azurerm_virtual_hub_route_table needs ability to modify the default route table

[erichrockman]

The azure resource azurerm_virtual_hub_route_table does not have the ability to modify the default route table. Consider this architecture for reference - https://docs.microsoft.com/en-us/azure/virtual-wan/scenario-route-through-nva

if deploying via terraform, the ability to add routes to the defaultRouteTable is required. However, this resource seems to only allow for CRUD of a new route table.

running this block results in an error message requiring the import of the resource.

resource "azurerm_virtual_hub_route_table" "hub-rt" { name = "defaultRouteTable" virtual_hub_id = azurerm_virtual_hub.fgt-vwan-hub.id

route { name = "route-to-transit" destinations_type = "CIDR" destinations = ["10.60.130.0/24"] next_hop_type = "ResourceId" next_hop = azurerm_virtual_hub_connection.transit-vnet-to-hub-connection.id } route { name = "route-to-spokes" destinations_type = "CIDR" destinations = ["10.60.132.0/23","10.60.134.0/23"] next_hop_type = "ResourceId" next_hop = azurerm_virtual_hub_connection.transit-vnet-to-hub-connection.id } }

azurerm_virtual_hub_route_table.hub-rt: Creating...

Error: A resource with the ID "/subscriptions/.../providers/Microsoft.Network/virtualHubs/vwan_hub_fgt/hubRouteTables/defaultRouteTable" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_virtual_hub_route_table" for more information.

on vwan.tf line 53, in resource "azurerm_virtual_hub_route_table" "hub-rt": 53: resource "azurerm_virtual_hub_route_table" "hub-rt" {

[cidwtz]

We are having the same issue. What we did was to create vWAN first, then we create the route_table entry in terrraform name default and import the default routing table that was created by vWAN. We were able to add routes to default routing table once it is imported. However, that's a lot of manual steps as we deploying terraform via pipeline. It will be a great enhancement to update the default routing table in the vWAN block itself.

[antanof]

Same issue with Secured Hubs and AZ Firewall :

resource "azurerm_virtual_hub_route_table" "hub" {
  for_each       = { for con in local.connections : con.id => con }
  name           = "defaultRouteTable"
  virtual_hub_id = azurerm_virtual_hub.main[each.value.region].id
  labels         = [ "default" ]

  route {
    name              = "private-traffic"
    destinations_type = "CIDR"
    destinations      = [ "0.0.0.0/0", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ]
    next_hop_type     = "ResourceId"
    next_hop          = azurerm_firewall.hub[each.key].id
  }
}

[matt-FFFFFF]

As an alternative. this can be implemented using azurerm_virtual_hub_route_table_route resources.

The route_table_id property can be interpolated from the properties of the existing deployed virtual hubs, etc.

This means you don't have to manage the defaultRouteTable resource, just the routes within that resource.

Credit to @toma2711

[mlcooper]

What if you want to add labels to the default route table (which is not a route)?

[Brian-Moritz]

What if you want to add labels to the default route table (which is not a route)?

I use the null_resource to run AZ CLI to modify the labels. Would be nice to have better solution.

[AndrewRiceSCA]

You can add routes to the default route table pretty easily using azurerm_virtual_hub_route_table_route as azurerm_virtual_hub exposes the attribute default_route_table_id.

For example:

resource "azurerm_virtual_hub_route_table_route" "example" {
  route_table_id    = azurerm_virtual_hub.example.default_route_table_id
  name              = "example"
  destinations_type = "CIDR"
  destinations      = ["10.0.0.0/16"]
  next_hop          = azurerm_virtual_hub_connection.example.id
}