terraform-provider-aws: terraform: Error finding route after creating it: Unable to find matching route for Route Table

This issue was originally opened by @FlorinAndrei as hashicorp/terraform#9756. It was migrated here as part of the provider split. The original body of the issue is below.

Terraform Version

Terraform v0.7.7

Terraform Configuration Files

https://dl.dropboxusercontent.com/u/29966/tf.zip

Expected Behavior

Create the infrastructure.

Actual Behavior

https://gist.github.com/FlorinAndrei/17c0a12e70c0a15671322030b419ec92

However, the routes, route tables, and NAT gateways were all created just fine. Subnet associations were set also.

Running terraform plan again produces this output:

+ module.network.private_subnet.aws_route.private_nat_gw.2
    destination_cidr_block:     "0.0.0.0/0"
    destination_prefix_list_id: "<computed>"
    gateway_id:                 "<computed>"
    instance_id:                "<computed>"
    instance_owner_id:          "<computed>"
    nat_gateway_id:             "nat-09ffe6396b7b4f821"
    network_interface_id:       "<computed>"
    origin:                     "<computed>"
    route_table_id:             "rtb-6ad9640d"
    state:                      "<computed>"


Plan: 1 to add, 0 to change, 0 to destroy.

But that route exists already. If I try to apply the plan, I get this:

module.network.private_subnet.aws_route.private_nat_gw.2: Creating...
  destination_cidr_block:     "" => "0.0.0.0/0"
  destination_prefix_list_id: "" => "<computed>"
  gateway_id:                 "" => "<computed>"
  instance_id:                "" => "<computed>"
  instance_owner_id:          "" => "<computed>"
  nat_gateway_id:             "" => "nat-09ffe6396b7b4f821"
  network_interface_id:       "" => "<computed>"
  origin:                     "" => "<computed>"
  route_table_id:             "" => "rtb-6ad9640d"
  state:                      "" => "<computed>"
Error applying plan:

1 error(s) occurred:

* aws_route.private_nat_gw.2: Error creating route: RouteAlreadyExists: The route identified by 0.0.0.0/0 already exists.
	status code: 400, request id: 31c1946f-6359-41c6-8be6-460c8d3b5d99

terraform refresh produces this output:

terraform_remote_state.aws_global: Refreshing state... (ID: 2016-10-31 20:05:38.730089879 +0000 UTC)
module.network.nat.aws_eip.nat.0: Refreshing state... (ID: eipalloc-e15ccd86)
module.network.nat.aws_eip.nat.1: Refreshing state... (ID: eipalloc-785ccd1f)
module.network.nat.aws_eip.nat.2: Refreshing state... (ID: eipalloc-795ccd1e)
module.network.vpc.aws_vpc.vpc: Refreshing state... (ID: vpc-b04abed7)
module.network.vpc.aws_vpc_peering_connection.peering: Refreshing state... (ID: pcx-327bc05b)
module.network.public_subnet.aws_internet_gateway.public: Refreshing state... (ID: igw-da109cbe)
module.network.public_subnet.aws_route_table.public: Refreshing state... (ID: rtb-6cd9640b)
module.network.public_subnet.aws_subnet.public.2: Refreshing state... (ID: subnet-a86c0ff0)
module.network.private_subnet.aws_subnet.private.0: Refreshing state... (ID: subnet-afefdad9)
module.network.private_subnet.aws_route_table.private.0: Refreshing state... (ID: rtb-6bd9640c)
module.network.private_subnet.aws_route_table.private.1: Refreshing state... (ID: rtb-6dd9640a)
module.network.public_subnet.aws_subnet.public.1: Refreshing state... (ID: subnet-933b28f7)
module.network.public_subnet.aws_subnet.public.0: Refreshing state... (ID: subnet-adefdadb)
module.network.private_subnet.aws_subnet.private.2: Refreshing state... (ID: subnet-a96c0ff1)
module.network.private_subnet.aws_route_table.private.2: Refreshing state... (ID: rtb-6ad9640d)
module.network.private_subnet.aws_subnet.private.1: Refreshing state... (ID: subnet-9d3b28f9)
module.network.public_subnet.aws_route.public_gw: Refreshing state... (ID: r-rtb-6cd9640b1080289494)
module.network.public_subnet.aws_route_table_association.public.0: Refreshing state... (ID: rtbassoc-f928c59f)
module.network.public_subnet.aws_route_table_association.public.1: Refreshing state... (ID: rtbassoc-c728c5a1)
module.network.public_subnet.aws_route_table_association.public.2: Refreshing state... (ID: rtbassoc-c628c5a0)
module.network.nat.aws_nat_gateway.nat.0: Refreshing state... (ID: nat-0b9579e6856f9f3d3)
module.network.nat.aws_nat_gateway.nat.1: Refreshing state... (ID: nat-0533b77ab8365de80)
module.network.nat.aws_nat_gateway.nat.2: Refreshing state... (ID: nat-09ffe6396b7b4f821)
module.network.private_subnet.aws_route_table_association.private.0: Refreshing state... (ID: rtbassoc-fd28c59b)
module.network.private_subnet.aws_route_table_association.private.1: Refreshing state... (ID: rtbassoc-fa28c59c)
module.network.private_subnet.aws_route_table_association.private.2: Refreshing state... (ID: rtbassoc-fb28c59d)
module.network.aws_network_acl.acl: Refreshing state... (ID: acl-9168b8f6)
module.network.private_subnet.aws_route.private_nat_gw.1: Refreshing state... (ID: r-rtb-6dd9640a1080289494)
module.network.private_subnet.aws_route.private_nat_gw.0: Refreshing state... (ID: r-rtb-6bd9640c1080289494)

