terraform-aws-vpc icon indicating copy to clipboard operation
terraform-aws-vpc copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

Using create_database_nat_gateway_route=false still creates the NAT GW route in DB RT

Open v-rosa opened this issue 1 year ago β€’ 4 comments

Description

When using the flag create_database_nat_gateway_route = false I was expecting that the database subnets to not have a 0.0.0.0/0 route to a NAT GW.

Versions

  • Module version: v3.4.12

  • Terraform version: v1.1.9

  • Provider version(s):

    • provider registry.terraform.io/hashicorp/aws v4.22.0

Reproduction Code

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  cidr = "172.20.0.0/16"

  azs              = ["us-east-1a", "us-east-1b"]
  private_subnets  = ["172.20.0.0/24", "172.20.1.0/24"]
  public_subnets   = ["172.20.32.0/24", "172.20.33.0/24"]
  database_subnets = ["172.20.34.0/24", "172.20.35.0/24"]

  enable_nat_gateway                = true
  enable_vpn_gateway                = false
  enable_dns_hostnames              = true
  enable_dns_support                = true
  
  create_database_nat_gateway_route = false
  create_database_internet_gateway_route = false

Steps to reproduce the behavior:

Just execute the TF code above.

Expected behavior

When using the flag create_database_nat_gateway_route = false I was expecting that the database subnets to not have a route to a NAT GW.

Actual behavior

The database subnets route tables have a route to the NAT GW.

By not specifiying create_database_subnet_route_table=true, the db subnet is being associated with a private route table which has NAT GW route rule.

This might just be a question of adding the use case to the documentation? Or a improvement needed in https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/main.tf#L1092

v-rosa avatar Jul 15 '22 10:07 v-rosa

Same issue here...

lemontea1011 avatar Aug 02 '22 08:08 lemontea1011

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] avatar Sep 02 '22 00:09 github-actions[bot]

Still valid. Commenting to prevent closure.

v-rosa avatar Sep 02 '22 13:09 v-rosa

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] avatar Oct 03 '22 00:10 github-actions[bot]

Still a problem as of now. Commenting here to remove the stale flag.

if-jeremy avatar Oct 04 '22 15:10 if-jeremy

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] avatar Nov 05 '22 00:11 github-actions[bot]

Still a problem as of now. Commenting here to remove the stale flag.

v-rosa avatar Nov 07 '22 10:11 v-rosa

On top of this, create_database_nat_gateway_route = true attempts to create NAT GW route in a private subnet instead of DB subnet.

demisx avatar Nov 24 '22 03:11 demisx

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] avatar Dec 25 '22 00:12 github-actions[bot]

This issue was automatically closed because of stale in 10 days

github-actions[bot] avatar Jan 05 '23 00:01 github-actions[bot]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Feb 04 '23 02:02 github-actions[bot]