terraform-aws-vpc icon indicating copy to clipboard operation
terraform-aws-vpc copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

aws_vpn_gateway_route_propagation creates

Open svg1007 opened this issue 1 year ago β€’ 4 comments

Description

First of all I'm not sure if it is a real bug or not :)

I faced with the behaviour which does not seem proper, so I have implemented some fix in my fork of the module, but I would like to discuss it here and could provide a pull request for that.

When we execute this module and provide there, let's say, 3 public and 3 private subnets, and after that pass the following parameters

  • enable_nat_gateway = true
  • single_nat_gateway = true
  • enable_vpn_gateway = true

the module suggest to create multiple aws_vpn_gateway_route_propagation.private resources with route_table_id and vpn_gateway_id have exactly the same content.

This seems strange because then we have one resource in AWS managed by multiple terraform resources.

The workaround which I have implemented if just to use an additional bool parameter, like single_vgw_route_propagation_private and then use it like

locals {
  vgw_route_propagation_private_count = var.single_vgw_route_propagation_private ? 1 : local.len_private_subnets
}

resource "aws_vpn_gateway_route_propagation" "private" {
  count = local.create_vpc && var.propagate_private_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? local.vgw_route_propagation_private_count : 0 

  route_table_id = element(aws_route_table.private[*].id, count.index)
  vpn_gateway_id = element(
    concat(
      aws_vpn_gateway.this[*].id,
      aws_vpn_gateway_attachment.this[*].vpn_gateway_id,
    ),
    count.index,
  )
}

svg1007 avatar Aug 24 '23 06:08 svg1007

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] avatar Sep 24 '23 00:09 github-actions[bot]

Any thoughts?

svg1007 avatar Sep 27 '23 09:09 svg1007

This is also a problem for intra subnets, where there is always only one route table. The module should create one aws_vpn_gateway_route_propagation per route table rather than one per subnet. This is a bug, and the only reason it doesn't fail fatally is because of the wrap-around behaviour of element().

steve-dave avatar Oct 16 '23 02:10 steve-dave

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] avatar Nov 16 '23 00:11 github-actions[bot]