[Bug]: Error: reading Route Table (rtb-xxx) VPN Gateway (vgw-xxx) route propagation: couldn't find resource

[rkubik-hostersi]

Terraform Core Version

1.3.9

AWS Provider Version

4.56.0

Affected Resource(s)

aws_vpn_gateway_route_propagation

Expected Behavior

aws_vpn_gateway_route_propagation resource is created with success and no terraform issue

Actual Behavior

VPG (vgw-04a133c73ebb529e4) is being added to the route table (rtb-040531274fcea3cbd) as route propagated gateway, but terraform throws error. This happens randomly. For the presented use-case, it happened only for one out of 4 route tables.

When re-running terraform, the resource is marked as tainted and is being recreated with success:

  # module.network_us1.aws_vpn_gateway_route_propagation.private["us-east-2a"] is tainted, so must be replaced
-/+ resource "aws_vpn_gateway_route_propagation" "private" {
      ~ id             = "vgw-04a133c73ebb529e4_rtb-040531274fcea3cbd" -> (known after apply)
        # (2 unchanged attributes hidden)
    }

Relevant Error/Panic Output Snippet

│ Error: reading Route Table (rtb-040531274fcea3cbd) VPN Gateway (vgw-04a133c73ebb529e4) route propagation: couldn't find resource
│ 
│   with module.network_us1.aws_vpn_gateway_route_propagation.private["us-east-2a"],
│   on ../../modules/network/ipsec.tf line 13, in resource "aws_vpn_gateway_route_propagation" "private":
│   13: resource "aws_vpn_gateway_route_propagation" "private" {

Terraform Configuration Files

resource "aws_route_table" "public" {
  vpc_id = aws_vpc.main.id

  tags = {
    Name = format("%s-public", lower(var.environment_name))
  }
}

resource "aws_route_table" "private" {
  for_each = toset(local.availability_zones)

  vpc_id = aws_vpc.main.id

  tags = {
    Name = format("%s-private-%s", lower(var.environment_name), substr(each.key, -2, 2))
  }
}

resource "aws_vpn_gateway" "main" {
  vpc_id = aws_vpc.main.id
  tags = {
    Name = format("%s-vpg", lower(var.environment_name))
  }
}

resource "aws_vpn_gateway_route_propagation" "public" {
  vpn_gateway_id = aws_vpn_gateway.main.id
  route_table_id = aws_route_table.public.id
}

resource "aws_vpn_gateway_route_propagation" "private" {
  for_each = toset(local.availability_zones)

  vpn_gateway_id = aws_vpn_gateway.main.id
  route_table_id = aws_route_table.private[each.key].id
}

Steps to Reproduce

1. terraform apply > issue occurs randomly
2. terraform apply > resource is masked as tainted, apply works

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.