No routes to internet gateways created when configured for redshift public networks

[zampettim]

Description

When enable_public_redshift is true and create_redshift_subnet_route_table is true, there is no "route" created in the redshift route table for the IPv4 or IPv6 internet gateways. Looking at the code, it seems that the same logic that is used for the database subnets should be replicated for the redshift subnets when enable_public_redshift and create_redshift_subnet_route_table is enabled.

• ✋ I have searched the open/closed issues and my issue is not listed.

Versions

• Module version [Required]: 3.19.0

• Terraform version:
  Terraform v1.3.9

• Provider version(s):

• provider registry.terraform.io/hashicorp/aws v4.59.0
• provider registry.terraform.io/hashicorp/random v3.4.3

Reproduction Code [Required]

Create a file with the following config:

module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "3.19.0"

name = "repo-vpc"
cidr = "10.1.0.0/18"

azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
public_subnets = ["10.1.0.0/24", "10.1.1.0/24", "10.1.2.0/24"]
private_subnets = ["10.1.3.0/24", "10.1.4.0/24", "10.1.5.0/24"]
database_subnets = ["10.1.6.48/28", "10.1.6.64/28", "10.1.6.80/28"]
elasticache_subnets = ["10.1.6.96/28", "10.1.6.112/28", "10.1.6.128/28"]
redshift_subnets = ["10.1.6.0/28", "10.1.6.16/28", "10.1.6.32/28"]

enable_nat_gateway = false
single_nat_gateway = false

enable_dns_hostnames = true
enable_dns_support = true
enable_ipv6 = true
map_public_ip_on_launch = false

create_elasticache_subnet_group = true
create_elasticache_subnet_route_table = true

create_database_subnet_group = true
create_database_subnet_route_table = true

enable_public_redshift = true
create_redshift_subnet_group = true
create_redshift_subnet_route_table = true
}

Steps to reproduce the behavior:

1. terraform init
2. terraform plan
3. terraform apply

No

Yes

Expected behavior

The created route table for redshift has a route to the created/managed IPv4 and IPv6 internet gateways.

Actual behavior

The created/managed route table for redshift is missing routes for the IPv4 and IPv6 internet gateways.

[DRrawlins]

Seeing same behavior as above in the 4.0.1

[bryantbiggs]

see https://github.com/terraform-aws-modules/terraform-aws-vpc#public-access-to-redshift-cluster which is the same for both v3.19.0 and v4.0.x

so simply remove create_redshift_subnet_route_table = true and you should be all set

[zampettim]

I'm confused by your last message @bryantbiggs. Are you saying that if I set create_redshift_subnet_route_table = false then the module will generate the correct route tables and include a route to from the redshift subnets to the internet gateway? The link you provided doesn't say anything about that, just to set enable_public_redshift = true which I did.
Maybe the bug here is to add better documentation as to what create_redshift_subnet_route_table controls and why it should be used.

[bryantbiggs]

looking at the code of both v3.x and v4.x, if you wish to enable public access for Redshift you would set enable_public_redshift = true which (as the link states) will associate the Redshift subnets with the public route table. If you set create_redshift_subnet_route_table = true then its going to associate the Redshift subnets with their own custom route tables which do not have routes to the IGW/NAT GW/etc.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.