Error: Error creating route table association: InvalidRouteTableID.NotFound: The routeTable ID 'rtb-0208e6570f55bc571' does not exist status code: 400, request id: ecc6960b-2351-4603-add2-60e30ca77e10
But i am able to associate it without any issue manually. It is failing only with "rt_assocation_oregon" resource.
Full code:
#Create VPC in us-east-1
provider "aws" {
region = "us-east-1"
profile = " test1"
}
#Create VPC in us-west-2
provider "aws" {
region = "us-west-2"
profile = "test1"
alias = "west"
}
#Create VPC in us-east-1
resource "aws_vpc" "vpc_master" {
cidr_block = "10.0.0.0/16"
instance_tenancy = "default"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "master-vpc-jenkins"
}
}
resource "aws_vpc" "vpc_master_oregon" {
cidr_block = "192.168.0.0/16"
instance_tenancy = "default"
enable_dns_support = true
enable_dns_hostnames = true
provider = aws.west
tags = {
Name = "worker-vpc-jenkins"
}
}
#Create IGW in us-east-1
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.vpc_master.id
tags = {
Name = "master_igw"
}
}
#Create IGW in us-west-2
resource "aws_internet_gateway" "igw-oregon" {
vpc_id = aws_vpc.vpc_master_oregon.id
provider = aws.west
tags = {
Name = "worker_igw"
}
}
#Create subnet # 1 in us-east-1
resource "aws_subnet" "subnet_1" {
vpc_id = aws_vpc.vpc_master.id
cidr_block = "10.0.1.0/24"
availability_zone = data.aws_availability_zones.available.names[0]
tags = {
Name = "master_subnet1"
}
}
#Create subnet in us-west-2
resource "aws_subnet" "subnet_oregon_1" {
vpc_id = aws_vpc.vpc_master_oregon.id
cidr_block = "192.168.1.0/24"
provider = aws.west
tags = {
Name = "worker_subnet1"
}
}
#Initiate Peering connection request from us-east1
resource "aws_vpc_peering_connection" "useast1_uswest2" {
peer_vpc_id = aws_vpc.vpc_master_oregon.id
vpc_id = aws_vpc.vpc_master.id
auto_accept = false
peer_region = "us-west-2"
tags = {
Name = "VPC Peering between vpc_master and vpc_master_oregon"
}
}
#Accept VPC peering request in us-west-2 from us-east-1
resource "aws_vpc_peering_connection_accepter" "accepter_peering" {
provider = aws.west
vpc_peering_connection_id = aws_vpc_peering_connection.useast1_uswest2.id
auto_accept = true
tags = {
Side = "Receiver"
}
}
#Create route table in us-east-1
resource "aws_route_table" "internet_route" {
vpc_id = aws_vpc.vpc_master.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id
}
route {
cidr_block = "192.168.1.0/24"
vpc_peering_connection_id = aws_vpc_peering_connection.useast1_uswest2.id
}
lifecycle {
ignore_changes = all
}
tags = {
Name = "Master-Region-RT"
}
}
resource "aws_route_table_association" "rt_assocation_east" {
subnet_id = aws_subnet.subnet_1.id
route_table_id = aws_route_table.internet_route.id
}
#Create route table in us-west-2
resource "aws_route_table" "internet_route_oregon" {
provider = aws.west
vpc_id = aws_vpc.vpc_master_oregon.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw-oregon.id
}
route {
cidr_block = "10.0.1.0/24"
vpc_peering_connection_id = aws_vpc_peering_connection.useast1_uswest2.id
}
lifecycle {
ignore_changes = all
}
tags = {
Name = "Worker-Region-RT"
}
}
resource "aws_route_table_association" "rt_association_oregon" {
subnet_id = aws_subnet.subnet_oregon_1.id
route_table_id = aws_route_table.internet_route_oregon.id
}
Your aws_subnet.subnet_oregon_1 and aws_route_table.internet_route_oregon are created in us-west-2, but you are trying to create association in us-west-1. It should be:
resource "aws_route_table_association" "rt_association_oregon" {
provider = aws.west
subnet_id = aws_subnet.subnet_oregon_1.id
route_table_id = aws_route_table.internet_route_oregon.id
}
Related
I have both IPv4 and IPv6, I'm trying to manage a Routing for private subnet.
