terraform-aws-vpc
terraform-aws-vpc copied to clipboard
terraform-aws-modules
Unable to add a NAT Gateway to the VPC that has only public and database subnets
Description
I would like to be able to add a NAT gateway to a VPC that has no private subnets (only public and database ones). I would've expected setting
enable_nat_gateway = true
create_database_nat_gateway_route = true
would be enough to achieve this, but this doesn't seem to be the case as I encounter the following error which shows that the code is looking to set the route for the private subnets and not finding them:
β Error: Error in function call
β
β on .terraform/modules/vpc/main.tf line 1088, in resource "aws_route" "private_nat_gateway":
β 1088: route_table_id = element(aws_route_table.private[*].id, count.index)
β βββββββββββββββββ
β β while calling element(list, index)
β β aws_route_table.private is empty tuple
β β count.index is 0
β
β Call to function "element" failed: cannot use element function with an empty list.
β΅
β·
β Error: Error in function call
β
β on .terraform/modules/vpc/main.tf line 1088, in resource "aws_route" "private_nat_gateway":
β 1088: route_table_id = element(aws_route_table.private[*].id, count.index)
β βββββββββββββββββ
β β while calling element(list, index)
β β aws_route_table.private is empty tuple
β β count.index is 1
β
β Call to function "element" failed: cannot use element function with an empty list.
- [x] β I have searched the open/closed issues and my issue is not listed.
β οΈ Note
Before you submit an issue, please perform the following first:
- Remove the local
.terraformdirectory (! ONLY if state is stored remotely, which hopefully you are following that best practice!):rm -rf .terraform/ - Re-initialize the project root to pull down modules:
terraform init - Re-attempt your terraform plan or apply and check if the issue still persists
Versions
- Module version [Required]: 5.5.1
- Terraform version:
- Provider version(s):
Terraform v1.7.2 on darwin_arm64 provider registry.terraform.io/hashicorp/aws v5.35.0
Reproduction Code [Required]
Steps to reproduce the behavior: You can see the same if you run plan on:
provider "aws" {
region = local.region
}
data "aws_availability_zones" "available" {}
locals {
name = "application"
region = "eu-west-1"
vpc_cidr = "10.146.0.0/20"
azs = slice(data.aws_availability_zones.available.names, 0, 3)
}
################################################################################
# VPC Module
################################################################################
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.5.1"
name = local.name
cidr = local.vpc_cidr
azs = local.azs
public_subnets = [
"10.146.0.0/24",
"10.146.1.0/24"
]
database_subnets = [
"10.146.2.0/24",
"10.146.3.0/24"
]
enable_nat_gateway = true
create_database_nat_gateway_route = true
create_database_subnet_group = true
create_database_subnet_route_table = true
}
Expected behavior
I should've been able to create the VPC with NAT and the db subnets being allowed to reach the NAT even though there are no private subnets.
Actual behavior
See error above
Terminal Output Screenshot(s)
Additional context
The reason why I am using database_subnets instead of private ones is that I also want to create a database subnet group with the same configuration.
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was automatically closed because of stale in 10 days
I'm going to lock this issue because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.