DevOps
Fix Terraform Error: CloudWatch Log Group Already Exists
Fix terraform CloudWatch Log Group ResourceAlreadyExistsException. Import orphaned log groups, prevent Lambda auto-creation
3 min read
DevOps
Fix Terraform Error - Error Creating Subnet - InvalidSubnet Conflict
Fix InvalidSubnet and CIDR conflict errors when creating VPC subnets in Terraform. Handle overlapping CIDRs, AZ limits, and subnet quota issues.
LLuca Berton1 min read
Quick Answer
#The subnet CIDR overlaps with an existing subnet in the VPC, or the CIDR is outside the VPC range. Use cidrsubnet() to calculate non-overlapping CIDRs automatically, and check existing subnets with aws ec2 describe-subnets.
The Error
#Error creating Subnet: InvalidSubnet.Conflict:
The CIDR '10.0.1.0/24' conflicts with another subnetError creating Subnet: InvalidSubnet.Range:
The CIDR '10.1.0.0/24' is not within the VPC CIDR of '10.0.0.0/16'What Causes This
#- CIDR overlap — two subnets with the same or overlapping IP range
- CIDR outside VPC — subnet CIDR doesn't fall within VPC CIDR block
- Manually created subnet — someone made a subnet in the console with the same CIDR
- Previous apply partially failed — subnet exists in AWS but not in state
How to Fix It
#Solution 1: Use cidrsubnet() for Automatic Calculation
#resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}
resource "aws_subnet" "public" {
count = 3
vpc_id = aws_vpc.main.id
cidr_block = cidrsubnet(aws_vpc.main.cidr_block, 8, count.index)
# 10.0.0.0/24, 10.0.1.0/24, 10.0.2.0/24
availability_zone = data.aws_availability_zones.available.names[count.index]
}
resource "aws_subnet" "private" {
count = 3
vpc_id = aws_vpc.main.id
cidr_block = cidrsubnet(aws_vpc.main.cidr_block, 8, count.index + 10)
# 10.0.10.0/24, 10.0.11.0/24, 10.0.12.0/24 — no overlap
availability_zone = data.aws_availability_zones.available.names[count.index]
}Solution 2: Check Existing Subnets
## List all subnets in the VPC
aws ec2 describe-subnets \
--filters "Name=vpc-id,Values=vpc-abc123" \
--query 'Subnets[*].[SubnetId,CidrBlock,AvailabilityZone]' \
--output tableSolution 3: Import the Existing Subnet
#terraform import aws_subnet.public[0] subnet-abc123CIDR Planning Example
#VPC: 10.0.0.0/16 (65,536 IPs)
├── Public Subnets
│ ├── 10.0.0.0/24 (AZ a) — 256 IPs
│ ├── 10.0.1.0/24 (AZ b)
│ └── 10.0.2.0/24 (AZ c)
├── Private Subnets
│ ├── 10.0.10.0/24 (AZ a)
│ ├── 10.0.11.0/24 (AZ b)
│ └── 10.0.12.0/24 (AZ c)
└── Database Subnets
├── 10.0.20.0/24 (AZ a)
├── 10.0.21.0/24 (AZ b)
└── 10.0.22.0/24 (AZ c)Troubleshooting Checklist
#- ✅ Does the CIDR fall within the VPC CIDR?
- ✅ Does it overlap with any existing subnet?
- ✅ Was the subnet created manually in AWS?
- ✅ Are you using
cidrsubnet()to avoid math errors?
Related Articles
#Conclusion
#Subnet CIDR conflicts happen when ranges overlap or fall outside the VPC. Use cidrsubnet() to calculate non-overlapping ranges automatically, offset private subnets from public ones, and check existing subnets before adding new ones.
#Terraform#Troubleshooting#DevOps#Error Fix#Infrastructure as Code
Related articles
DevOps
Fix Terraform Error: Cannot Import Into Existing State
Fix terraform import errors when a resource already exists in state. Covers state rm, state show, reimport workflow, import blocks
3 min read
DevOps
Fix Terraform Error: Too Many Command Line Arguments
Fix terraform too many command line arguments errors. Correct -var syntax, quote values with spaces, and learn proper Terraform CLI argument format for plan
3 min read
DevOps
Fix Terraform Error: Invalid Escape Sequence in String
Fix terraform invalid escape sequence errors. Double backslashes for Windows paths, use heredocs for regex, and learn all valid HCL escape sequences.
2 min read