Terraform-provider-aws: terraform: Error finding route after creating it: Unable to find matching route for Route Table

Created on 13 Jun 2017  ·  18Comments  ·  Source: hashicorp/terraform-provider-aws

_This issue was originally opened by @FlorinAndrei as hashicorp/terraform#9756. It was migrated here as part of the provider split. The original body of the issue is below._

Terraform Version

Terraform v0.7.7

Terraform Configuration Files

https://dl.dropboxusercontent.com/u/29966/tf.zip

Expected Behavior

Create the infrastructure.

Actual Behavior

https://gist.github.com/FlorinAndrei/17c0a12e70c0a15671322030b419ec92

However, the routes, route tables, and NAT gateways were all created just fine. Subnet associations were set also.

Running terraform plan again produces this output:

+ module.network.private_subnet.aws_route.private_nat_gw.2
    destination_cidr_block:     "0.0.0.0/0"
    destination_prefix_list_id: "<computed>"
    gateway_id:                 "<computed>"
    instance_id:                "<computed>"
    instance_owner_id:          "<computed>"
    nat_gateway_id:             "nat-09ffe6396b7b4f821"
    network_interface_id:       "<computed>"
    origin:                     "<computed>"
    route_table_id:             "rtb-6ad9640d"
    state:                      "<computed>"


Plan: 1 to add, 0 to change, 0 to destroy.

But that route exists already. If I try to apply the plan, I get this:

module.network.private_subnet.aws_route.private_nat_gw.2: Creating...
  destination_cidr_block:     "" => "0.0.0.0/0"
  destination_prefix_list_id: "" => "<computed>"
  gateway_id:                 "" => "<computed>"
  instance_id:                "" => "<computed>"
  instance_owner_id:          "" => "<computed>"
  nat_gateway_id:             "" => "nat-09ffe6396b7b4f821"
  network_interface_id:       "" => "<computed>"
  origin:                     "" => "<computed>"
  route_table_id:             "" => "rtb-6ad9640d"
  state:                      "" => "<computed>"
Error applying plan:

1 error(s) occurred:

* aws_route.private_nat_gw.2: Error creating route: RouteAlreadyExists: The route identified by 0.0.0.0/0 already exists.
    status code: 400, request id: 31c1946f-6359-41c6-8be6-460c8d3b5d99

terraform refresh produces this output:

terraform_remote_state.aws_global: Refreshing state... (ID: 2016-10-31 20:05:38.730089879 +0000 UTC)
module.network.nat.aws_eip.nat.0: Refreshing state... (ID: eipalloc-e15ccd86)
module.network.nat.aws_eip.nat.1: Refreshing state... (ID: eipalloc-785ccd1f)
module.network.nat.aws_eip.nat.2: Refreshing state... (ID: eipalloc-795ccd1e)
module.network.vpc.aws_vpc.vpc: Refreshing state... (ID: vpc-b04abed7)
module.network.vpc.aws_vpc_peering_connection.peering: Refreshing state... (ID: pcx-327bc05b)
module.network.public_subnet.aws_internet_gateway.public: Refreshing state... (ID: igw-da109cbe)
module.network.public_subnet.aws_route_table.public: Refreshing state... (ID: rtb-6cd9640b)
module.network.public_subnet.aws_subnet.public.2: Refreshing state... (ID: subnet-a86c0ff0)
module.network.private_subnet.aws_subnet.private.0: Refreshing state... (ID: subnet-afefdad9)
module.network.private_subnet.aws_route_table.private.0: Refreshing state... (ID: rtb-6bd9640c)
module.network.private_subnet.aws_route_table.private.1: Refreshing state... (ID: rtb-6dd9640a)
module.network.public_subnet.aws_subnet.public.1: Refreshing state... (ID: subnet-933b28f7)
module.network.public_subnet.aws_subnet.public.0: Refreshing state... (ID: subnet-adefdadb)
module.network.private_subnet.aws_subnet.private.2: Refreshing state... (ID: subnet-a96c0ff1)
module.network.private_subnet.aws_route_table.private.2: Refreshing state... (ID: rtb-6ad9640d)
module.network.private_subnet.aws_subnet.private.1: Refreshing state... (ID: subnet-9d3b28f9)
module.network.public_subnet.aws_route.public_gw: Refreshing state... (ID: r-rtb-6cd9640b1080289494)
module.network.public_subnet.aws_route_table_association.public.0: Refreshing state... (ID: rtbassoc-f928c59f)
module.network.public_subnet.aws_route_table_association.public.1: Refreshing state... (ID: rtbassoc-c728c5a1)
module.network.public_subnet.aws_route_table_association.public.2: Refreshing state... (ID: rtbassoc-c628c5a0)
module.network.nat.aws_nat_gateway.nat.0: Refreshing state... (ID: nat-0b9579e6856f9f3d3)
module.network.nat.aws_nat_gateway.nat.1: Refreshing state... (ID: nat-0533b77ab8365de80)
module.network.nat.aws_nat_gateway.nat.2: Refreshing state... (ID: nat-09ffe6396b7b4f821)
module.network.private_subnet.aws_route_table_association.private.0: Refreshing state... (ID: rtbassoc-fd28c59b)
module.network.private_subnet.aws_route_table_association.private.1: Refreshing state... (ID: rtbassoc-fa28c59c)
module.network.private_subnet.aws_route_table_association.private.2: Refreshing state... (ID: rtbassoc-fb28c59d)
module.network.aws_network_acl.acl: Refreshing state... (ID: acl-9168b8f6)
module.network.private_subnet.aws_route.private_nat_gw.1: Refreshing state... (ID: r-rtb-6dd9640a1080289494)
module.network.private_subnet.aws_route.private_nat_gw.0: Refreshing state... (ID: r-rtb-6bd9640c1080289494)