Once NAT Gateway is attached to Route Table, it does not allow me to attach Egress Gateway to the same route table, and giving me an error:
An interface that is part of a NAT gateway cannot be the next hop for an IPv6 destination CIDR block or IPv6 prefix list
However if I'm attaching manually thought AWS Console, there is no problem
Maybe I'm missing some info? I know that NAT only for IPv4 and Egress only for IPv6, can someone guide me on this? Why if NAT not compatible with Egress Only Gateway, it allows me to attach via aws console, but not with terraform?
Here is my simple terraform
resource "aws_eip" "neip" {
count = length(var.private_subnet)
vpc = true
}
resource "aws_nat_gateway" "nat" {
count = length(var.private_subnet)
subnet_id = element(var.public_subnet, count.index)
allocation_id = element(aws_eip.neip.*.id, count.index)
}
resource "aws_egress_only_internet_gateway" "egw" {
count = length(var.zones) > 0 ? 1 : 0
vpc_id = var.vpc_id
}
resource "aws_route_table" "route" {
count = length(var.private_subnet)
vpc_id = var.vpc_id
}
resource "aws_route" "ipv4" {
count = length(aws_route_table.route)
depends_on = [ aws_route_table.route ]
route_table_id = aws_route_table.route[count.index].id
nat_gateway_id = element(aws_nat_gateway.nat.*.id, count.index)
destination_cidr_block = "0.0.0.0/0"
}
resource "aws_route" "ipv6" {
count = length(aws_route_table.route)
depends_on = [ aws_route_table.route ]
route_table_id = aws_route_table.route[count.index].id
egress_only_gateway_id = element(aws_egress_only_internet_gateway.egw.*.id, count.index)
destination_ipv6_cidr_block = "::/0"
}
resource "aws_route_table_association" "route" {
count = length(aws_route_table.route)
subnet_id = var.private_subnet[count.index]
route_table_id = aws_route_table.route[count.index].id
}
No issue with terraform script
I tried to reproduce your issue, but for me it works as expected. Maybe you still have some "typos" in your code presented here, thus its difficult to see why it woudn't work for you.
Anyway, here is the code I used in order to mimic your setup, though large chunks I had to create myself, as they are not shown in your code (e.g. VPC setup all missing, internet gateway, public subnets).
The code below works and I couldn't replicate your issue. Route tables work as expected:
data "aws_availability_zones" "available" {}
resource "aws_vpc" "vpc" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
assign_generated_ipv6_cidr_block = true
tags = {
Name = "testvpc"
}
}
variable "private_cidrs" {
default = ["10.0.2.0/24", "10.0.3.0/24"]
}
variable "public_cidrs" {
default = ["10.0.0.0/24", "10.0.1.0/24"]
}
resource "aws_subnet" "public_subnet" {
count = length(var.public_cidrs)
cidr_block = var.public_cidrs[count.index]
vpc_id = aws_vpc.vpc.id
availability_zone = data.aws_availability_zones.available.names[count.index]
tags = {
Name = "public${count.index}"
}
}
resource "aws_subnet" "private_subnet" {
count = length(var.private_cidrs)
cidr_block = var.private_cidrs[count.index]
vpc_id = aws_vpc.vpc.id
availability_zone = data.aws_availability_zones.available.names[count.index]
tags = {
Name = "private${count.index}"
}
}
resource "aws_eip" "neip" {
count = length(var.private_cidrs)
vpc = true
}
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.vpc.id
tags = {
Name = "main"
}
}
resource "aws_nat_gateway" "nat" {
count = length(var.private_cidrs)
