aws_route/aws_route_table: Remove 'instance_id' target

[ewbankkit]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Relates: #5745.
Relates: #1426.

After a route is created that targets an EC2 instance (as Amazon recommend for NAT instances) via the instance_id attribute, reading back the route from the EC2 API also returns the ENI ID of the instance's primary network interface (network_interface_id attribute). Similarly, after a route that targets an ENI attached to an instance (as Amazon recommend for middlebox applicances) via the network_interface_id attribute, reading back the route also returns the Instance ID of that ENI attachment (instance_id attribute).

For the aws_route resource this was addressed initially in hashicorp/terraform#5321 by setting the route target attributes to Computed: true although then causes additional problems when updating the route, addressed in hashicorp/terraform#7686 and #14531. Even with these fixes the diff displayed by Terraform when changing a route target shows the updated routing having both old and new target attributes set.

For the aws_route_table resource, where the individual routes are members of a set, the individual target attributes are not set as Computed: true (although the enclosing route set is). This causes the additional attribute (network_interface_id or instance_id not to be written to state and the eternal diff mentioned in #1426 occurs.
If we mark instance_id and network_interface_id as both Computed: true in the route attribute's schema then we end up having to change the associated set hash function to choose one or other of those attributes to include in the hash and ignore the other - There is then no way to avoid continual diffs for one of network_interface_id or instance_id.

The long-term solution is to remove the instance_id attribute as a route target as the instance's primary ENI's ID can always be used in the network_interface_id attribute - This seems to be the preferred target according to the newer (middlebox appliance) documentation.

[sylr]

@ewbankkit Can we proceed with that breaking change?

Or at least could we make network_interface_id and instance_id not mutually exclusive so that we can set both of them in our declarations and thus avoid the diff?

[ewbankkit]

@sylr I have added the deprecation of instance_id in aws_route and aws_route_table to the list of tasks for v4.0.0 which we will be starting on very soon. This means that we can remove the argument in v5.0.0.
Given that both the aws_route and aws_route_table resources are heavily used and fundamental to many practitioners' infrastructures we need to be conservative in making changes and give plenty of notice.

[sylr]

Are you saying that for the foreseeable future, anyone who needs to use AWS routes with network interfaces is bound to break terraform plan without any kind of workaround?

[jar-b]

Closed by #30804, merged to main via #31392

[github-actions]

This functionality has been released in v5.0.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.