Hope someone might be able to help me please. Basically I am trying to use the data source resource for aws_route_tables and then do a lookup on that using the aws_route resource. So what I am trying to achieve here is to create a route to the transit gateway for each route table associated to a specific VPC. However, I keep getting this error:
Error reading config for aws_route[rt_tgw]: parse error at 1:40: expected "}" but found "["
This is the documentation I was following:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables
I am using Terraform version 11.15 by the way and this is the code I have got:
variable "environment_group" {
description = "Name given to the resource"
default = "test"
}
variable "create_tgw_route" {
description = "Toggle to create the transit gateway route within the VPC route table"
default = true
}
variable "tgw_route_cidr" {
description = "Specify the destination cidr block for the transit gateway route within the VPC route table"
default = "10.0.0.0/8"
}
variable "transit_gateway_id" {
default = ""
description = "Temporary variable that should be replaced by a data lookup in due time"
}
data "aws_vpc" "vpc_id" {
count = "${var.create_tgw_route ? 1 : 0}"
filter {
name = "tag:Name"
values = ["vpc-${var.environment_group}"]
}
}
data "aws_route_tables" "rtb" {
count = "${var.create_tgw_route ? 1 : 0}"
vpc_id = "${data.aws_vpc.vpc_id.id}"
filter {
name = "tag:Name"
values = ["rt-${var.environment_group}-*"]
}
}
resource "aws_route" "rt_tgw" {
count = "${var.create_tgw_route ? 1 : 0}"
route_table_id = "${tolist(data.aws_route_tables.rtb.ids)[count.index]}"
destination_cidr_block = "${var.tgw_route_cidr}"
transit_gateway_id = "${var.transit_gateway_id}"
}
Any help would be much appreciated please. Thank you in advance.
Okay, I have managed to fix this. I changed the resource block to this:
resource "aws_route" "rt_tgw" {
count = "${var.create_tgw_route ? length(data.aws_route_tables.rtb.ids) : 0}"
route_table_id = "${data.aws_route_tables.rtb.ids[count.index]}"
destination_cidr_block = "${var.tgw_route_cidr}"
transit_gateway_id = "${var.transit_gateway_id}"
}
So basically 2 things I changed.
Amending the count value to ensure that what ever route table is looked up in data source will be the number of routes created. In this case is 3 route tables = 3 routes created
Amending the 'route_table_id' value as for some reason version 11 does not like the way it is shown in the documentation.
Related
ERROR: no matching VPC Endpoint found
(error referring to data code block)
I am trying to retrieve multiple endpoints from data "aws_vpc_endpoint" resource. I created locals to retrieve service name for multiple endpoints that share the first few characters. Afterwards, the endpoints have unique characters to identify them individually.
I am wanting the data resource to loop through the data and retrieve each endpoint that shares those few characters. Then grab each endpoint id for "aws_route". FYI: The endpoints are being created from resource "aws_networkfirewall_firewall" The main thing to look at in this code snippet is locals, data, and the last line for resource "aws_route" How can I express in locals that the service_name does not end there and the rest of the string is unique to the endpoint without hard coding each service_name?
locals {
endpoints = {
service_name = "com.amazonaws.vpce.us-east-1.vpce-svc-"
}
}
data "aws_vpc_endpoint" "firewall-endpoints" {
for_each = local.endpoints
vpc_id = aws_vpc.vpc.id
service_name = each.value
#filter {
# name = "tag:AWSNetworkFirewallManaged"
# values = [true]
#}
}
resource "aws_route" "tgw_route" {
count = var.number_azs
route_table_id = aws_route_table.tgw_rt[count.index].id
destination_cidr_block = var.tgw_aws_route[0]
vpc_endpoint_id = data.aws_vpc_endpoint.firewall-endpoints["service_name"].id
}
I can't test this, but I think what you want to do is something like this:
resource "aws_route" "tgw_route" {
for_each = aws_networkfirewall_firewall.firewall_status.sync_states
route_table_id = aws_route_table.tgw_rt[???].id
destination_cidr_block = var.tgw_aws_route[0]
vpc_endpoint_id = each.value.attachment.endpoint_id
}
I'm not clear on the structure of the firewall_status output, so that may need to change slightly. The main question is how to get the appropriate route table ID per subnet. Can you access the outputs of the tgw_rt module in some way other than by index? Unfortunately, I have no experience with setting up an AWS firewall, just with Terraform, so I don't know how to solve this part of the puzzle.
I'm trying to deploy an EKS cluster and everything seems to be fine except for one!
The facade module looks like this:
module "eks" {
source = "../../../../infrastructure_modules/eks"
## EKS ##
create_eks = var.create_eks
cluster_version = var.cluster_version
cluster_name = local.cluster_name
vpc_id = data.aws_vpc.this.id
subnets = data.aws_subnet_ids.this.ids
# note: either pass worker_groups or node_groups
# this is for (EKSCTL API) unmanaged node group
worker_groups = var.worker_groups
# this is for (EKS API) managed node group
node_groups = var.node_groups
## Common tag metadata ##
env = var.env
app_name = var.app_name
tags = local.eks_tags
region = var.region
}
The VPC id is retrieved through the following block :
data "aws_vpc" "this" {
tags = {
Name = "tagName"
}
}
Which then is used to retrieve the subnet_IDs as following:
data "aws_subnet_ids" "this" {
vpc_id = data.aws_vpc.this.id
}
Nevertheless, deploying this results in error stating:
Error: error creating EKS Cluster (data-layer-eks):
UnsupportedAvailabilityZoneException: Cannot create cluster
'data-layer-eks' because us-east-1e, the targeted availability zone,
does not currently have sufficient capacity to support the cluster.
