search

terraform-aws-modules / terraform-aws-vpc

Terraform module to create AWS VPC resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws
Apache License 2.0
2.92k stars 4.36k forks source link

DynamoDB - Cannot create both Interface and Gateway endpoints #1078

Closed oonisim closed 1 week ago

oonisim commented 1 month ago

Description

Unable to create both Interface and Gateway VPC endpoints for DynamoDB.

Searched with terraform registry module vpc endpoint cannot create both Interface and Gateway endpoints and found no related information.

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Done

Versions

Terraform v1.8.1
on linux_amd64
+ provider registry.terraform.io/hashicorp/archive v2.4.2
+ provider registry.terraform.io/hashicorp/aws v5.41.0
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/random v3.6.0
+ provider registry.terraform.io/hashicorp/time v0.11.1
 terraform providers -version 
Terraform v1.8.1
on linux_amd64
+ provider registry.terraform.io/hashicorp/archive v2.4.2
+ provider registry.terraform.io/hashicorp/aws v5.41.0
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/random v3.6.0
+ provider registry.terraform.io/hashicorp/time v0.11.1

Reproduction Code [Required]

resource "aws_security_group" "allow_from_security_group" {
  name        = "sg"
  vpc_id      = local.vpc_id

  ingress {
    from_port = 0
    to_port   = 0
    protocol  = -1
    self      = true
  }
  egress {
    from_port = 0
    to_port   = 0
    protocol  = -1
    self      = true
  }
}

module "dynamodb_endpoints" {
  source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
  version = "5.8.1"

  vpc_id = local.vpc_id
  security_group_ids = [
    aws_security_group.allow_from_security_group.id
  ]

  endpoints = {
    dynamodb = {
      service             = "dynamodb"
      private_dns_enabled = false
    },
    dynamodb = {
      service         = "dynamodb"
      route_table_ids = ["rtb-0a699a4d82df52a0e"]   # <--- replace your VPC route table id
    }
  }
}

Steps to reproduce the behavior:

terraform init
terraform apply

No

Yes

Expected behavior

Be able to create both Gateway and Interface VPC endpoints for DynamoDB.

Actual behavior

Only the Interface VPC endpoint is created.

image

Terminal Output Screenshot(s)

$ terraform apply
data.aws_availability_zones.all: Reading...
data.aws_caller_identity.current: Reading...
data.aws_region.current: Reading...
data.aws_vpc.dev: Reading...
module.dynamodb_endpoints.data.aws_vpc_endpoint_service.this["dynamodb"]: Reading...
data.aws_region.current: Read complete after 0s [id=ap-southeast-2]
data.aws_caller_identity.current: Read complete after 0s [id=****]
data.aws_availability_zones.all: Read complete after 0s [id=ap-southeast-2]
module.dynamodb_endpoints.data.aws_vpc_endpoint_service.this["dynamodb"]: Read complete after 0s [id=****]
data.aws_vpc.ai_dev: Read complete after 0s [id=vpc-****]
data.aws_subnet.private["subnet-0bdb15230b1897c8c"]: Reading...
data.aws_subnet.private["subnet-0e796e5a7f61139da"]: Reading...
data.aws_subnet.private["subnet-0e3c915076abe5564"]: Reading...
aws_security_group.allow_from_security_group: Refreshing state... [id=sg-036d8f63696cb8409]
data.aws_subnet.private["subnet-0bdb15230b1897c8c"]: Read complete after 0s [id=subnet-0bdb15230b1897c8c]
data.aws_subnet.private["subnet-0e3c915076abe5564"]: Read complete after 0s [id=subnet-0e3c915076abe5564]
data.aws_subnet.private["subnet-0e796e5a7f61139da"]: Read complete after 0s [id=subnet-0e796e5a7f61139da]
module.dynamodb_endpoints.aws_vpc_endpoint.this["dynamodb"]: Refreshing state... [id=vpce-0b6e2b09a36fc8d5e]

Additional context

bryantbiggs commented 1 month ago

why would you do this?

github-actions[bot] commented 2 weeks ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] commented 1 week ago

This issue was automatically closed because of stale in 10 days