terraform-aws-vpc
terraform-aws-vpc copied to clipboard
Published
20 hours ago β’
terraform-aws-modules
terraform-aws-modules
DynamoDB - Cannot create both Interface and Gateway endpoints
Description
Unable to create both Interface and Gateway VPC endpoints for DynamoDB.
- [ x] β I have searched the open/closed issues and my issue is not listed.
Searched with terraform registry module vpc endpoint cannot create both Interface and Gateway endpoints and found no related information.
β οΈ Note
Before you submit an issue, please perform the following first:
- Remove the local
.terraformdirectory (! ONLY if state is stored remotely, which hopefully you are following that best practice!):rm -rf .terraform/ - Re-initialize the project root to pull down modules:
terraform init - Re-attempt your terraform plan or apply and check if the issue still persists
Done
Versions
-
Module version [Required]: 5.8.1
-
Terraform version:
Terraform v1.8.1
on linux_amd64
+ provider registry.terraform.io/hashicorp/archive v2.4.2
+ provider registry.terraform.io/hashicorp/aws v5.41.0
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/random v3.6.0
+ provider registry.terraform.io/hashicorp/time v0.11.1
- Provider version(s):
terraform providers -version
Terraform v1.8.1
on linux_amd64
+ provider registry.terraform.io/hashicorp/archive v2.4.2
+ provider registry.terraform.io/hashicorp/aws v5.41.0
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/random v3.6.0
+ provider registry.terraform.io/hashicorp/time v0.11.1
Reproduction Code [Required]
resource "aws_security_group" "allow_from_security_group" {
name = "sg"
vpc_id = local.vpc_id
ingress {
from_port = 0
to_port = 0
protocol = -1
self = true
}
egress {
from_port = 0
to_port = 0
protocol = -1
self = true
}
}
module "dynamodb_endpoints" {
source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
version = "5.8.1"
vpc_id = local.vpc_id
security_group_ids = [
aws_security_group.allow_from_security_group.id
]
endpoints = {
dynamodb = {
service = "dynamodb"
private_dns_enabled = false
},
dynamodb = {
service = "dynamodb"
route_table_ids = ["rtb-0a699a4d82df52a0e"] # <--- replace your VPC route table id
}
}
}
Steps to reproduce the behavior:
terraform init
terraform apply
No
Yes
Expected behavior
Be able to create both Gateway and Interface VPC endpoints for DynamoDB.
Actual behavior
Only the Interface VPC endpoint is created.
Terminal Output Screenshot(s)
$ terraform apply
data.aws_availability_zones.all: Reading...
data.aws_caller_identity.current: Reading...
data.aws_region.current: Reading...
data.aws_vpc.dev: Reading...
module.dynamodb_endpoints.data.aws_vpc_endpoint_service.this["dynamodb"]: Reading...
data.aws_region.current: Read complete after 0s [id=ap-southeast-2]
data.aws_caller_identity.current: Read complete after 0s [id=****]
data.aws_availability_zones.all: Read complete after 0s [id=ap-southeast-2]
module.dynamodb_endpoints.data.aws_vpc_endpoint_service.this["dynamodb"]: Read complete after 0s [id=****]
data.aws_vpc.ai_dev: Read complete after 0s [id=vpc-****]
data.aws_subnet.private["subnet-0bdb15230b1897c8c"]: Reading...
data.aws_subnet.private["subnet-0e796e5a7f61139da"]: Reading...
data.aws_subnet.private["subnet-0e3c915076abe5564"]: Reading...
aws_security_group.allow_from_security_group: Refreshing state... [id=sg-036d8f63696cb8409]
data.aws_subnet.private["subnet-0bdb15230b1897c8c"]: Read complete after 0s [id=subnet-0bdb15230b1897c8c]
data.aws_subnet.private["subnet-0e3c915076abe5564"]: Read complete after 0s [id=subnet-0e3c915076abe5564]
data.aws_subnet.private["subnet-0e796e5a7f61139da"]: Read complete after 0s [id=subnet-0e796e5a7f61139da]
module.dynamodb_endpoints.aws_vpc_endpoint.this["dynamodb"]: Refreshing state... [id=vpce-0b6e2b09a36fc8d5e]
