Subnet IDs are not working on the VPN module in Terraform when creating a new environment

cds-snc / notification-planning-core

Project planning for GC Notify Core Team

0 stars 0 forks source link

Subnet IDs are not working on the VPN module in Terraform when creating a new environment #318

Open ben851 opened 3 months ago

ben851 commented 3 months ago

Describe the bug

When apply terraform/aws/common in a new environment, the VPN module crashes, complaining about an invalid string type on subnet_ids. This works fine on existing environments

Bug Severity

See examples in the documentation

SEV-3

To Reproduce

Terragrunt apply in common folder against scratch account

Expected behavior

Terragrunt should apply properly

Impact

The system is not in a ready state for disaster recovery

Additional context

Discovered as part of BCP

QA

[x] Make sure TF still applies in production
[x] Verify connectivity to staging K8s and VPN
[x] Verify connectivity to production K8s and VPN

ben851 commented 3 months ago

It looks as though Terraform/Terragrunt has problems computing potential values if they don't exist for subnet IDs.

I have moved the vpn module to the eks folder so that the subnet IDs already exist.

While doing this, I broke dev VPN when trying to migrate state. I found a solution here that I need to try out.

P0NDER0SA commented 3 months ago

Need to write up a procedural on this. still working on it.

ben851 commented 2 months ago

I was QA'ing my own work in dev to make sure that it worked, and it did not. Will have to investigate more.

ben851 commented 2 months ago

Created a new PR with the final migration steps.

ben851 commented 2 months ago

Merged - state migrated in both staging and production

P0NDER0SA commented 2 months ago

QA'ed this and it works. connectivity with and without prod vpn connection works as expected