Invalid index on module.subnet_tags is object with no attributes

[Eagleman7]

I'm trying to upgrade from 4.3.1 to 4.3.2. When doing a plan I get the following error:

 │ Error: Invalid index
 │ 
 │   on .terraform/modules/container.vpc/main.tf line 426, in resource "aws_ec2_transit_gateway_vpc_attachment" "tgw":
 │  426:     module.subnet_tags["transit_gateway"].tags_aws
 │     ├────────────────
 │     │ module.subnet_tags is object with no attributes
 │ 
 │ The given key does not identify an element in this collection value.

I'm using the following TF code in the plan:

module "vpc" {
  source  = "aws-ia/vpc/aws"
  version = "4.3.2"

  name               = var.application_name
  cidr_block         = var.cidr
  az_count           = "3"
  transit_gateway_id = data.aws_ec2_transit_gateway.this.id

  transit_gateway_routes = {
    private = "0.0.0.0/0"
  }

  subnets = {
    private = {
      netmask = 26
    }
    transit_gateway = {
      netmask                                         = 28
      transit_gateway_default_route_table_association = true
      transit_gateway_default_route_table_propagation = true
      transit_gateway_appliance_mode_support          = "disable"
      transit_gateway_dns_support                     = "disable"
    }
  }
}

[drewmullen]

Thank you for opening this issue! Can you confirm that pinning to 4.3.1 still works?

[Eagleman7]

Hey @drewmullen,

4.3.1 works fine for me. I hardcoded all the VPC modules we use to version 4.3.1.

[drewmullen]

So it looks like the error is originating from this commit: https://github.com/aws-ia/terraform-aws-vpc/commit/8de0920f9ba7f8774b2fee96f41bccecf0c23225

As a quick n dirty test can you please try adding a tag to your tgw subnets? Formatting might be off below... typing from my phone 😅

subnets = {
    private = {
      netmask = 26
    }
    transit_gateway = {
      netmask                                         = 28
      transit_gateway_default_route_table_association = true
      transit_gateway_default_route_table_propagation = true
      transit_gateway_appliance_mode_support          = "disable"
      transit_gateway_dns_support                     = "disable"

    tags = {
      subnet_type = "tgw"
    }
   }
  }

[drewmullen]

I believe the bug is on our end (which seems obvious but worth acknowledgeling). When we added this subnet tag reference we did not add in the try() safety guard

Compare: https://github.com/aws-ia/terraform-aws-vpc/blob/4a56893b6e1f77e1987e41ac0d3ac1ad2b25cb03/main.tf#L426

To: https://github.com/aws-ia/terraform-aws-vpc/blob/4a56893b6e1f77e1987e41ac0d3ac1ad2b25cb03/main.tf#L388

And the problem becomes pretty clear.

We'll get this fixed but I think as a temp workaround you can specify a tag that will propagate to the attachment

[Eagleman7]

Thanks for the work-around and fixing the issue!

It seems I didnt tag everything yet as well for the VPC's becaused I missed the tags block in the TGW section :)