Terraform: aws_route Error: more than 1 target specified.

Created on 8 Apr 2016 · 12Comments · Source: hashicorp/terraform

5867 and/or #5321 appear to have broken aws_route when the underlying instance_id is recreated/tainted. I'm unsure what is causing it but the route table entry in AWS still exists and points to a dandling eni (inactive black hole). Terraform then proceeds to apply the aws_route to the instance_id, but aws errors due to only target can be specified.

* aws_route.public_to_openvpn_clients: Error: more than 1 target specified. Only 1 of gateway_idnat_gateway_id, instance_id, network_interface_id, route_table_id orvpc_peering_connection_id is allowed.

Sample config:

resource "aws_route" "public_to_openvpn_clients" {
    route_table_id = "${aws_route_table.public.id}"
    destination_cidr_block = "${var.openvpn_cidr}"
    instance_id = "${aws_instance.openvpn_server.id}"
}
resource "aws_instance" "openvpn_server" {
 #...
}
resource "aws_route_table" "public" {
 # ...
}

To reproduce:

terraform apply
terraform taint aws_instance.openvpn_server
terraform apply

bug provideaws

Source

atward

Most helpful comment

Unfortunately this is still an issue in Terraform v0.7.3. Is there a workaround?

liquid-sky on 13 Sep 2016

👍3

All 12 comments

aws_route change proceeds without issue in v0.6.12. Broken in v0.6.14.

atward on 8 Apr 2016

I see the same issue. Is it going to be fixed in the next release or should I roll back to 0.6.12?

yogeshnath on 15 Apr 2016

bkarypid on 26 Apr 2016

Appears to be introduced in 3f41515d from #5321. The ec2 TerminateInstances leaves the eni dangling and is picked up by the aws_route.resourceAwsRouteRead Computed attribute.

I don't think computed attributes here are the ideal solution as we need a way to differentiate between what is desired and what has been automatically set by AWS. Preferably resourceAwsRouteUpdate should lookup the NetworkInterfaceId of the instance if only instance_id has been requested.

atward on 3 May 2016

To add a bit of additional info to Atward's message for those unfamiliar with the problem (as I was until I ran into it...).

Upon creation using instance_id:

Initial creation of the aws_route is sent to AWS via CreateRoute with just the instance_id attribute set
Behind the scenes, AWS looks up the network_interface_id for the given instance_id and stores that information on the route table entry
After a successful creation response, TF requests the full information from AWS for the route table input
TF then saves both the network_interface_id and instance_id in the state

After termination or taint of instance:

When the instance that the route refers to disappears, AWS still maintains this route, however the destination only refers to the network_interface_id at that point.
When running a plan/update TF sees that the state does not contain an instance_id (which at this point should be different since the instance was terminated or tainted)
TF attempts to update the route table entry however fails due to there being both a network_interface_id (the old one) and an instance_id (the new one) on the node.

jrnt30 on 13 May 2016

640859f works for me.

@jrnt30 can you create a pull request?

atward on 16 May 2016

@atward I opened the PR. Would like to add an explicit test but this has worked for me as well and the current ACC tests are good.

jrnt30 on 16 May 2016

kristjanelias on 8 Jun 2016

👍3

Unfortunately this is still an issue in Terraform v0.7.3. Is there a workaround?

liquid-sky on 13 Sep 2016

👍3

Also seeing this in Terraform v0.7.4

ljsommer on 6 Oct 2016

👍1

Also seeing on 0.6.16

leopepe on 31 Oct 2016

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.