Open bodgit opened 2 years ago
replicated on hashicorp/aws v5.13.1
when trying to remove and recreate routes to the same destination cidr with a new peering connection.
Error: waiting for Route in Route Table (rtb-xxxxxxxxxx) with destination (10.80.0.0/16) delete: timeout while waiting for resource to be gone (last state: 'ready', timeout: 5m0s)
The above error appears even though i have confirmed via the aws console that the route is actually deleted and has been replaced by the new route.. Running terraform plan again shows the below:
# aws_route.development["rtb-xxxxxxxxxx"] will be destroyed
# (because aws_route.development is not in configuration)
- resource "aws_route" "development" {
- destination_cidr_block = "10.80.0.0/16" -> null
- id = "r-rtb-xxxxxxxxxx" -> null
- origin = "CreateRoute" -> null
- route_table_id = "rtb-xxxxxxxxxx" -> null
- state = "active" -> null
- vpc_peering_connection_id = "pcx-xxxxxxxxxx" -> null
}
running the apply will delete the newly created routes. and running the plan again will show the routes re-appear in the plan to be created.
Community Note
Terraform CLI and Terraform AWS Provider Version
Affected Resource(s)
aws_route
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
Expected Behavior
Route should be removed and Terraform exits cleanly.
Actual Behavior
The route is removed, however Terraform times out waiting for the route to disappear because the waiting code finds the propagated route. The following error is logged:
Trying to apply again results in Terraform potentially trying to delete the propagated route.
When Terraform is reading/querying for routes, it doesn't seem to include the target type of the route in the search criteria, i.e.
transit_gateway_id
etc. so if you have the same route available via multiple targets you get into trouble.Steps to Reproduce
terraform apply
aws_route
resource from the configurationterraform apply
Important Factoids
The example scenario is a bit complex to reproduce. I have multiple accounts that currently each have a VPN gateway with dedicated Direct Connect private interfaces for connectivity and I'm in the process of changing over to using a Transit Gateway instead that each account is connected to. So for a period of time whilst both types of connectivity is up, I potentially have the same routes available via both a
vgw-XXXXX
resource and atgw-XXXXX
resource. Eventually the VPN gateway will be destroyed and so there'll only be one of each route again.