subnet_id = element(aws_subnet.public_subnet.*.id, count.index)
allocation_id = element(aws_eip.neip.*.id, count.index)
depends_on = [aws_internet_gateway.igw]
}
resource "aws_egress_only_internet_gateway" "egw" {
#count = length(var.private_cidrs)
vpc_id = aws_vpc.vpc.id
}
# routes for public subnets
resource "aws_route_table" "public_route" {
count = length(var.public_cidrs)
vpc_id = aws_vpc.vpc.id
}
resource "aws_route" "public_ipv4" {
count = length(aws_route_table.public_route)
route_table_id = aws_route_table.public_route[count.index].id
gateway_id = aws_internet_gateway.igw.id
destination_cidr_block = "0.0.0.0/0"
}
resource "aws_route" "ipv6_public" {
count = length(aws_route_table.public_route)
route_table_id = aws_route_table.public_route[count.index].id
egress_only_gateway_id = aws_egress_only_internet_gateway.egw.id
destination_ipv6_cidr_block = "::/0"
}
resource "aws_route_table_association" "public_route" {
count = length(aws_route_table.public_route)
subnet_id = aws_subnet.public_subnet[count.index].id
route_table_id = aws_route_table.public_route[count.index].id
}
# routes for private subnets
resource "aws_route_table" "route" {
count = length(var.private_cidrs)
vpc_id = aws_vpc.vpc.id
}
resource "aws_route" "ipv4" {
count = length(aws_route_table.route)
route_table_id = aws_route_table.route[count.index].id
nat_gateway_id = aws_nat_gateway.nat[count.index].id
#nat_gateway_id = aws_nat_gateway.nat.id
destination_cidr_block = "0.0.0.0/0"
}
resource "aws_route" "ipv6" {
count = length(aws_route_table.route)
route_table_id = aws_route_table.route[count.index].id
egress_only_gateway_id = aws_egress_only_internet_gateway.egw.id
destination_ipv6_cidr_block = "::/0"
}
resource "aws_route_table_association" "route" {
count = length(aws_route_table.route)
subnet_id = aws_subnet.private_subnet[count.index].id
route_table_id = aws_route_table.route[count.index].id
}
i have the 502 error in the ALB.
my vpc and routes.
resource "aws_vpc" "My_VPC" {
cidr_block = "${var.vpcCIDRblock}"
instance_tenancy = "${var.instanceTenancy}"
enable_dns_support = "true"
enable_dns_hostnames = "true"
tags = {
Name = "My VPC"
}
}
resource "aws_subnet" "Public_Subnet" {
vpc_id = "${aws_vpc.My_VPC.id}"
cidr_block = "${var.subnetCIDRblock}"
map_public_ip_on_launch = "true"
availability_zone = "eu-central-1a"
tags= {
Name = "My Public Subnet"
}
}
resource "aws_subnet" "Public_Subnet_elb" {
vpc_id = "${aws_vpc.My_VPC.id}"
cidr_block = "${var.subnetCIDRblock4}"
map_public_ip_on_launch = "true"
availability_zone = "eu-central-1"
tags = {
Name = "My Public Subnet ELB"
}
}
resource "aws_subnet" "Private_Subnet" {
vpc_id = "${aws_vpc.My_VPC.id}"
cidr_block = "172.16.2.0/24"
map_public_ip_on_launch = "false"
availability_zone = "$eu-central-1a"
tags = {
Name = "My_Private_Subnet"
}
}
resource "aws_internet_gateway" "My_VPC_GW" {
vpc_id = "${aws_vpc.My_VPC.id}"
tags = {
Name = "My VPC Internet Gateway"
}
}
resource "aws_route_table" "eu-central-1a" {
vpc_id = "${aws_vpc.My_VPC.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.My_VPC_GW.id}"
}
tags = {
Name = "Public Subnet"
}
}
resource "aws_main_route_table_association" "public" {
vpc_id = "${aws_vpc.My_VPC.id}"
route_table_id = "${aws_route_table.eu-central-1a.id}"
}
resource "aws_route_table_association" "eu-central-1a-public" {
subnet_id = "${aws_subnet.Public_Subnet.id}"
route_table_id = "${aws_route_table.eu-central-1a.id}"
}
resource "aws_route_table_association" "elb" {
