Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_vpn_gateway_route_propagation creates #977

Open
svg1007 opened this issue Aug 24, 2023 · 4 comments
Open

aws_vpn_gateway_route_propagation creates #977

svg1007 opened this issue Aug 24, 2023 · 4 comments
Labels
wip
Milestone
v6.0

Comments

@svg1007
Copy link

svg1007 commented Aug 24, 2023

Description

First of all I'm not sure if it is a real bug or not :)

I faced with the behaviour which does not seem proper, so I have implemented some fix in my fork of the module, but I would like to discuss it here and could provide a pull request for that.

When we execute this module and provide there, let's say, 3 public and 3 private subnets, and after that pass the following parameters

  • enable_nat_gateway = true
  • single_nat_gateway = true
  • enable_vpn_gateway = true

the module suggest to create multiple aws_vpn_gateway_route_propagation.private resources with route_table_id and vpn_gateway_id have exactly the same content.

This seems strange because then we have one resource in AWS managed by multiple terraform resources.

The workaround which I have implemented if just to use an additional bool parameter, like single_vgw_route_propagation_private and then use it like

locals {
  vgw_route_propagation_private_count = var.single_vgw_route_propagation_private ? 1 : local.len_private_subnets
}

resource "aws_vpn_gateway_route_propagation" "private" {
  count = local.create_vpc && var.propagate_private_route_tables_vgw && (var.enable_vpn_gateway || var.vpn_gateway_id != "") ? local.vgw_route_propagation_private_count : 0 

  route_table_id = element(aws_route_table.private[*].id, count.index)
  vpn_gateway_id = element(
    concat(
      aws_vpn_gateway.this[*].id,
      aws_vpn_gateway_attachment.this[*].vpn_gateway_id,
    ),
    count.index,
  )
}
@github-actions
Copy link

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

@github-actions github-actions bot added the stale label Sep 24, 2023
@svg1007
Copy link
Author

svg1007 commented Sep 27, 2023

Any thoughts?

@github-actions github-actions bot removed the stale label Sep 28, 2023
@steve-dave
Copy link
Contributor

This is also a problem for intra subnets, where there is always only one route table. The module should create one aws_vpn_gateway_route_propagation per route table rather than one per subnet. This is a bug, and the only reason it doesn't fail fatally is because of the wrap-around behaviour of element().

@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

@github-actions github-actions bot added the stale label Nov 16, 2023
@bryantbiggs bryantbiggs added wip and removed stale labels Nov 20, 2023
@bryantbiggs bryantbiggs added this to the v6.0 milestone Nov 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wip
Projects
None yet
Milestone
v6.0
Development

No branches or pull requests
3 participants
@steve-dave @bryantbiggs @svg1007