AWS::EC2::Subnet - CidrBlock accessible via Fn::GetAtt

[akunszt]

Quick Sample Summary:

1. Title -> AWS::EC2::Subnet-CidrBlock accessible via Fn::GetAtt
2. Scope of request -> Make the CidrBlock acccessible via Fn::GetAtt on an AWS::EC2::Subnet resource.
3. Expected behavior -> Get back CIDR block used by the Subnet.
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) ->
6. Category tag (optional) -> Compute/Networking & Content
7. Any additional context (optional)

The Subnet resource already supports to get the Ipv6CidrBlocks (big thanks for that!) but not the IpCidrBlocks. As the IPv6 support is not fully implemented in other resources (like you can't use IPv6 on a Site-to-site VPN) we still need to use IPv4 endpoints for Route53 Resolver Inbound Endpoints. This is very over-complicated if you create the Subnet addressing dynamically.

This is how it looks like now (only the relevant parts):

   "SubnetA": {
      "Type": "AWS::EC2::Subnet",
      "Condition": "UseAzA",                                                                                                                                                                                                                                                    
      "Properties": {
        "AvailabilityZone": { "Fn::Sub": "${AWS::Region}a" },
        "CidrBlock": {
          "Fn::Select": [
            0,
            {
              "Fn::Cidr": [ { "Ref": "CIDR" }, 3, 8 ]
            }
          ]
        },
        "MapPublicIpOnLaunch": false,
        "VpcId": { "Ref": "VPC" }
      }
    },
    "Inbound": {
      "Type": "AWS::Route53Resolver::ResolverEndpoint",
      "Properties": {
        "Direction": "INBOUND",
        "IpAddresses": [
          {
            "Fn::If": [
              "UseAzA",
              {
                "Ip": {
                  "Fn::Sub": [
                    "${FirstOctet}.${SecondOctet}.${ThirdOctet}.5",
                    {
                      "FirstOctet": {
                        "Fn::Select": [
                          0,
                          {
                            "Fn::Split": [
                              ".",
                              {
                                "Fn::Select": [
                                  0,
                                  { "Fn::Cidr": [ { "Ref": "CIDR" }, 3, 8 ] }
                                ]
                              }
                            ]
                          }
                        ]
                      },
                      "SecondOctet": {
                        "Fn::Select": [
                          1,
                          {
                            "Fn::Split": [
                              ".",
                              {
                                "Fn::Select": [
                                  0,
                                  { "Fn::Cidr": [ { "Ref": "CIDR" }, 3, 8 ] }
                                ]
                              }
                            ]
                          }
                        ]
                      },
                      "ThirdOctet": {
                        "Fn::Select": [
                          2,
                          {
                            "Fn::Split": [
                              ".",
                              {
                                "Fn::Select": [
                                  0,
                                  { "Fn::Cidr": [ { "Ref": "CIDR" }, 3, 8 ] }
                                ]
                              }
                            ]
                          }
                        ]
                      }
                    }
                  ]
                },
                "SubnetId": { "Ref": "SubnetA" }
              },
              { "Ref": "AWS::NoValue" }
            ]
          }
        ],
        "Name": "regional-dns-inbound",
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "ResolverSecurityGroup",
              "GroupId"
            ]
          }
        ]
      }
    }

I have to recalculate the Subnet's network range again. I would like to change to something like this:

                      "FirstOctet": {
                        "Fn::Select": [
                          0,
                          {
                            "Fn::Split": [
                              ".",
                              { "Fn::GetAtt": [ "SubnetA", "CidrBlock" ] }
                            ]
                          }
                        ]
                      }

[PatMyron]

#68 (comment)

[Luisfermp]

Hi there! Is there any news about that?

[djfurman]

Adding my +1 here

I'm dynamically building my AWS::EC2::Subnet with LogicalNameForSubnet/Type/CidrBlock addresses using !Select [0, !Cidr [ !GetAtt LocalVpc.CidrBlock, 4, 11 ]]

It would be nice to manage the AWS::EC2::NetworkAclEntry with LogicalNameForNetworkAcl/Type/CidrBlock to be able to reference the resulting Subnet's CidrBlock via !GetAtt LogicalNameForSubet.CidrBlock.

This would avoid me repeating the !Cidr call in two areas of the template; or allow me to output the Subnet's CIDR Range to manage the Network ACL in another template.

I've already had several instances where I attempted to modify the Subnet size, but neglected to do it in the NetworkAclEntry, resulting in debug cycles.

[akunszt]

This was silently implemented and it is available now. The "funny" thing that the Ipv6CidrBlocks was removed from the documentation at the same time (it is still usable though).
I think this case can be closed and it is very disappointing that AWS doesn't even take a few seconds to close issues which are already solved. If they don't even grab the low-hanging fruits then I have serious concerns about the usability of this repo.