Route table and NAT gateway are created even if `private_subnets` is empty

[thomasbiddle]

So - after going through this; I realized the enable_nat_gateway option; I must've copy/pasted from a previous module and left that there. Setting this to false solved the issue.

However - after messing around with this - I realized that I can't have an empty public_subnet list, and have enable_nat_gateway set to true. Whether that's an issue or not - is left to be decided; it's probably not.

Example code:

module "test_vpc" {
  source = "github.com/terraform-community-modules/tf_aws_vpc"

  name = "a-test-vpc"

  cidr = "10.25.0.0/16"

  private_subnets = []
  public_subnets  = ["10.25.1.0/24"]

  enable_nat_gateway = "true"
  enable_dns_support = true

  azs = ["us-west-2a"]

  tags {
    "Terraform" = "true"
  }
}

[antonbabenko]

Could you please show the code?

[TinajaLabs]

I see what I think is the same. I do not need any public access as we are using a peering connection to another VPC with the public interfaces.

BTW, I don't see any module for peering connection. Am I missing something?

The simple test:

# vpc definition
module "vpc" {
  # module source
  source = "../../modules/tf_aws_vpc"

  name = "${var.vpc_name}"

  cidr = "${var.vpc_cidr_block}"

  # private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  private_subnets = ["${var.subnet_cidr_block}"]

  # public_subnets  = []

  enable_nat_gateway = "false"
  azs                = ["us-west-1a"]
  tags {
    "Terraform"   = "true"
    "Environment" = "${var.vpc_name}"
    Name          = "${var.vpc_name}_vpc"
    StopGroup     = "StopEC2atNight"
    desc          = "The VPC definition"
  }
}

This shows in the list:

module.vpc.aws_route_table.public: Creation complete
module.vpc.aws_route.public_internet_gateway: Creation complete

Also it seems there are "default" resources created. Is there any way around this?

[antonbabenko]

Thank you, I will check it during today or tomorrow.

[TinajaLabs]

Looks like it needs management of the count value and might work for anything that has a list of values, like public_subnets.

Thanks for looking into it.

resource "aws_route_table" "public" {

  # cj added this to halt creation of public route table
  count            = "${length(var.public_subnets)}"

  vpc_id           = "${aws_vpc.mod.id}"
  propagating_vgws = ["${var.public_propagating_vgws}"]
  tags             = "${merge(var.tags, map("Name", format("%s-rt-public", var.name)))}"
}

[thomasbiddle]

@TinajaLabs Yeah - Looks like it creates private/public routes and an internet gateway no matter what. Not a big deal as all of those cost nothing - but could be a bit cleaner not to include them unless necessary.

I also went ahead and wrote a short VPC peering module if you'd like to use it: https://github.com/thomasbiddle/tf_aws_vpc_peering

[thomasbiddle]

@antonbabenko I updated my original comment; sorry about that! Was in a rush and didn't have time to elaborate, but wanted to make a note.

[antonbabenko]

@thomasbiddle Thanks for the update and for the module. Please let me know if you want to manage it as a part of terraform-community-modules organization and I will invite you.

[antonbabenko]

If you need to enable NAT gateway you will also have to specify public_subnets. There should be no other breaking changes.

New release is v1.0.12.