Terraform: aws_route_table complains gateway does not exist
Code snippet:-
resource "aws_route_table" "1a-private" {
vpc_id = "${aws_vpc.example.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_network_interface.example-eth2.id}"
}
tags {
Name = "${var.project_name}-${var.project_environment} Private Subnet Route Table 1a"
}
}
Plans out OK. Fails on apply with
* aws_route_table.1a-private: InvalidGatewayID.NotFound: The gateway ID 'eni-00a00a0a' does not exist
status code: 400, request id:
The eni does exist, and can be seen in a terraform status. Attaching the eni to the route table as a gateway, then attaching the route table to a subnet manually works without error.
garylawuk
All 10 comments
$ terraform -version
Terraform v0.6.11
$ uname
Darwin
Hi @garylawuk,
Can you post the snippet on how you create the gateway? I am going to try and recreate this
Paul
stack72
on 4 Feb 2016
Hi
Here you go stack72:
resource "aws_instance" "example-public-1a" {
ami = "ami-fce3c696"
instance_type = "t2.medium"
key_name = "[email protected]"
subnet_id = "${aws_subnet.1a-public.id}"
associate_public_ip_address = true
source_dest_check = false
vpc_security_group_ids = ["${aws_security_group.internet-accessible-unix.id}"]
tags {
Name = "${var.project_name}-${var.project_environment}"
}
}
resource "aws_network_interface" "example-eth1" {
subnet_id = "${aws_subnet.1a-public.id}"
private_ips = ["10.0.10.50"]
source_dest_check = false
security_groups = ["${aws_security_group.internet-accessible-unix.id}"]
attachment {
instance = "${aws_instance.example-public-1a.id}"
device_index = 1
}
}
resource "aws_network_interface" "example-eth2" {
subnet_id = "${aws_subnet.1a-private.id}"
private_ips = ["10.0.11.50"]
source_dest_check = false
security_groups = ["${aws_security_group.private-unix.id}"]
attachment {
instance = "${aws_instance.example-public-1a.id}"
device_index = 2
}
}
resource "aws_instance" "example-private-1a" {
ami = "ami-fce3c696"
instance_type = "t2.micro"
key_name = "[email protected]"
subnet_id = "${aws_subnet.1a-private.id}"
associate_public_ip_address = false
source_dest_check = false
vpc_security_group_ids = ["${aws_security_group.private-unix.id}"]
tags {
Name = "${var.project_name}-${var.project_environment}"
}
}
Thanks @garylawuk - I'll try and reproduce and get back to you :)
stack72
on 4 Feb 2016
ok, @garylawuk I believe that has happened is that you are trying to connect a route's gateway id to network_interface rather than an internet_gateway
I would suggest trying the following:
resource "aws_vpc" "default" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
}
resource "aws_internet_gateway" "default" {
vpc_id = "${aws_vpc.default.id}"
}
resource "aws_subnet" "1a-private" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "10.0.11.0/24"
availability_zone = "us-east-1a"
map_public_ip_on_launch = false
}
resource "aws_route_table" "1a-private" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.default.id}"
}
}
resource "aws_route_table_association" "1a-private" {
subnet_id = "${aws_subnet.1a-private.id}"
route_table_id = "${aws_route_table.1a-private.id}"
}
That should then work. As you can see, I am creating an internet_gateway, a subnet, a route table and a route table association. This should then allow your subnets to be associated to the correct routetable which will in turn be attached to the internet gateway
Please give it a shot and let me know how you get on. you will need to do a similar thing for your public subnets
stack72
on 4 Feb 2016
I’m sure attaching an internet_gateway will work. In fact I do this in another subnet and it’s route table. However I want to attach an instance’s ENI as the gateway for this private subnet. This configuration is supported in AWS UI and API, and is supported according to your documentation. However, it doesn’t seem to work in my case. I assumed this was a bug, if it is not supported in terraform the docs need changing see https://www.terraform.io/docs/providers/aws/r/route_table.html -- and specifically
Each route must contain either a gateway_id, an instance_id, a nat_gateway_id, a vpc_peering_connection_id or a _network_interface_id_. Note that the default route, mapping the VPC's CIDR block to "local", is created implicitly and cannot be specified.
(my emphasis)
Thanks!
garylawuk
on 4 Feb 2016
My apologies, I didn't realise you were attaching to a network_interface directly
You need to specify a network_interface_id rather than a gateway_id
resource "aws_route_table" "1a-private" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "0.0.0.0/0"
network_interface_id = "${aws_network_interface.example-eth2.id}"
}
}
Paul
stack72
on 4 Feb 2016
Paul
A thousand thank yous, that works!
Gary
garylawuk
on 4 Feb 2016
Ah fantastic! I will look at making the docs more clear in this area :)
Thanks for pointing out that there may be a little confusion here
P.
stack72
on 4 Feb 2016
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 28 Apr 2020
Related issues
franklinwise
·
3Comments
zeninfinity
·
3Comments
allomov
·
3Comments
rkulagowski
·
3Comments
rjinski
·
3Comments
Most helpful comment
My apologies, I didn't realise you were attaching to a network_interface directly
You need to specify a network_interface_id rather than a gateway_id
Paul