diff --git a/aws/bootstrap.tf b/aws/bootstrap.tf
index 1582fff..4b2d821 100644
--- a/aws/bootstrap.tf
+++ b/aws/bootstrap.tf
@@ -38,7 +38,7 @@ resource "aws_instance" "bootstrap" {
   # We're going to launch into the same subnet as our ELB. In a production
   # environment it's more common to have a separate private subnet for
   # backend instances.
-  subnet_id = "${aws_subnet.public.id}"
+  subnet_id = "${aws_subnet.public.0.id}"
 
   # DCOS ip detect script
   provisioner "file" {
diff --git a/aws/dcos-gpu-agents.tf.disabled b/aws/dcos-gpu-agents.tf.disabled
index b4f843f..a35b1b9 100644
--- a/aws/dcos-gpu-agents.tf.disabled
+++ b/aws/dcos-gpu-agents.tf.disabled
@@ -60,7 +60,7 @@ resource "aws_instance" "gpu-agent" {
   # We're going to launch into the same subnet as our ELB. In a production
   # environment it's more common to have a separate private subnet for
   # backend instances.
-  subnet_id = "${aws_subnet.private.id}"
+  subnet_id = "${aws_subnet.private.*.id}"
 
 #  # OS init script
 #  provisioner "file" {
diff --git a/aws/main.tf b/aws/main.tf
index 5c9a2a9..bb0131f 100644
--- a/aws/main.tf
+++ b/aws/main.tf
@@ -19,7 +19,7 @@ resource "aws_vpc" "default" {
   cidr_block = "10.0.0.0/16"
   enable_dns_hostnames = "true"
 
-tags {
+  tags {
    Name = "${coalesce(var.owner, data.external.whoami.result["owner"])}"
   }
 }
@@ -67,17 +67,24 @@ resource "aws_route" "internet_access" {
   gateway_id             = "${aws_internet_gateway.default.id}"
 }
 
-# Create a subnet to launch public nodes into
+# Get the list of availability zones for the region
+data "aws_availability_zones" "available" {}
+
+# Create subnets to launch public nodes into
 resource "aws_subnet" "public" {
+  count                   = "${var.num_of_masters}"
   vpc_id                  = "${aws_vpc.default.id}"
-  cidr_block              = "10.0.0.0/22"
+  cidr_block              = "${cidrsubnet(aws_vpc.default.cidr_block, 8, count.index)}"
+  availability_zone       = "${data.aws_availability_zones.available.names[count.index]}"
   map_public_ip_on_launch = true
 }
 
-# Create a subnet to launch slave private node into
+# Create subnets to launch slave private node into
 resource "aws_subnet" "private" {
+  count                   = "${var.num_of_masters}"
   vpc_id                  = "${aws_vpc.default.id}"
-  cidr_block              = "10.0.4.0/22"
+  cidr_block              = "${cidrsubnet(aws_vpc.default.cidr_block, 8, count.index + 3)}"
+  availability_zone       = "${data.aws_availability_zones.available.names[count.index]}"
   map_public_ip_on_launch = true
 }
 
diff --git a/aws/master.tf b/aws/master.tf
index ae6e41d..6af6a79 100644
--- a/aws/master.tf
+++ b/aws/master.tf
@@ -11,7 +11,7 @@ resource "aws_elb" "internal-master-elb" {
   name = "${data.template_file.cluster-name.rendered}-int-master-elb"
   internal = "true"
 
-  subnets         = ["${aws_subnet.public.id}"]
+  subnets         = ["${aws_subnet.public.0.id}"]
   security_groups = ["${aws_security_group.master.id}","${aws_security_group.public_slave.id}", "${aws_security_group.private_slave.id}"]
   instances       = ["${aws_instance.master.*.id}"]
 
@@ -82,7 +82,7 @@ resource "aws_elb_attachment" "public-master-elb" {
 resource "aws_elb" "public-master-elb" {
   name = "${data.template_file.cluster-name.rendered}-pub-mas-elb"
 
-  subnets         = ["${aws_subnet.public.id}"]
+  subnets         = ["${aws_subnet.public.0.id}"]
   security_groups = ["${aws_security_group.http-https.id}", "${aws_security_group.master.id}", "${aws_security_group.internet-outbound.id}"]
   instances       = ["${aws_instance.master.*.id}"]
 
@@ -154,14 +154,14 @@ resource "aws_instance" "master" {
 
   # OS init script
   provisioner "file" {
-   content = "${module.aws-tested-oses.os-setup}"
-   destination = "/tmp/os-setup.sh"
-   }
+    content = "${module.aws-tested-oses.os-setup}"
+    destination = "/tmp/os-setup.sh"
+  }
 
   # We're going to launch into the same subnet as our ELB. In a production
   # environment it's more common to have a separate private subnet for
   # backend instances.
-  subnet_id = "${aws_subnet.public.id}"
+  subnet_id = "${aws_subnet.public.0.id}"
 
  # We run a remote provisioner on the instance after creating it.
   # In this case, we just install nginx and start it. By default,
diff --git a/aws/private-agent.tf b/aws/private-agent.tf
index ea666c8..7a3a24d 100644
--- a/aws/private-agent.tf
+++ b/aws/private-agent.tf
@@ -42,7 +42,7 @@ resource "aws_instance" "agent" {
   # We're going to launch into the same subnet as our ELB. In a production
   # environment it's more common to have a separate private subnet for
   # backend instances.
-  subnet_id = "${aws_subnet.private.id}"
+  subnet_id = "${element(aws_subnet.private.*.id, count.index)}"
 
   # OS init script
   provisioner "file" {
diff --git a/aws/public-agent.tf b/aws/public-agent.tf
index 295d1d9..dd4610c 100644
--- a/aws/public-agent.tf
+++ b/aws/public-agent.tf
@@ -10,7 +10,7 @@ resource "aws_elb_attachment" "public-agent-elb" {
 resource "aws_elb" "public-agent-elb" {
   name = "${data.template_file.cluster-name.rendered}-pub-agt-elb"
 
-  subnets         = ["${aws_subnet.public.id}"]
+  subnets         = ["${aws_subnet.public.*.id}"]
   security_groups = ["${aws_security_group.public_slave.id}", "${aws_security_group.http-https.id}"]
   instances       = ["${aws_instance.public-agent.*.id}"]
 
@@ -84,7 +84,7 @@ resource "aws_instance" "public-agent" {
   # We're going to launch into the same subnet as our ELB. In a production
   # environment it's more common to have a separate private subnet for
   # backend instances.
-  subnet_id = "${aws_subnet.public.id}"
+  subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
 
   # OS init script
   provisioner "file" {