Bug in aws_route_table when using network_interface_id/instance_id

[johnrengelman]

When setting a route entry in the aws_route_table resource, you are limited to using one of a variety of options, including network_interface_id or instance_id.

This works, however, when using one of these options, the state file stores values for both of them (it must resolve one from the other). and subsequent terraform plans show changes to be made.

[dbatwa]

This is particularly problematic when using NAT instances.

[tkellen]

I'm seeing this as well, in terraform 0.6.9. Would ya'll like a repo with a reproduction of this?

[jen20]

Hi @tkellen! Yes please, if you have a config which reproduces this it would be great if you could post it!

[tkellen]

Moment. I'll whip one up! You can see it during runs of http://github.com/tkellen/infrastructure but that's like the furthest thing from an isolated test case.

[tkellen]

Here ya go!

variable "aws_access_key" { }
variable "aws_secret_key" { }

provider "aws" {
  access_key = "${var.aws_access_key}"
  secret_key = "${var.aws_secret_key}"
  region = "us-east-1"
}

resource "aws_vpc" "test" {
  cidr_block = "10.10.0.0/16"
}

resource "aws_route_table" "test" {
  vpc_id = "${aws_vpc.test.id}"
}

resource "aws_subnet" "test" {
  vpc_id = "${aws_vpc.test.id}"
  cidr_block = "10.10.10.0/24"
  availability_zone = "us-east-1a"
}

resource "aws_route" "test" {
  route_table_id = "${aws_route_table.test.id}"
  destination_cidr_block = "0.0.0.0/0"
  instance_id = "${aws_instance.nat.id}"
}

resource "aws_instance" "nat" {
  ami = "ami-184dc970"
  instance_type = "t2.nano"
  subnet_id = "${aws_subnet.test.id}"
}

Thanks for all the great work ya'll!

[jen20]

Thanks @tkellen - that clearly demonstrates the issue. We'll get working on a fix for this.

[tkellen]

Sweet! If I had more time I'd attempt a patch to fix this myself--seems like a good first PR. Looking forward to seeing what the resolution looks like.

[conorgil]

Just came to file the same issue. Glad to see it is on the radar. The output always shown in my terraform plan calls look like this:

~ module.vpc.aws_route.ngw.0
    gateway_id:     "" => "nat-123"
    nat_gateway_id: "nat-123" => ""

[BSick7]

Sorry guys. I created aws_route and made a mistake.
I submitted a PR to fix.

[tkellen]

No need to be sorry @BSick7 -- thank you for the addition of this functionality, and for the fix!

[diroussel]

FYI, the PR is #5321

[stack72]

This has been closed in #5321 :) Thanks for the report @tkellen and thanks for the awesome work @BSick7

[madAndroid]

Awesome :) been waiting on this one for some time now .. thanks!!

[gozer]

Turns out this is also affecting aws_route's route {} blocks in the same way:

variable "aws_access_key" { }
variable "aws_secret_key" { }

provider "aws" {
  access_key = "${var.aws_access_key}"
  secret_key = "${var.aws_secret_key}"
  region = "us-east-1"
}

resource "aws_vpc" "test" {
  cidr_block = "10.10.0.0/16"
}

resource "aws_network_interface" "nat" {
  subnet_id = "${aws_subnet.test.id}"
  source_dest_check = false
  attachment {
      instance = "${aws_instance.nat.id}"
     device_index = 1
    }
}

resource "aws_route_table" "test" {
  vpc_id = "${aws_vpc.test.id}"

  route {
    cidr_block = "0.0.0.0/0"
    network_interface_id = "${aws_network_interface.nat.id}"
  }
}

resource "aws_subnet" "test" {
  vpc_id = "${aws_vpc.test.id}"
  cidr_block = "10.10.10.0/24"
  availability_zone = "us-east-1a"
}

resource "aws_instance" "nat" {
  ami = "ami-184dc970"
  instance_type = "t2.nano"
  subnet_id = "${aws_subnet.test.id}"
}

[stack72]

Hi @gozer,

I am going to link your comment here to the latest open issue for this continual recreation issue:

#4097

Paul

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.