Please note how gw.2 is not mentioned in the refresh.

terraform plan -destroy also does not mention gw.2

Applying that -destroy plan works well and destroys all infrastructure.

Steps to Reproduce

terraform apply

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 7
  • Comments: 18 (3 by maintainers)

Most upvoted comments

Still experiencing this issues, successfully resolved using:

timeouts {
    create = "5m"
  }

Terraform v0.12.8 provider “aws” (hashicorp/aws) 2.33.0

+3
kostas-theo on Oct 30, 2019

Hey,

Just wanted to confirm that the timeout increase apparently fixed the issue:

timeouts {
    create = "5m"
  }
+3
rafaljanicki on Apr 9, 2018

I found that my situation had to do with a malformed CIDR reference. I had 192.168.0.21/30 as my destination_cidr_block, but AWS was nicely adjusting that to the more accurate 192.168.0.20/30 when. Meanwhile, I guess terraform was looking for the one I specified to confirm completion rather than the adjusted one. Same error pattern, different cause. Hope this saves someone some trouble.

+2
flickerfly on Sep 20, 2018

Same here, on 0.10.2.

Running apply the first time:

aws_route_table.private: Creating...
  propagating_vgws.#: "" => "<computed>"
  route.#:            "" => "<computed>"
  tags.%:             "" => "1"
  tags.Name:          "" => "stage-private"
  vpc_id:             "" => "vpc-63082c0b"
aws_route_table.private: Creation complete (ID: rtb-4a8f6021)
aws_nat_gateway.main: Creating...
  allocation_id:        "" => "eipalloc-975e5efe"
  network_interface_id: "" => "<computed>"
  private_ip:           "" => "<computed>"
  public_ip:            "" => "<computed>"
  subnet_id:            "" => "subnet-c4c42daf"
aws_nat_gateway.main: Still creating... (10s elapsed)
aws_nat_gateway.main: Still creating... (20s elapsed)
aws_nat_gateway.main: Still creating... (30s elapsed)
aws_nat_gateway.main: Still creating... (40s elapsed)
aws_nat_gateway.main: Still creating... (50s elapsed)
aws_nat_gateway.main: Still creating... (1m0s elapsed)
aws_nat_gateway.main: Still creating... (1m10s elapsed)
aws_nat_gateway.main: Still creating... (1m20s elapsed)
aws_nat_gateway.main: Still creating... (1m30s elapsed)
aws_nat_gateway.main: Still creating... (1m40s elapsed)
aws_nat_gateway.main: Creation complete (ID: nat-07f3c867c4ca19368)
aws_route.private-nat-gateway: Creating...
  destination_cidr_block:     "" => "0.0.0.0/0"
  destination_prefix_list_id: "" => "<computed>"
  egress_only_gateway_id:     "" => "<computed>"
  gateway_id:                 "" => "<computed>"
  instance_id:                "" => "<computed>"
  instance_owner_id:          "" => "<computed>"
  nat_gateway_id:             "" => "nat-07f3c867c4ca19368"
  network_interface_id:       "" => "<computed>"
  origin:                     "" => "<computed>"
  route_table_id:             "" => "rtb-4a8f6021"