Please note how gw.2 is not mentioned in the refresh.

terraform plan -destroy also does not mention gw.2

Applying that -destroy plan works well and destroys all infrastructure.

Steps to Reproduce

terraform apply

bug servicec2
Source
picture hashibot
👍7

Most helpful comment

Still experiencing this issues, successfully resolved using:

timeouts {
    create = "5m"
  }

Terraform v0.12.8
provider "aws" (hashicorp/aws) 2.33.0

picture kostas-theo on 30 Oct 2019
👍3

All 18 comments

Same here, on 0.10.2.

Running apply the first time:

aws_route_table.private: Creating...
  propagating_vgws.#: "" => "<computed>"
  route.#:            "" => "<computed>"
  tags.%:             "" => "1"
  tags.Name:          "" => "stage-private"
  vpc_id:             "" => "vpc-63082c0b"
aws_route_table.private: Creation complete (ID: rtb-4a8f6021)
aws_nat_gateway.main: Creating...
  allocation_id:        "" => "eipalloc-975e5efe"
  network_interface_id: "" => "<computed>"
  private_ip:           "" => "<computed>"
  public_ip:            "" => "<computed>"
  subnet_id:            "" => "subnet-c4c42daf"
aws_nat_gateway.main: Still creating... (10s elapsed)
aws_nat_gateway.main: Still creating... (20s elapsed)
aws_nat_gateway.main: Still creating... (30s elapsed)
aws_nat_gateway.main: Still creating... (40s elapsed)
aws_nat_gateway.main: Still creating... (50s elapsed)
aws_nat_gateway.main: Still creating... (1m0s elapsed)
aws_nat_gateway.main: Still creating... (1m10s elapsed)
aws_nat_gateway.main: Still creating... (1m20s elapsed)
aws_nat_gateway.main: Still creating... (1m30s elapsed)
aws_nat_gateway.main: Still creating... (1m40s elapsed)
aws_nat_gateway.main: Creation complete (ID: nat-07f3c867c4ca19368)
aws_route.private-nat-gateway: Creating...
  destination_cidr_block:     "" => "0.0.0.0/0"
  destination_prefix_list_id: "" => "<computed>"
  egress_only_gateway_id:     "" => "<computed>"
  gateway_id:                 "" => "<computed>"
  instance_id:                "" => "<computed>"
  instance_owner_id:          "" => "<computed>"
  nat_gateway_id:             "" => "nat-07f3c867c4ca19368"
  network_interface_id:       "" => "<computed>"
  origin:                     "" => "<computed>"
  route_table_id:             "" => "rtb-4a8f6021"
  state:                      "" => "<computed>"
aws_route.private-nat-gateway: Still creating... (10s elapsed)
aws_route.private-nat-gateway: Still creating... (20s elapsed)
aws_route.private-nat-gateway: Still creating... (30s elapsed)
aws_route.private-nat-gateway: Still creating... (40s elapsed)
aws_route.private-nat-gateway: Still creating... (50s elapsed)
aws_route.private-nat-gateway: Still creating... (1m0s elapsed)
aws_route.private-nat-gateway: Still creating... (1m10s elapsed)
aws_route.private-nat-gateway: Still creating... (1m20s elapsed)
aws_route.private-nat-gateway: Still creating... (1m30s elapsed)
aws_route.private-nat-gateway: Still creating... (1m40s elapsed)
aws_route.private-nat-gateway: Still creating... (1m50s elapsed)
aws_route.private-nat-gateway: Still creating... (2m0s elapsed)
Error applying plan:

1 error(s) occurred:

* aws_route.private-nat-gateway: 1 error(s) occurred:

* aws_route.private-nat-gateway: Error finding route after creating it: Unable to find matching route for Route Table (rtb-4a8f6021) and destination CIDR block (0.0.0.0/0).

Yet, in AWS web console I can see the route was created exactly as expected.

