search

terraform-aws-modules / terraform-aws-vpc

Terraform module to create AWS VPC resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws
Apache License 2.0
2.99k stars 4.44k forks source link

aws_vpn_gateway_route_propagation creates #977

Open svg1007 opened 1 year ago

svg1007 commented 1 year ago

Description

First of all I'm not sure if it is a real bug or not :)

I faced with the behaviour which does not seem proper, so I have implemented some fix in my fork of the module, but I would like to discuss it here and could provide a pull request for that.

When we execute this module and provide there, let's say, 3 public and 3 private subnets, and after that pass the following parameters

the module suggest to create multiple aws_vpn_gateway_route_propagation.private resources with route_table_id and vpn_gateway_id have exactly the same content.

This seems strange because then we have one resource in AWS managed by multiple terraform resources.

The workaround which I have implemented if just to use an additional bool parameter, like single_vgw_route_propagation_private and then use it like 

locals {
  vgw_route_propagation_private_count = var.single_vgw_route_propagation_private ? 1 : local.len_private_subnets
}

resource "aws_vpn_gateway_route_propagation" "private" {
  count = local.create_vpc && var.propagate_private_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? local.vgw_route_propagation_private_count : 0 

  route_table_id = element(aws_route_table.private[*].id, count.index)
  vpn_gateway_id = element(
    concat(
      aws_vpn_gateway.this[*].id,
      aws_vpn_gateway_attachment.this[*].vpn_gateway_id,
    ),
    count.index,
  )
}
github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

svg1007 commented 1 year ago

Any thoughts?

steve-dave commented 1 year ago

This is also a problem for intra subnets, where there is always only one route table. The module should create one aws_vpn_gateway_route_propagation per route table rather than one per subnet. This is a bug, and the only reason it doesn't fail fatally is because of the wrap-around behaviour of element().

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days