[Bug]: secondary_private_ip_address_count causes NAT Gateway replacement

[jamesh37]

Terraform Core Version

0.13.21

AWS Provider Version

5.21.0

Affected Resource(s)

aws_nat_gateway

Expected Behavior

Changing secondary IPs should not cause the affected NAT gateway to be replaced.

Actual Behavior

The NAT gateway is marked to be replaced with the secondary_private_ip_address_count marked as the cause.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_nat_gateway" "example" {
  subnet_id                = aws_subnet.public.example.id
  allocation_id            = var.elastic_ip_id
  secondary_allocation_ids = var.additional_ip_ids
}

Steps to Reproduce

1. Create a NAT gateway with no secondary allocation IDs.
2. Add the secondary_allocation_ids argument with additional IPs to assign.
3. Run the plan.
4. NAT gateway resource should be marked for recreation.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

The resource works as expected if the ForceNew: true option is removed from https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/ec2/vpc_nat_gateway.go#L89 I'm unsure though if that option is required for some some reason. If it is as simple as that, I'd be happy to get a PR up.

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[b-diggity]

It appears the 'ForceNew: true' option on the 'secondary_ip_address_count' is needed as that value is additive. Example: if that input was set to 2, and then you change it to 3, the computed value becomes 5.

The 'secondary_ip_address_count' value needs to be ignored unless explicitly set.

[velkovb]

secondary_private_ip_address_count - (Optional) [Private NAT Gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT Gateway.

Why does it appear at all on a public NAT Gateway.