Comments (17)
smastrorocco
commented on May 19, 2024
1
@antonbabenko Yes, I've upgraded to v1.29.0 and it's working great. Thanks for the quick response.
from terraform-aws-vpc.
antonbabenko
commented on May 19, 2024
Please provide the piece of code you are trying to run. Have you created VPC routes without using Terraform?
from terraform-aws-vpc.
horsey
commented on May 19, 2024
No, I haven't created any VPC routes using Terraform. I am using the VPC module in the following fashion:
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "${var.vpc_name}"
cidr = "${var.cidr}"
azs = "${var.azs}"
private_subnets = "${var.private_subnets}"
public_subnets = "${var.public_subnets}"
database_subnets = "${var.database_subnets}"
create_database_subnet_group = "${var.create_database_subnet_group}"
enable_nat_gateway = "${var.enable_nat_gateway}"
tags = "${var.vpc_tags}"
}
from terraform-aws-vpc.
horsey
commented on May 19, 2024
I observe the route table is created 3 times when I run terraform plan Is this the way it is supposed to be?
Logs here:
module.production.module.vpc.aws_route.private_nat_gateway[2]: Creating...
destination_cidr_block: "" => "0.0.0.0/0"
destination_prefix_list_id: "" => "<computed>"
egress_only_gateway_id: "" => "<computed>"
gateway_id: "" => "<computed>"
instance_id: "" => "<computed>"
instance_owner_id: "" => "<computed>"
nat_gateway_id: "" => "nat-0580607c824d36f8a"
network_interface_id: "" => "<computed>"
origin: "" => "<computed>"
route_table_id: "" => "rtb-4112f13c"
state: "" => "<computed>"
module.production.module.vpc.aws_route.private_nat_gateway[1]: Creating...
destination_cidr_block: "" => "0.0.0.0/0"
destination_prefix_list_id: "" => "<computed>"
egress_only_gateway_id: "" => "<computed>"
gateway_id: "" => "<computed>"
instance_id: "" => "<computed>"
instance_owner_id: "" => "<computed>"
nat_gateway_id: "" => "nat-047413a0978614325"
network_interface_id: "" => "<computed>"
origin: "" => "<computed>"
route_table_id: "" => "rtb-4112f13c"
state: "" => "<computed>"
module.production.module.vpc.aws_route.private_nat_gateway[0]: Creating...
destination_cidr_block: "" => "0.0.0.0/0"
destination_prefix_list_id: "" => "<computed>"
egress_only_gateway_id: "" => "<computed>"
gateway_id: "" => "<computed>"
instance_id: "" => "<computed>"
instance_owner_id: "" => "<computed>"
nat_gateway_id: "" => "nat-03a905522aea0fa94"
network_interface_id: "" => "<computed>"
origin: "" => "<computed>"
route_table_id: "" => "rtb-4112f13c"
state: "" => "<computed>"
from terraform-aws-vpc.
antonbabenko
commented on May 19, 2024
Have you created VPC routes without using Terraform? Check in AWS console.
It creates 3 routes because there are 3 private subnets and 3 NAT gateways (1 per each availability zone), which is correct behaviour.
from terraform-aws-vpc.
horsey
commented on May 19, 2024
I haven't created VPC routes without using Terraform. Pretty sure about that.
However, after your reply, I noticed I have defined only one private subnet - not three. Could this be the problem? I don't want 3 private subnets in my configuration.
from terraform-aws-vpc.
antonbabenko
commented on May 19, 2024
Please show the full module "vpc" block with actual amount of values (replace ${var....}). It may be a bug or edge case.
from terraform-aws-vpc.
horsey
commented on May 19, 2024
Here is the vpc block with actual values.
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "example-vpc"
cidr = "10.0.0.0/16"
azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
private_subnets = ["10.0.1.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24"]
database_subnets = ["10.0.21.0/24", "10.0.22.0/24", "10.0.23.0/24"]
create_database_subnet_group = true
enable_nat_gateway = true
tags = {
Terraform = "true"
Environment = "dev"
Name = "example-name"
}
}
from terraform-aws-vpc.
antonbabenko
commented on May 19, 2024
Thanks for the code, now I can see the error myself.
