Terraform-provider-aws: routing table entries always changed but in reality they don't change
_This issue was originally opened by @peterhorvath as hashicorp/terraform#18238. It was migrated here as a result of the provider split. The original body of the issue is below._
Terraform Version
terraform --version
Terraform v0.11.7
+ provider.aws v1.22.0
Terraform Configuration Files
resource "aws_route_table" "rtr-dxm-dev-mgmt-pub01a" {
vpc_id = "${aws_vpc.vpc-dxm-dev-mgmt.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.igw-dxm-dev-mgmt.id}"
}
tags {
Name = "rtr-dxm-dev-mgmt-pub01a"
Terraform = "true"
Environment = "dev"
}
}
resource "aws_route_table" "rtr-dxm-dev-mgmt-pub01b" {
vpc_id = "${aws_vpc.vpc-dxm-dev-mgmt.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.igw-dxm-dev-mgmt.id}"
}
tags {
Name = "rtr-dxm-dev-mgmt-pub01b"
Terraform = "true"
Environment = "dev"
}
}
Debug Output
https://gist.github.com/peterhorvath/7899b38f9c61caea452c3210cd2c2cfb
Expected Behavior
There should not be any change reported as the terraform config didn't change
Actual Behavior
Every terraform apply reports a change which actually a wrong change and does not actually happen
~ aws_route_table.rtr-dxm-dev-mgmt-priv01a
route.3051191954.cidr_block: "0.0.0.0/0" => ""
route.3051191954.egress_only_gateway_id: "" => ""
route.3051191954.gateway_id: "" => ""
route.3051191954.instance_id: "" => ""
route.3051191954.ipv6_cidr_block: "" => ""
route.3051191954.nat_gateway_id: "nat-0c052690a9e05f590" => ""
route.3051191954.network_interface_id: "" => ""
route.3051191954.vpc_peering_connection_id: "" => ""
route.3609307756.cidr_block: "" => "0.0.0.0/0"
route.3609307756.egress_only_gateway_id: "" => ""
route.3609307756.gateway_id: "" => "nat-0c052690a9e05f590"
route.3609307756.instance_id: "" => ""
route.3609307756.ipv6_cidr_block: "" => ""
route.3609307756.nat_gateway_id: "" => ""
route.3609307756.network_interface_id: "" => ""
route.3609307756.vpc_peering_connection_id: "" => ""
~ aws_route_table.rtr-dxm-dev-mgmt-priv01b
route.1433283313.cidr_block: "" => "0.0.0.0/0"
route.1433283313.egress_only_gateway_id: "" => ""
route.1433283313.gateway_id: "" => "nat-0273dcf12f27a2c2f"
route.1433283313.instance_id: "" => ""
route.1433283313.ipv6_cidr_block: "" => ""
route.1433283313.nat_gateway_id: "" => ""
2018/06/12 16:24:36 [DEBUG] command: asking for input: "Do you want to perform these actions?"
route.1433283313.network_interface_id: "" => ""
route.1433283313.vpc_peering_connection_id: "" => ""
route.707601064.cidr_block: "0.0.0.0/0" => ""
route.707601064.egress_only_gateway_id: "" => ""
route.707601064.gateway_id: "" => ""
route.707601064.instance_id: "" => ""
route.707601064.ipv6_cidr_block: "" => ""
route.707601064.nat_gateway_id: "nat-0273dcf12f27a2c2f" => ""
route.707601064.network_interface_id: "" => ""
route.707601064.vpc_peering_connection_id: "" => ""
Steps to Reproduce
terraform applay
hashibot[bot]
All 5 comments
actual config is the priv subnet which does change all the time
resource "aws_route_table" "rtr-dxm-dev-mgmt-priv01a" {
vpc_id = "${aws_vpc.vpc-dxm-dev-mgmt.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_nat_gateway.ngw-dxm-dev-mgmt-pub01a.id}"
}
tags {
Name = "rtr-dxm-dev-mgmt-priv01a"
Terraform = "true"
Environment = "dev"
}
}
resource "aws_route_table" "rtr-dxm-dev-mgmt-priv01b" {
vpc_id = "${aws_vpc.vpc-dxm-dev-mgmt.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_nat_gateway.ngw-dxm-dev-mgmt-pub01b.id}"
}
tags {
Name = "rtr-dxm-dev-mgmt-priv01b"
Terraform = "true"
Environment = "dev"
}
}
peterhorvath
on 12 Jun 2018
I think you run into a known issue with the AWS API, that is documented at https://www.terraform.io/docs/providers/aws/r/route_table.html
NOTE on gateway_id and nat_gateway_id: The AWS API is very forgiving with these two attributes and the aws_route_table resource can be created with a NAT ID specified as a Gateway ID attribute. This will lead to a permanent diff between your configuration and statefile, as the API returns the correct parameters in the returned route table. If you're experiencing constant diffs in your aws_route_table resources, the first thing to check is whether or not you're specifying a NAT ID instead of a Gateway ID, or vice-versa.
