You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Yes ✅: please list the AWS provider version which introduced this functionality
Is your request related to a problem? Please describe.
The module currently creates a private route table and a public route table by default but doesn't allow users to specify routes for them. The problem is if we declare routes outside of VPC module, the routes are created as separate TF resources and tracked separately from the route table resources in TF state. And if someone adds an undesirable route manually to these route tables by accident through AWS console, TF is not able to detect the new route because it's not in TF state in the first place. This is a widely known risk. It's almost always better to manage routes as part of aws_route_table resource than managing routes individually especially when creating an entire new VPC from scratch. (Only in case where routes in the same route table need to be managed by separate workspaces/repos, it makes sense to use aws_route resource)
And when I tried to work around this issue by defining my own private route table outside of the VPC module, I ran into issue when associating my route table with the private/public subnets because the subnets are already associated with route tables created by the module (aws_route_table_association resources are also created by VPC module):
│ Error: creating Route Table (rtb-093bb6a990703e761) Association: Resource.AlreadyAssociated: the specified association for route table rtb-093bb6a990703e761 conflicts with an existing association
│ status code: 400, request id: 664f9e98-8b0f-4b76-a789-44b9c4ff0df1
│
│ with aws_route_table_association.private[1],
│ on main.tf line 96, in resource "aws_route_table_association" "private":
│ 96: resource "aws_route_table_association" "private" {
Describe the solution you'd like.
Allow user to specify routes for the private and public route tables created by VPC module
Describe alternatives you've considered.
OR alternatively, allow user to tell the module to NOT create the private and public route tables and the corresponding aws_route_table_association resources so that user can define their own outside of the module.
Additional context
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Is your request related to a new offering from AWS?
Is this functionality available in the AWS provider for Terraform?
Is your request related to a problem? Please describe.
The module currently creates a private route table and a public route table by default but doesn't allow users to specify routes for them. The problem is if we declare routes outside of VPC module, the routes are created as separate TF resources and tracked separately from the route table resources in TF state. And if someone adds an undesirable route manually to these route tables by accident through AWS console, TF is not able to detect the new route because it's not in TF state in the first place. This is a widely known risk. It's almost always better to manage routes as part of
aws_route_table
resource than managing routes individually especially when creating an entire new VPC from scratch. (Only in case where routes in the same route table need to be managed by separate workspaces/repos, it makes sense to useaws_route
resource)And when I tried to work around this issue by defining my own private route table outside of the VPC module, I ran into issue when associating my route table with the private/public subnets because the subnets are already associated with route tables created by the module (
aws_route_table_association
resources are also created by VPC module):│ Error: creating Route Table (rtb-093bb6a990703e761) Association: Resource.AlreadyAssociated: the specified association for route table rtb-093bb6a990703e761 conflicts with an existing association
│ status code: 400, request id: 664f9e98-8b0f-4b76-a789-44b9c4ff0df1
│
│ with aws_route_table_association.private[1],
│ on main.tf line 96, in resource "aws_route_table_association" "private":
│ 96: resource "aws_route_table_association" "private" {
Describe the solution you'd like.
Allow user to specify routes for the private and public route tables created by VPC module
Describe alternatives you've considered.
OR alternatively, allow user to tell the module to NOT create the private and public route tables and the corresponding
aws_route_table_association
resources so that user can define their own outside of the module.Additional context
The text was updated successfully, but these errors were encountered: