_ecs.ipfs.alb_internal/main.tf line 1, in resource "aws_lb" "this":
   1: resource "aws_lb" "this" {

Error: error creating application Load Balancer: ValidationError: At least two subnets in two different Availability Zones must be specified
	status code: 400, request id: XXXXX
  on modules/ecs/ipfs/load_balancers.tf line 2, in resource "aws_lb" "external":
   2: resource "aws_lb" "external" {

I followed this guide to implementing subnets for a VPC and it satisfied terraform plan throwing almost the same exact error. I believe that the variables are pointing to the right VPC, that the VPC has proper routing / internet gateway access, and that the subnets are tagged with Ceramic: env. However, I cannot get past the apply error.

Adding the variables to vars.tfvars:

.
.
.
private_subnet_ids = ["subnet-aaa", "subnet-bbb"]
public_subnet_ids  = ["subnet-ccc", "subnet-ddd"]
.
.
.

When configured according to the linked VPC subnetting guide does not change anything.

Thank you for any assistance!

mohsin · September 23, 2022, 10:26pm

Hey, sorry for the delay in getting back to you.

I think what you need to do in this case is to have the two subnets in 2 different Availability Zones (AZs). The article you linked to does not mention AZs.

The us-east-1 region, for example, has 6 AZs (viz. us-east-1a … us-east-1f, etc.), so you would need to create 1 subnet in us-east-1a and another in us-east-1b (or using any other pair of AZs).

jp4g · September 23, 2022, 11:20pm

No worries!

I have configured four subnets - two private and two public - each with one in us-east-1a and us-east-1b.

Which is to say, I do think I have done this step!

In the first post, I add the subnet ID’s to the tfvars file with no effect.

jp4g · September 24, 2022, 5:53pm

Hello - had AZ + tag pairing for my subnets messed up such that the private subnets had the tag “Subnet=public” and vice versa! Still stuck on a CannotPullContainerError now, but this seems much more in the domain of AWS than Ceramic. Nonetheless I will post a follow up once I figure this out for posterity

Further, if properly configured, the subnet_id variables are optional.

mohsin · September 25, 2022, 3:59pm

Ahh, I see, thanks for figuring this out and reporting back

Will appreciate your follow-up as well!

jp4g · September 26, 2022, 7:03pm

I destroyed my VPC and used the AWS GUI tool to automatically make the subnets, attach nat, set up route tables, etc.

This was sufficient to allow the container to contact the internet and pull down the image, resolving this issue.