Running apply a second time:

aws_route.private-nat-gateway: Creating...
  destination_cidr_block:     "" => "0.0.0.0/0"
  destination_prefix_list_id: "" => "<computed>"
  egress_only_gateway_id:     "" => "<computed>"
  gateway_id:                 "" => "<computed>"
  instance_id:                "" => "<computed>"
  instance_owner_id:          "" => "<computed>"
  nat_gateway_id:             "" => "nat-07f3c867c4ca19368"
  network_interface_id:       "" => "<computed>"
  origin:                     "" => "<computed>"
  route_table_id:             "" => "rtb-4a8f6021"
  state:                      "" => "<computed>"
Error applying plan:

1 error(s) occurred:

* aws_route.private-nat-gateway: 1 error(s) occurred:

* aws_route.private-nat-gateway: Error creating route: RouteAlreadyExists: The route identified by 0.0.0.0/0 already exists.
    status code: 400, request id: 35c5077a-7437-43a9-84b7-40261cb79927

After doing destroy, and then apply again, without changing anything else, the same conf works just fine.

thnee picture thnee on 1 Sep 2017
👍2

I have the same problem in v0.10.7

gopisaba picture gopisaba on 24 Oct 2017
👍1

Ran into this issue; route was created properly but terraform does not recognize it:

Terraform v0.11.5
+ provider.aws v1.11.0
AnthonyWC picture AnthonyWC on 3 Apr 2018
👍1

As a workaround; use state pull and manually edit the tfstate file and then state push works. Also this issue was closed in https://github.com/hashicorp/terraform/issues/8542

AnthonyWC picture AnthonyWC on 3 Apr 2018

Encountered the same issue in multiple provider and Terraform versions. Still having the same behavior using:

Terraform v0.11.5
+ provider.aws v1.11.0
smihajlovic-frame picture smihajlovic-frame on 4 Apr 2018

@AnthonyWC I have tried putting depends_on but it did not help.

smihajlovic-frame picture smihajlovic-frame on 4 Apr 2018

@smihajlovic-frame maybe you can try to increase aws_route configurable timeout for create, it's available since provider.aws v1.11.0. Default is 2 minutes.

eLco picture eLco on 4 Apr 2018
👎1

Hey,

Just wanted to confirm that the timeout increase apparently fixed the issue:

timeouts {
    create = "5m"
  }
rafaljanicki picture rafaljanicki on 9 Apr 2018
👍3

@eLco @rafaljanicki I am also confirming that increasing timeout fixes the issue.

smihajlovic-frame picture smihajlovic-frame on 9 Apr 2018

I did not find that waiting 5m was sufficient for resolving my issue.

flickerfly picture flickerfly on 20 Sep 2018

@AnthonyWC I found this is a problem in the latest version of terraform and aws provider:

$ terraform version
Terraform v0.11.8
+ provider.aws v1.37.0
flickerfly picture flickerfly on 20 Sep 2018

I found that my situation had to do with a malformed CIDR reference. I had 192.168.0.21/30 as my destination_cidr_block, but AWS was nicely adjusting that to the more accurate 192.168.0.20/30 when. Meanwhile, I guess terraform was looking for the one I specified to confirm completion rather than the adjusted one. Same error pattern, different cause. Hope this saves someone some trouble.

flickerfly picture flickerfly on 20 Sep 2018
👍2

I faced this issue once again in the below terraform version
Terraform v0.11.10

  • provider.aws v1.57.0
  • provider.null v2.0.0
  • provider.template v2.0.0
sriraja53 picture sriraja53 on 4 Feb 2019

Still experiencing this issues, successfully resolved using:

timeouts {
    create = "5m"
  }

Terraform v0.12.8
provider "aws" (hashicorp/aws) 2.33.0

kostas-theo picture kostas-theo on 30 Oct 2019
👍3

I found that my situation had to do with a malformed CIDR reference. I had 192.168.0.21/30 as my destination_cidr_block, but AWS was nicely adjusting that to the more accurate 192.168.0.20/30 when. Meanwhile, I guess terraform was looking for the one I specified to confirm completion rather than the adjusted one. Same error pattern, different cause. Hope this saves someone some trouble.

Thanks, You saved my day!

ewikum picture ewikum on 7 Jan 2020

Additional validation to prevent the CIDR misalignment has been merged and will release with version 2.68.0 of the Terraform AWS Provider, likely tomorrow. Thanks to @ewbankkit for the implementation. 👍

If you are still having issues after upgrading to 2.68.0 when its released, please file a new issue.

bflad picture bflad on 24 Jun 2020

This has been released in version 2.68.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

hashibot[bot] picture hashibot[bot] on 26 Jun 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] picture hashibot[bot] on 24 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hazmeister picture hazmeister  ·  3Comments
hashibot picture hashibot  ·  3Comments
joelittlejohn picture joelittlejohn  ·  3Comments
andywirv picture andywirv  ·  3Comments
ghost picture ghost  ·  3Comments