On Juju 2.9.0: $ juju version 2.9.0-ubuntu-amd64 $ juju show-model | grep agent-version agent-version: 2.9.0 If I do a simple deploy of easyrsa on AWS: $ juju deploy cs:~containers/easyrsa The unit comes up with a public address: $ juju run --unit easyrsa/0 -- unit-get public-address 34.215.45.91 That address is *not* visible with network-get: $ juju run --unit easyrsa/0 -- network-get client bind-addresses: - mac-address: 06:c0:ef:72:54:17 interface-name: ens5 addresses: - hostname: "" address: 172.31.32.190 cidr: 172.31.32.0/20 macaddress: 06:c0:ef:72:54:17 interfacename: ens5 - mac-address: b2:bd:96:fb:b9:61 interface-name: fan-252 addresses: - hostname: "" address: 252.32.190.1 cidr: 252.32.0.0/12 macaddress: b2:bd:96:fb:b9:61 interfacename: fan-252 egress-subnets: - 172.31.32.190/32 ingress-addresses: - 172.31.32.190 - 252.32.190.1 You're saying I need to create a space that contains the relevant subnets for which I want to expose the endpoint, right? There isn't an existing space that covers it: $ juju spaces Name Space ID Subnets alpha 0 172.31.0.0/20 172.31.16.0/20 172.31.32.0/20 172.31.48.0/20 252.0.0.0/12 252.16.0.0/12 252.32.0.0/12 252.48.0.0/12 So, you want me to take the 279 public subnets for us-west-2 that are defined in https://ip-ranges.amazonaws.com/ip-ranges.json and create a space with them. Okay. Let me try one: $ juju add-space public 34.208.0.0/12 ERROR cannot add space "public": subnet "34.208.0.0/12" not found Yep, Juju isn't aware of the public subnets: $ juju subnets subnets: 172.31.0.0/20: type: ipv4 provider-id: subnet-931b23c8 provider-network-id: vpc-ea4c7a8c status: in-use space: alpha zones: - us-west-2c 172.31.16.0/20: type: ipv4 provider-id: subnet-a7235bc1 provider-network-id: vpc-ea4c7a8c status: in-use space: alpha zones: - us-west-2b 172.31.32.0/20: type: ipv4 provider-id: subnet-4c1b8204 provider-network-id: vpc-ea4c7a8c status: in-use space: alpha zones: - us-west-2a 172.31.48.0/20: type: ipv4 provider-id: subnet-ff8d38d4 provider-network-id: vpc-ea4c7a8c status: in-use space: alpha zones: - us-west-2d 252.0.0.0/12: type: ipv4 provider-id: subnet-931b23c8-INFAN-172-31-0-0-20 provider-network-id: vpc-ea4c7a8c status: in-use space: alpha zones: - us-west-2c 252.16.0.0/12: type: ipv4 provider-id: subnet-a7235bc1-INFAN-172-31-16-0-20 provider-network-id: vpc-ea4c7a8c status: in-use space: alpha zones: - us-west-2b 252.32.0.0/12: type: ipv4 provider-id: subnet-4c1b8204-INFAN-172-31-32-0-20 provider-network-id: vpc-ea4c7a8c status: in-use space: alpha zones: - us-west-2a 252.48.0.0/12: type: ipv4 provider-id: subnet-ff8d38d4-INFAN-172-31-48-0-20 provider-network-id: vpc-ea4c7a8c status: in-use space: alpha zones: - us-west-2d I can't use `juju add-subnet` either: $ juju add-subnet 34.208.0.0/12 alpha ERROR cannot add subnet: subnet with CIDR "34.208.0.0/12" not found Looking at Juju's documentation on network spaces[1], it sounds like this is about what's expected for non-MAAS providers. Creating subnets is not a documented thing. No documentation around handling public subnets whatsoever. I do not see a create-subnet command or anything along those lines in `juju help commands`. Again, the charm needs to know the 34.215.45.91 IP because it must be included in the charm's certificate. It does not appear possible to obtain this without using `unit-get public-address`. What am I missing? [1]: https://juju.is/docs/olm/network-spaces