Meanwhile, you can make this module to work for you if you set length of both lists of private_subnets and public_subnets to the same length as the number of azs (3). It is a good practice to keep subnets in each AZ and these resources are free. You can also specify single_nat_gateway = true to have the same amount of NAT gateways as now (1) because they cost money.
from terraform-aws-vpc.
antonbabenko
commented on May 19, 2024
v1.10.0 has been released and the bug has been fixed there.
from terraform-aws-vpc.
maxburke
commented on May 19, 2024
Hello!
I am using v1.26.0 and I am seeing a similar problem. Here is my VPC module description:
# VPC
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "ul-infra-vpc"
cidr = "10.0.0.0/16"
azs = ["us-west-2a", "us-west-2b", "us-west-2c"]
private_subnets = ["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"]
# The immutable_metadata tag is for Spinnaker to be able to discover the subnets.
private_subnet_tags = {
immutable_metadata = "{'purpose':'internal'}"
}
public_subnets = ["10.0.254.240/28", "10.0.254.224/28", "10.0.254.208/28"]
public_subnet_tags = {
immutable_metadata = "{'purpose':'external'}"
}
single_nat_gateway = true
enable_nat_gateway = true
enable_s3_endpoint = true
enable_dynamodb_endpoint = true
}
And when I apply my changes with Terraform, I get the result:
module.vpc.aws_route.private_nat_gateway[1]: Creating...
destination_cidr_block: "" => "0.0.0.0/0"
destination_prefix_list_id: "" => "<computed>"
egress_only_gateway_id: "" => "<computed>"
gateway_id: "" => "<computed>"
instance_id: "" => "<computed>"
instance_owner_id: "" => "<computed>"
nat_gateway_id: "" => "nat-051ea8db09567c324"
network_interface_id: "" => "<computed>"
origin: "" => "<computed>"
route_table_id: "" => "rtb-0d8e9b0a66940f24d"
state: "" => "<computed>"
module.vpc.aws_route.private_nat_gateway[2]: Creating...
destination_cidr_block: "" => "0.0.0.0/0"
destination_prefix_list_id: "" => "<computed>"
egress_only_gateway_id: "" => "<computed>"
gateway_id: "" => "<computed>"
instance_id: "" => "<computed>"
instance_owner_id: "" => "<computed>"
nat_gateway_id: "" => "nat-051ea8db09567c324"
network_interface_id: "" => "<computed>"
origin: "" => "<computed>"
route_table_id: "" => "rtb-01647a366b84e9ed3"
state: "" => "<computed>"
module.vpc.aws_route.private_nat_gateway[0]: Creating...
destination_cidr_block: "" => "0.0.0.0/0"
destination_prefix_list_id: "" => "<computed>"
egress_only_gateway_id: "" => "<computed>"
gateway_id: "" => "<computed>"
instance_id: "" => "<computed>"
instance_owner_id: "" => "<computed>"
nat_gateway_id: "" => "nat-051ea8db09567c324"
network_interface_id: "" => "<computed>"
origin: "" => "<computed>"
route_table_id: "" => "rtb-0343dd2d7635c83be"
state: "" => "<computed>"
Error: Error applying plan:
3 error(s) occurred:
* module.vpc.aws_route.private_nat_gateway[2]: 1 error(s) occurred:
* aws_route.private_nat_gateway.2: Error creating route: RouteAlreadyExists: The route identified by 0.0.0.0/0 already exists.
status code: 400, request id: 86c0a46b-4910-43cb-a13d-d8add6abd1fe
* module.vpc.aws_route.private_nat_gateway[0]: 1 error(s) occurred:
* aws_route.private_nat_gateway.0: Error creating route: RouteAlreadyExists: The route identified by 0.0.0.0/0 already exists.
status code: 400, request id: df63823f-ef08-4ebc-b604-fcf2cd617a67
* module.vpc.aws_route.private_nat_gateway[1]: 1 error(s) occurred:
* aws_route.private_nat_gateway.1: Error creating route: RouteAlreadyExists: The route identified by 0.0.0.0/0 already exists.
status code: 400, request id: ac8ddb23-8800-4ddf-be5f-9e1348117f6d
from terraform-aws-vpc.
smastrorocco
commented on May 19, 2024
Seeing the same issue on v1.26.0. On first creation, it says it can't find a matching route for nat gateway with destination 0.0.0.0/0, however in AWS console, the route was created. Any plan after this attempts to add it again, and fails as a duplicate entry until the route is manually removed or imported into TF state.
from terraform-aws-vpc.
antonbabenko
commented on May 19, 2024
Thanks to everyone for reporting this issue. I am quite certain that this issue is now fixed in #111 and v1.27.0 has been released.
