terraform-provider-aws: Unable to use network_interface_id within aws_route_table without incurring a diff everytime
Terraform Version
$ terraform -v
Terraform v0.10.1
Affected Resource(s)
- aws_route_table
Terraform Configuration Files
provider "aws" {
region = "ap-southeast-2"
alias = "local"
}
resource "aws_vpc" "default" {
cidr_block = "10.0.0.0/16"
}
resource "aws_subnet" "subnet1" {
vpc_id = "${aws_vpc.default.id}"
availability_zone = "ap-southeast-2a"
cidr_block = "10.0.1.0/24"
}
resource "aws_subnet" "subnet2" {
vpc_id = "${aws_vpc.default.id}"
availability_zone = "ap-southeast-2a"
cidr_block = "10.0.2.0/24"
}
resource "aws_instance" "server" {
instance_type = "t2.nano"
ami = "ami-ae6259cd"
subnet_id = "${aws_subnet.subnet1.id}"
}
resource "aws_network_interface" "test" {
subnet_id = "${aws_subnet.subnet2.id}"
private_ips = ["10.0.2.100"]
attachment {
instance = "${aws_instance.server.id}"
device_index = 1
}
}
resource "aws_route_table" "rt" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "10.1.1.1/32"
network_interface_id = "${aws_network_interface.test.id}"
}
}
Expected Behavior
Running terraform apply for the second time there should be no modifications.
Actual Behavior
Running terraform apply for the second time there are modifications.
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform applyterraform applyagain.
Important Factoids
network_interface_id or instance_id can be set for routes within aws_route_table though when setting network_interface_id it appears AWS sends back instance_id AND network_interface_id which triggers a diff.
$ terraform apply
...
Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
$ terraform apply
...
aws_route_table.rt: Modifying... (ID: rtb-4b30d52c)
route.1660468403.cidr_block: "" => "10.1.1.1/32"
route.1660468403.egress_only_gateway_id: "" => ""
route.1660468403.gateway_id: "" => ""
route.1660468403.instance_id: "" => ""
route.1660468403.ipv6_cidr_block: "" => ""
route.1660468403.nat_gateway_id: "" => ""
route.1660468403.network_interface_id: "" => "eni-38498645"
route.1660468403.vpc_peering_connection_id: "" => ""
route.2141106289.cidr_block: "10.1.1.1/32" => ""
route.2141106289.egress_only_gateway_id: "" => ""
route.2141106289.gateway_id: "" => ""
route.2141106289.instance_id: "i-06fbffdd7ceb7026f" => ""
route.2141106289.ipv6_cidr_block: "" => ""
route.2141106289.nat_gateway_id: "" => ""
route.2141106289.network_interface_id: "eni-38498645" => ""
route.2141106289.vpc_peering_connection_id: "" => ""
aws_route_table.rt: Modifications complete (ID: rtb-4b30d52c)
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
This looks like it was fixed for standalone routes with aws_route but not in-line routes within aws_route_table.
Work around for now is to replace network_interface_id with instance_id.
resource "aws_route_table" "rt" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "10.1.1.1/32"
instance_id = "${aws_instance.server.id}"
}
}
References
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Reactions: 16
- Comments: 20 (6 by maintainers)
Commits related to this issue
- r/aws_route_table: Add (and comment out) 'TestAccAWSRouteTable_IPv4_To_NetworkInterface_Attached' and 'TestAccAWSRouteTable_IPv4_To_NetworkInterface_TwoAttachments'. These two tests fail as expected ... — committed to ewbankkit/terraform-provider-aws by ewbankkit 4 years ago
- r/aws_route_table: Add (and comment out) 'TestAccAWSRouteTable_IPv4_To_NetworkInterface_Attached' and 'TestAccAWSRouteTable_IPv4_To_NetworkInterface_TwoAttachments'. These two tests fail as expected ... — committed to ewbankkit/terraform-provider-aws by ewbankkit 4 years ago
- tests/resource/aws_route_table: Refactor acceptance tests in preparation for future fixes/enhancements (#14013) * r/aws_route: New 'TestAccAWSRouteTable_basic'. Acceptance test output: $ make t... — committed to hashicorp/terraform-provider-aws by ewbankkit 4 years ago
Still getting this on Terraform 1.2.8 and AWS Provider 4.11.0
Can we get rid of the warning saying to use network_interface_id instead of instance_id? network_interface_id doesn’t seem to be a sensible option right now.
Is it possible to add a warning to the aws_route_table documentation recommending against the use of in-line routes?
This should not be left as an undocumented trap for future users.
$> terraform --version Terraform v1.4.5 on linux_amd64
This issue is very frustrating when route tables get extensive. Finding what’s actually changing in the output of ‘terraform plan’ is very time consuming. How has this not been resolved after being a bug since 2017? I’ll have to put a lot of work into converting route blocks within aws_route_table resource blocks to individual aws_route resource blocks as mentioned by @fabiodbr
Some mention of this issue should be included in the AWS module documentation page for “Resource: aws_route_table”, instead all we have is a recommendation to use network_interface_id instead of instance_id.
Since I’ve encountered this issue myself (which I deem critical in my setup) I’ve taken it upon myself to implement #14197, build and publish it on the terraform registry.
So for those in need of a fix for this issue you can use sylr/aws. The source code can be found at https://github.com/sylr/terraform-provider-aws/tree/v3.71.0-sylr.1.