subnet_id = "${aws_subnet.Public_Subnet_elb.id}"
route_table_id = "${aws_route_table.eu-central-1a.id}"
}
resource "aws_eip" "eip" {
vpc = true
depends_on = ["aws_internet_gateway.My_VPC_GW"]
}
resource "aws_nat_gateway" "gateway" {
allocation_id = "${aws_eip.eip.id}"
subnet_id = "${aws_subnet.Public_Subnet.id}"
depends_on = ["aws_internet_gateway.My_VPC_GW"]
}
output "NAT_GW_IP" {
value = "${aws_eip.eip.public_ip}"
}
## Routing table
resource "aws_route_table" "private_route_table" {
vpc_id = "${aws_vpc.My_VPC.id}"
}
resource "aws_route" "private" {
route_table_id = "${aws_route_table.private_route_table.id}"
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = "${aws_nat_gateway.gateway.id}"
}
# Associate subnet private_subnet to private route table
resource "aws_route_table_association" "private_subnet_association" {
subnet_id = "${aws_subnet.Private_Subnet.id}"
route_table_id = "${aws_route_table.private_route_table.id}"
}
each security group open for incoming traffic for port 80 443 and 22 . outbound are 0.0.0.0
ELB
resource "aws_lb" "test" {
name = "test-lb-tf"
internal = false
load_balancer_type = "application"
security_groups = ["${aws_security_group.elb-security.id}"]
subnets = ["${aws_subnet.Public_Subnet_elb.id}","${aws_subnet.Public_Subnet.id}"]
enable_deletion_protection = false
depends_on = ["aws_nat_gateway.gateway"]
access_logs {
bucket = "test-listener"
prefix = "test-lb"
enabled = true
}
tags = {
Environment = "production"
}
}
resource "aws_lb_target_group" "test" {
name = "moodle-tg"
port = "80"
protocol = "HTTP"
vpc_id = aws_vpc.My_VPC.id
target_type = "instance"
deregistration_delay = "300"
health_check {
path = "/"
interval = "300"
port = "80"
matcher = "200"
protocol = "HTTP"
timeout = "10"
healthy_threshold = "10"
unhealthy_threshold= "10"
}
}
resource "aws_lb_listener" "front_end" {
load_balancer_arn = aws_lb.test.arn
port = "80"
protocol = "HTTP"
depends_on = ["aws_nat_gateway.gateway"]
default_action {
target_group_arn = "${aws_lb_target_group.test.arn}"
type = "forward"
}
}
resource "aws_lb_listener_rule" "asg-listener_rule" {
listener_arn = aws_lb_listener.front_end.arn
priority = 100
depends_on = ["aws_nat_gateway.gateway"]
condition {
path_pattern {
values = ["/"]
}
}
action {
type = "forward"
target_group_arn = aws_lb_target_group.test.arn
}
}
ASG
resource "aws_launch_configuration" "moodle-lc" {
name_prefix = "moodle-lc-"
image_id = "${data.aws_ami.centos.id}"
instance_type = "${var.instance}"
security_groups = ["${aws_security_group.web_ubuntu1.id}"]
key_name = "moodle_agents"
user_data = "${file("init-agent-instance.sh")}"
depends_on = ["aws_nat_gateway.gateway"]
lifecycle {
create_before_destroy = true
}
}
resource "aws_autoscaling_group" "moodle-agents" {
vpc_zone_identifier = ["${aws_subnet.Private_Subnet.id}"]
name = "agents"
max_size = "20"
min_size = "1"
health_check_grace_period = 300
health_check_type = "ELB"
desired_capacity = 2
target_group_arns = ["${aws_lb_target_group.test.arn}"]
force_delete = true
launch_configuration = "${aws_launch_configuration.moodle-lc.name}"
depends_on = ["aws_nat_gateway.gateway"]
lifecycle {
create_before_destroy = true
}
tag {
key = "Name"
value = "Agent Instance"
propagate_at_launch = true
}
}
user_data script just installs apache web-server and starts it
I read this article link and my code looks the same for me can someone please explain where I made a mistake.