Please give it a try and leave a comment if the problem still exists.
from terraform-aws-vpc.
maxburke
commented on May 19, 2024
Hey Anton,
I gave it a try and I'm still seeing the issue:
module.vpc.aws_default_route_table.this: Destroying... (ID: rtb-0ab34e247773f6316)
module.vpc.aws_default_route_table.this: Destruction complete after 0s
Error: Error applying plan:
3 error(s) occurred:
* module.vpc.aws_route.private_nat_gateway[2]: 1 error(s) occurred:
* aws_route.private_nat_gateway.2: Error creating route: RouteAlreadyExists: The route identified by 0.0.0.0/0 already exists.
status code: 400, request id: 883f4a2f-10f6-422c-b1a4-10fbe6d0cacd
* module.vpc.aws_route.private_nat_gateway[0]: 1 error(s) occurred:
* aws_route.private_nat_gateway.0: Error creating route: RouteAlreadyExists: The route identified by 0.0.0.0/0 already exists.
status code: 400, request id: 30b7b29c-4845-4f40-aaaf-1ea12d70ab97
* module.vpc.aws_route.private_nat_gateway[1]: 1 error(s) occurred:
* aws_route.private_nat_gateway.1: Error creating route: RouteAlreadyExists: The route identified by 0.0.0.0/0 already exists.
status code: 400, request id: 8c7d74b2-7bd6-4f61-b650-d2c26941264f```
from terraform-aws-vpc.
antonbabenko
commented on May 19, 2024
Hmm, strange... Does it still fail even after you rerun it and it destroyed module.vpc.aws_default_route_table.this? Could you delete these routes manually via console and see if Terraform is happy?
@smastrorocco Thanks for the explanation. It sounds like a result of eventual consistency somewhere in the process. I did my best today to come up with the failing example and could not reproduce it (tried different regions, different values). Could you give it a try on your setup?
from terraform-aws-vpc.
TamiloreObydy
commented on May 19, 2024
Getting this error when i tried to create vpc. I need help.
Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, net/http: invalid header field value "AWS4-HMAC-SHA256 Credential=\x16AKIAQ7N6RR6I5GQTECZR/20220616/ca-central-1/sts/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date, Signature=842150020261e915db46621bc495ccdbbed9055e22e0e02b0dfea316564c9fe2" for key Authorization
│
│ with provider["registry.terraform.io/hashicorp/aws"],
│ on provider.tf line 1, in provider "aws":
│ 1: provider "aws" {
from terraform-aws-vpc.
github-actions
commented on May 19, 2024
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
from terraform-aws-vpc.
Related Issues (20)
- ACL Rules : missing IPv6 rules HOT 4
- Private NAT Gateway provisioning is not supported HOT 4
- Unable to add a NAT Gateway to the VPC that has only public and database subnets HOT 3
- Support for custom routes HOT 5
- Assign a primary private IP to NAT Gateway during creation HOT 3
- Support for lifecycle ignore_changes to tags HOT 5
- Allow creating vpc flow logs resources without creating vpc HOT 3
- Support mixed IPAM / manual allocation in VPC CIDRs HOT 3
- Unable to migrate from IPv4 to IPv6 (VPC with subnets) HOT 3
- Add support for aws_cloudwatch_log_group log_group_class HOT 1
- VPC endpoints are being replaced sporadically due to `service_name` being unknown at plan time HOT 5
- Allow allowed_principals for module vpc-endpoints HOT 3
- IPv6 Route in Route Table (rtb-xxx) with destination (::/0) already exists HOT 9
- Enable the setup of fully private NAT Gateways HOT 1
- Error in function call for private_ipv6_egress in version 5.7.1 HOT 4
- Custom amount of NAT gateways HOT 2
- Error when creating VPC without any private subnets and has NAT gateways HOT 3
- Introduce aws_ec2_subnet_cidr_reservation in the module
- The aws route public_internet_gateway of the route table getting deleted then recreated
- Support Palestine Banner same as Ukraine 🇵🇸
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-vpc.