So, probably all you need to do is change gateway_id in your code to nat_gateway_id and you should be fine ๐
LarsFronius
on 26 Jun 2018
Thanks will check if that is the case
On Tue, 26 Jun 2018 at 07:15, Lars Fronius notifications@github.com wrote:
I think you run into a known issue with the AWS API, that is documented at
https://www.terraform.io/docs/providers/aws/r/route_table.htmlNOTE on gateway_id and nat_gateway_id: The AWS API is very forgiving with
these two attributes and the aws_route_table resource can be created with a
NAT ID specified as a Gateway ID attribute. This will lead to a permanent
diff between your configuration and statefile, as the API returns the
correct parameters in the returned route table. If you're experiencing
constant diffs in your aws_route_table resources, the first thing to check
is whether or not you're specifying a NAT ID instead of a Gateway ID, or
vice-versa.So, probably all you need to do is change gateway_id in your code to
nat_gateway_id and you should be fine ๐โ
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/terraform-providers/terraform-provider-aws/issues/4818#issuecomment-400271055,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABYwASXkSsnFnpxgrHM1rT3BoFYbm3zFks5uAhflgaJpZM4UlAaI
.
peterhorvath
on 26 Jun 2018
For the routing table this was the solution indeed to change to
nat_gateway_id.
On Tue, 26 Jun 2018 at 08:48, Peter Horvath peter.horvath77@gmail.com
wrote:
Thanks will check if that is the case
On Tue, 26 Jun 2018 at 07:15, Lars Fronius notifications@github.com
wrote:I think you run into a known issue with the AWS API, that is documented
at https://www.terraform.io/docs/providers/aws/r/route_table.htmlNOTE on gateway_id and nat_gateway_id: The AWS API is very forgiving with
these two attributes and the aws_route_table resource can be created with a
NAT ID specified as a Gateway ID attribute. This will lead to a permanent
diff between your configuration and statefile, as the API returns the
correct parameters in the returned route table. If you're experiencing
constant diffs in your aws_route_table resources, the first thing to check
is whether or not you're specifying a NAT ID instead of a Gateway ID, or
vice-versa.So, probably all you need to do is change gateway_id in your code to
nat_gateway_id and you should be fine ๐โ
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/terraform-providers/terraform-provider-aws/issues/4818#issuecomment-400271055,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABYwASXkSsnFnpxgrHM1rT3BoFYbm3zFks5uAhflgaJpZM4UlAaI
.
peterhorvath
on 27 Jun 2018
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
hashibot[bot]
on 5 Apr 2020
Related issues
carmas
ยท
3Comments
hashibot
ยท
3Comments
blaltarriba
ยท
3Comments
hashibot
ยท
3Comments
andywirv
ยท
3Comments
Most helpful comment
I think you run into a known issue with the AWS API, that is documented at https://www.terraform.io/docs/providers/aws/r/route_table.html
So, probably all you need to do is change
gateway_idin your code tonat_gateway_idand you should be fine ๐