hashicorp · YakDriver · Mar 29, 2021 · Jan 6, 2021 · Jan 6, 2021 · Jan 6, 2021
@@ -0,0 +1,7 @@
+```release-notes:enhancement
+resource/aws_default_route_table: Add `destination_prefix_list_id` attribute
+```
+
+```release-notes:enhancement
+resource/aws_route_table: Add `destination_prefix_list_id` attribute
+```
@@ -12,6 +12,7 @@ import (
 	tfec2 "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/ec2"
 	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/ec2/finder"
 	tfiam "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/iam"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/tfresource"
 )
 
 const (
@@ -245,6 +246,32 @@ func InstanceIamInstanceProfile(conn *ec2.EC2, id string) resource.StateRefreshF
 	}
 }
 
+const (
+	ErrCodeInvalidRouteTableIDNotFound = "InvalidRouteTableID.NotFound"
+
+	RouteTableStatusReady = "ready"
+)
+
+func RouteTableStatus(conn *ec2.EC2, id string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		output, err := finder.RouteTableByID(conn, id)
+
+		if tfresource.NotFound(err) {
+			return nil, "", nil
+		}
+
+		if err != nil {
+			return nil, "", err
+		}
+
+		if output == nil {
+			return nil, "", nil
+		}
+
+		return output, RouteTableStatusReady, nil
+	}
+}
+
 const (
 	SecurityGroupStatusCreated = "Created"
 

@@ -8,6 +8,7 @@ import (
 	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	tfec2 "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/ec2"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/tfresource"
 )
 
 const (
@@ -257,6 +258,53 @@ const (
 	NetworkAclEntryPropagationTimeout = 5 * time.Minute
 )
 
+const (
+	RouteTableReadyTimeout   = 10 * time.Minute
+	RouteTableDeletedTimeout = 5 * time.Minute
+	RouteTableUpdateTimeout  = 5 * time.Minute
+
+	RouteTableNotFoundChecks = 40
+)
+
+func RouteTableReady(conn *ec2.EC2, id string) (*ec2.RouteTable, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending:        []string{},
+		Target:         []string{RouteTableStatusReady},
+		Refresh:        RouteTableStatus(conn, id),
+		Timeout:        RouteTableReadyTimeout,
+		NotFoundChecks: RouteTableNotFoundChecks,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if output, ok := outputRaw.(*ec2.RouteTable); ok {
+		return output, err
+	}
+
+	return nil, err
+}
+
+func RouteTableDeleted(conn *ec2.EC2, id string) (*ec2.RouteTable, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{RouteTableStatusReady},
+		Target:  []string{},
+		Refresh: RouteTableStatus(conn, id),
+		Timeout: RouteTableDeletedTimeout,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if tfresource.NotFound(err) {
+		return nil, nil
+	}
+
+	if output, ok := outputRaw.(*ec2.RouteTable); ok {
+		return output, err
+	}
+
+	return nil, err
+}
+
 func SecurityGroupCreated(conn *ec2.EC2, id string, timeout time.Duration) (*ec2.SecurityGroup, error) {
 	stateConf := &resource.StateChangeConf{
 		Pending: []string{SecurityGroupStatusNotFound},

@@ -3,12 +3,14 @@ package aws
 import (
 	"fmt"
 	"log"
+	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/ec2/finder"
 )
 
 func resourceAwsDefaultRouteTable() *schema.Resource {
@@ -50,6 +52,9 @@ func resourceAwsDefaultRouteTable() *schema.Resource {
 				Optional:   true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						///
+						// Destinations.
+						///
 						"cidr_block": {
 							Type:     schema.TypeString,
 							Optional: true,
@@ -68,6 +73,14 @@ func resourceAwsDefaultRouteTable() *schema.Resource {
 							),
 						},
 
+						"destination_prefix_list_id": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+
+						//
+						// Targets.
+						//
 						"egress_only_gateway_id": {
 							Type:     schema.TypeString,
 							Optional: true,
@@ -88,22 +101,22 @@ func resourceAwsDefaultRouteTable() *schema.Resource {
 							Optional: true,
 						},
 
-						"transit_gateway_id": {
+						"network_interface_id": {
 							Type:     schema.TypeString,
 							Optional: true,
 						},
 
-						"vpc_endpoint_id": {
+						"transit_gateway_id": {
 							Type:     schema.TypeString,
 							Optional: true,
 						},
 
-						"vpc_peering_connection_id": {
+						"vpc_endpoint_id": {
 							Type:     schema.TypeString,
 							Optional: true,
 						},
 
-						"network_interface_id": {
+						"vpc_peering_connection_id": {
 							Type:     schema.TypeString,
 							Optional: true,
 						},
@@ -128,31 +141,28 @@ func resourceAwsDefaultRouteTable() *schema.Resource {
 }
 
 func resourceAwsDefaultRouteTableCreate(d *schema.ResourceData, meta interface{}) error {
-	d.SetId(d.Get("default_route_table_id").(string))
-
 	conn := meta.(*AWSClient).ec2conn
-	rtRaw, _, err := resourceAwsRouteTableStateRefreshFunc(conn, d.Id())()
+	routeTableID := d.Get("default_route_table_id").(string)
+
+	routeTable, err := finder.RouteTableByID(conn, routeTableID)
+
 	if err != nil {
-		return fmt.Errorf("error reading EC2 Default Route Table (%s): %s", d.Id(), err)
-	}
-	if rtRaw == nil {
-		return fmt.Errorf("error reading EC2 Default Route Table (%s): not found", d.Id())
+		return fmt.Errorf("error reading EC2 Default Route Table (%s): %w", routeTableID, err)
 	}
 