Which is a well known error, and anybody can come across this for even EC2s.
I could solve this by simply hardcoding the subnet value, but that's really undesirable and hardly maintainable.
So the question is, how can I filter out subnet_IDs based on availability zones that have sufficient capacity?
First you need to collect the subnets with all of their attributes:
data "aws_subnets" "this" {
filter {
name = "vpc-id"
values = [data.aws_vpc.this.id]
}
}
data "aws_subnet" "this" {
for_each = toset(data.aws_subnets.this.ids)
id = each.value
}
data.aws_subnet.this is now a map(object) with all of the subnets and their attributes. You can now filter by availability zone accordingly:
subnets = [for subnet in data.aws_subnet.this : subnet.id if subnet.availability_zone != "us-east-1e"]
You can also filter by truthy conditionals if that condition is easier for you:
subnets = [for subnet in data.aws_subnet.this : subnet.id if contains(["us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d"], subnet.availability_zone)]
It depends on your personal use case.
I'm wondering if anyone can help me with the following I have a base resource to create aws subnets
resource aws_subnet subnet {
vpc_id = var.vpc_id
cidr_block = var.cidr_block
}
output subnetId {
value = aws_subnet.subnet.id
}
module private_subnet {
source = "linktoresourcedetailedabove"
for_each = var.privateSubnet
vpd.id = var.vpc_id
cidr_block = each.value.cidr_block
}
I have a module which calls using a for_each loop based on a var based in, my question is this resource might be called 10 times and I want to store each id and then access this from another module but I seem to be hitting issues here, I tried updating aws_subnet.subnet.id to aws_subnet.subnet.*.id but am still not having anyluck and can't seem to find anything out there that can help me.
If your private_subnet modules has output
output subnetId {
value = aws_subnet.subnet.id
}
then once you create your private_subnet modules, you can get the list of all subnetId creates as:
values(module.private_subnet)[*].subnetId
I am trying to dynamically declare multiple aws_nat_gateway data sources by retrieving the list of public subnets through the aws_subnet_ids data source. However, when I try to set the count parameter to be equal to the length of the subnet IDs, I get an error saying The "count" value depends on resource attributes that cannot be determined until apply....
This is almost in direct contradiction to the example in their documentation!. How do I fix this? Is their documentation wrong?
I am using Terraform v0.12.
data "aws_vpc" "environment_vpc" {
id = var.vpc_id
}
data "aws_subnet_ids" "public_subnet_ids" {
vpc_id = data.aws_vpc.environment_vpc.id
tags = {
Tier = "public"
}
depends_on = [data.aws_vpc.environment_vpc]
}
data "aws_nat_gateway" "nat_gateway" {
count = length(data.aws_subnet_ids.public_subnet_ids.ids) # <= Error
subnet_id = data.aws_subnet_ids.public_subnet_ids.ids.*[count.index]
depends_on = [data.aws_subnet_ids.public_subnet_ids]
}
I expect to be able to apply this template successfully, but I am getting the following error:
Error: Invalid count argument
on ../src/variables.tf line 78, in data "aws_nat_gateway" "nat_gateway":
78: count = "${length(data.aws_subnet_ids.public_subnet_ids.ids)}"
The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the count depends on.
It seems you are trying to fetch subnets that weren't created yet or they couldn't be determinated, the terraform cmd output suggests you add -target flag to create the VPC and subnets or do another task first, after that, you'll apply the nat_gateway resource. I suggest you use the AZs list instead of subnets ids, I'll add a simple example below.
variable "vpc_azs_list" {
default = [
"us-east-1d",
"us-east-1e"
]
}
resource "aws_nat_gateway" "nat" {
count = var.enable_nat_gateways ? length(var.azs_list) : 0
allocation_id = "xxxxxxxxx"
subnet_id = "xxxxxxxxx"
depends_on = [
aws_internet_gateway.main,
aws_eip.nat_eip,
]
tags = {
"Name" = "nat-gateway-name"
"costCenter" = "xxxxxxxxx"
"owner" = "xxxxxxxxx"
}
}
I hope will be useful to you and other users.
I need to add the same route to multiple route tables in AWS. I want to use terraform for this. For a single table I can use something like:
resource "aws_route" "route" {
route_table_id = "${var.routetableid}"
destination_cidr_block = "${var.destcidrblock}"
instance_id = "${aws_instance.vpn.id}"
}
However I'd like to add the route for every route_table_id that's specified by the user as a list. Is this possible?
Terraform resources allow you to loop through them using the count meta parameter.
In your case you could do something like this:
variable "route_tables" { type = "list" }
resource "aws_route" "route" {
count = "${length(var.route_tables)}"
route_table_id = "${element(var.route_tables, count.index)}"
destination_cidr_block = "${var.destcidrblock}"
instance_id = "${aws_instance.vpn.id}"
}
Where route_tables is a list of route table ids.