Terraform keeps updating aws_route_table when adding routes from VPC Peering

3
votes

I have created a aws_vpc_peering_connection to connect to VPCs that are in my account. I'm using aws_route_table to apply routes to the routing table for each VPC using variables in the route table section to set routing.

The route table applies properly, but terraform wants to apply it again every time I apply it after that. The gateway_id for the vpc peering route for one of the VPCs is from a variable as the data is pulled from another module.

resource "aws_route_table" "route-table" {
  vpc_id = "${aws_vpc.us-west-2-3.id}"

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.internet-gateway.id}"
  }

  route {
    cidr_block  = "10.12.0.0/16"
    gateway_id  = "${aws_vpc_peering_connection.usw2-1-usw2-3.id}"
  }

}

Every time I plan or apply terraform wants to change the aws_route_table.

  ~ module.us-west-2-3.aws_route_table.route-table
      route.2485290482.cidr_block:                "10.12.0.0/16" => ""
      route.2485290482.egress_only_gateway_id:    "" => ""
      route.2485290482.gateway_id:                "" => ""
      route.2485290482.instance_id:               "" => ""
      route.2485290482.ipv6_cidr_block:           "" => ""
      route.2485290482.nat_gateway_id:            "" => ""
      route.2485290482.network_interface_id:      "" => ""
      route.2485290482.vpc_peering_connection_id: "pcx-0f3853c43363d28bb" => ""
      route.383599590.cidr_block:                 "" => "10.12.0.0/16"
      route.383599590.egress_only_gateway_id:     "" => ""
      route.383599590.gateway_id:                 "" => "pcx-0f3853c43363d28bb"
      route.383599590.instance_id:                "" => ""
      route.383599590.ipv6_cidr_block:            "" => ""
      route.383599590.nat_gateway_id:             "" => ""
      route.383599590.network_interface_id:       "" => ""
      route.383599590.vpc_peering_connection_id:  "" => ""
      route.4190671864.cidr_block:                "0.0.0.0/0" => "0.0.0.0/0"
      route.4190671864.egress_only_gateway_id:    "" => ""
      route.4190671864.gateway_id:                "igw-84caffe3" => "igw-84caffe3"
      route.4190671864.instance_id:               "" => ""
      route.4190671864.ipv6_cidr_block:           "" => ""
      route.4190671864.nat_gateway_id:            "" => ""
      route.4190671864.network_interface_id:      "" => ""
      route.4190671864.vpc_peering_connection_id: "" => ""

Is this a bug I should report or am I doing something wrong?

1
terraform

1 Answers

1
votes

In your second inline route definition, you are specifying gateway_id.

Gateway_id are for internet access. What you want to use instead is vpc_peering_connection_id

vpc_peering_connection_id  = "${aws_vpc_peering_connection.usw2-1-usw2-3.id}"

The official terraform doc mention that you might fall into this infinite update when mixing gateway_id and nat_gateway_id, I wouldn't be surprised that's the same when you mix gateway_id and the vpc_peering_connection:

NOTE on gateway_id and nat_gateway_id: The AWS API is very forgiving with these two attributes and the aws_route_table resource can be created with a NAT ID specified as a Gateway ID attribute. This will lead to a permanent diff between your configuration and statefile, as the API returns the correct parameters in the returned route table. If you're experiencing constant diffs in your aws_route_table resources, the first thing to check is whether or not you're specifying a NAT ID instead of a Gateway ID, or vice-versa.

Sources: https://www.terraform.io/docs/providers/aws/r/route_table.html