-	rt := rtRaw.(*ec2.RouteTable)
-
-	d.Set("vpc_id", rt.VpcId)
+	d.SetId(routeTableID)
+	d.Set("vpc_id", routeTable.VpcId)
 
 	// revoke all default and pre-existing routes on the default route table.
 	// In the UPDATE method, we'll apply only the rules in the configuration.
 	log.Printf("[DEBUG] Revoking default routes for Default Route Table for %s", d.Id())
-	if err := revokeAllRouteTableRules(d.Id(), meta); err != nil {
+	if err := revokeAllRouteTableRules(conn, routeTable); err != nil {
 		return err
 	}
 
 	if v := d.Get("tags").(map[string]interface{}); len(v) > 0 {
 		if err := keyvaluetags.Ec2CreateTags(conn, d.Id(), v); err != nil {
-			return fmt.Errorf("error adding tags: %s", err)
+			return fmt.Errorf("error adding tags: %w", err)
 		}
 	}
 
@@ -203,75 +213,68 @@ func resourceAwsDefaultRouteTableDelete(d *schema.ResourceData, meta interface{}
 
 // revokeAllRouteTableRules revoke all routes on the Default Route Table
 // This should only be ran once at creation time of this resource
-func revokeAllRouteTableRules(defaultRouteTableId string, meta interface{}) error {
-	conn := meta.(*AWSClient).ec2conn
-	log.Printf("\n***\nrevokeAllRouteTableRules\n***\n")
-
-	resp, err := conn.DescribeRouteTables(&ec2.DescribeRouteTablesInput{
-		RouteTableIds: []*string{aws.String(defaultRouteTableId)},
-	})
-	if err != nil {
-		return err
-	}
-
-	if len(resp.RouteTables) < 1 || resp.RouteTables[0] == nil {
-		return fmt.Errorf("Default Route table not found")
-	}
-
-	rt := resp.RouteTables[0]
-
+func revokeAllRouteTableRules(conn *ec2.EC2, routeTable *ec2.RouteTable) error {
 	// Remove all Gateway association
-	for _, r := range rt.PropagatingVgws {
-		log.Printf(
-			"[INFO] Deleting VGW propagation from %s: %s",
-			defaultRouteTableId, *r.GatewayId)
+	for _, r := range routeTable.PropagatingVgws {
 		_, err := conn.DisableVgwRoutePropagation(&ec2.DisableVgwRoutePropagationInput{
-			RouteTableId: aws.String(defaultRouteTableId),
+			RouteTableId: routeTable.RouteTableId,
 			GatewayId:    r.GatewayId,
 		})
+
 		if err != nil {
 			return err
 		}
 	}
 
 	// Delete all routes
-	for _, r := range rt.Routes {
+	for _, r := range routeTable.Routes {
 		// you cannot delete the local route
-		if r.GatewayId != nil && *r.GatewayId == "local" {
+		if aws.StringValue(r.GatewayId) == "local" {
 			continue
 		}
-		if r.DestinationPrefixListId != nil {
+
+		if aws.StringValue(r.Origin) == ec2.RouteOriginEnableVgwRoutePropagation {
+			continue
+		}
+
+		if r.DestinationPrefixListId != nil && strings.HasPrefix(aws.StringValue(r.GatewayId), "vpce-") {
 			// Skipping because VPC endpoint routes are handled separately
 			// See aws_vpc_endpoint
 			continue
 		}
 
 		if r.DestinationCidrBlock != nil {
-			log.Printf(
-				"[INFO] Deleting route from %s: %s",
-				defaultRouteTableId, *r.DestinationCidrBlock)
 			_, err := conn.DeleteRoute(&ec2.DeleteRouteInput{
-				RouteTableId:         aws.String(defaultRouteTableId),
+				RouteTableId:         routeTable.RouteTableId,
 				DestinationCidrBlock: r.DestinationCidrBlock,
 			})
+
 			if err != nil {
 				return err
 			}
 		}
 
 		if r.DestinationIpv6CidrBlock != nil {
-			log.Printf(
-				"[INFO] Deleting route from %s: %s",
-				defaultRouteTableId, *r.DestinationIpv6CidrBlock)
 			_, err := conn.DeleteRoute(&ec2.DeleteRouteInput{
-				RouteTableId:             aws.String(defaultRouteTableId),
+				RouteTableId:             routeTable.RouteTableId,
 				DestinationIpv6CidrBlock: r.DestinationIpv6CidrBlock,
 			})
+
 			if err != nil {
 				return err
 			}
 		}
 
+		if r.DestinationPrefixListId != nil {
+			_, err := conn.DeleteRoute(&ec2.DeleteRouteInput{
+				RouteTableId:            routeTable.RouteTableId,
+				DestinationPrefixListId: r.DestinationPrefixListId,
+			})
+
+			if err != nil {
+				return err
+			}
+		}
 	}
 
 	return nil