  state:                      "" => "<computed>"
aws_route.private-nat-gateway: Still creating... (10s elapsed)
aws_route.private-nat-gateway: Still creating... (20s elapsed)
aws_route.private-nat-gateway: Still creating... (30s elapsed)
aws_route.private-nat-gateway: Still creating... (40s elapsed)
aws_route.private-nat-gateway: Still creating... (50s elapsed)
aws_route.private-nat-gateway: Still creating... (1m0s elapsed)
aws_route.private-nat-gateway: Still creating... (1m10s elapsed)
aws_route.private-nat-gateway: Still creating... (1m20s elapsed)
aws_route.private-nat-gateway: Still creating... (1m30s elapsed)
aws_route.private-nat-gateway: Still creating... (1m40s elapsed)
aws_route.private-nat-gateway: Still creating... (1m50s elapsed)
aws_route.private-nat-gateway: Still creating... (2m0s elapsed)
Error applying plan:

1 error(s) occurred:

* aws_route.private-nat-gateway: 1 error(s) occurred:

* aws_route.private-nat-gateway: Error finding route after creating it: Unable to find matching route for Route Table (rtb-4a8f6021) and destination CIDR block (0.0.0.0/0).

Yet, in AWS web console I can see the route was created exactly as expected.

Running apply a second time:

aws_route.private-nat-gateway: Creating...
  destination_cidr_block:     "" => "0.0.0.0/0"
  destination_prefix_list_id: "" => "<computed>"
  egress_only_gateway_id:     "" => "<computed>"
  gateway_id:                 "" => "<computed>"
  instance_id:                "" => "<computed>"
  instance_owner_id:          "" => "<computed>"
  nat_gateway_id:             "" => "nat-07f3c867c4ca19368"
  network_interface_id:       "" => "<computed>"
  origin:                     "" => "<computed>"
  route_table_id:             "" => "rtb-4a8f6021"
  state:                      "" => "<computed>"
Error applying plan:

1 error(s) occurred:

* aws_route.private-nat-gateway: 1 error(s) occurred:

* aws_route.private-nat-gateway: Error creating route: RouteAlreadyExists: The route identified by 0.0.0.0/0 already exists.
	status code: 400, request id: 35c5077a-7437-43a9-84b7-40261cb79927

After doing destroy, and then apply again, without changing anything else, the same conf works just fine.

+2
thnee on Sep 1, 2017

@smihajlovic-frame maybe you can try to increase aws_route configurable timeout for create, it’s available since provider.aws v1.11.0. Default is 2 minutes.

+1
eLco on Apr 4, 2018

Ran into this issue; route was created properly but terraform does not recognize it:

Terraform v0.11.5
+ provider.aws v1.11.0
+1
AnthonyWC on Apr 3, 2018

I have the same problem in v0.10.7

+1
gopisaba on Oct 24, 2017
Read more comments on GitHub
← terraform-provider-aws: Terraform does not read AWS profile from environment variable
terraform-provider-aws: terraform refresh fails for aws_launch_configuration with InvalidAMIID.NotFound →