Without nat-gateway(and ASG are in public subnet) everything works fine, but it doesn't have sense to use ALB for accessing instances that are already visible in the internet.
Your general architecture is correct, although there are still some mistakes:
Incorrect AZ:
availability_zone = "$eu-central-1a"
Again wrong AZ:
availability_zone = "eu-central-1"
ALB must be in two different AZs, maybe you should have "eu-central-1a" and "eu-central-1b"
I think multiple people have asked the same question but my condition is different. I am taking input from the user for the vpc region, cidr value even the public subnet segment too. I have to attach all my public subnet to the default route table and private subnets to the diff route table . can you help me in how to attach them .
provider "aws" {
region = var.region
}
resource "aws_vpc" "app_vpc" {
cidr_block = var.vpc_cidr
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = var.vpc_name
}
}
# create igw
resource "aws_internet_gateway" "app_igw" {
vpc_id = aws_vpc.app_vpc.id
}
data "aws_availability_zones" "available" {
state = "available"
}
#provision public subnet
resource "aws_subnet" "public_subnet_01" {
vpc_id = aws_vpc.app_vpc.id
cidr_block = var.public_subnet_01
availability_zone = data.aws_availability_zones.available.names[0]
tags = {
Name = "public_subnet_01"
}
depends_on = [aws_vpc_dhcp_options_association.dns_resolver]
}
resource "aws_subnet" "public_subnet_02" {
vpc_id = aws_vpc.app_vpc.id
cidr_block = var.public_subnet_02
availability_zone = data.aws_availability_zones.available.names[1]
tags = {
Name = "public_subnet_02"
}
depends_on = [aws_vpc_dhcp_options_association.dns_resolver]
}
resource "aws_subnet" "public_subnet_03" {
vpc_id = aws_vpc.app_vpc.id
cidr_block = var.public_subnet_03
availability_zone = data.aws_availability_zones.available.names[2]
tags = {
Name = "public_subnet_03"
}
depends_on = [aws_vpc_dhcp_options_association.dns_resolver]
}
#default route table
resource "aws_default_route_table" "default" {
default_route_table_id = aws_vpc.app_vpc.default_route_table_id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.app_igw.id
}
}
resource "aws_route_table_association" "default_association_01" {
subnet_id = [aws_subnet.public_subnet_01.id, aws_subnet.public_subnet_02.id, aws_subnet.public_subnet_03.id]
route_table_id = aws_vpc.app_vpc.default_route_table_id
}
I am getting error in adding multiple subnet so can u please help here :)
aws_route_table_association takes only one subnet as an input, not a list of subnets.
If you want to create the associations using your list, you can use for_each:
resource "aws_route_table_association" "default_association_01" {
for_each = toset([aws_subnet.public_subnet_01.id, aws_subnet.public_subnet_02.id, aws_subnet.public_subnet_03.id])
subnet_id = each.key
route_table_id = aws_vpc.app_vpc.default_route_table_id
}
The above assumes that everything else is correct. There could be still some errors in your code which aren't apparent yet.
I have public and private subnets established in a VPC created with for each. I am now trying to create route tables for the subnets and nat gateways specifically for access for private instances. My subnets, route tables, and public subnet associations are working properly. I am having trouble getting my private subnets to attach to the route table connecting it to the NAT gateway. I believe my logic correct. My NAT gateways are sitting in my public subnets. The only issue is private subnets being attached to the route table that connects to the NAT gateway. Below is my code, any advice is appreciated.
resource "aws_route_table" "public" {
for_each = var.pub_subnet
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main.id
}
tags = {
Name = var.rt_tags
}
}
resource "aws_route_table_association" "public" {
for_each = aws_subnet.public
route_table_id = aws_route_table.public[each.key].id
subnet_id = each.value.id
}
resource "aws_route_table_association" "nat" {
for_each = aws_subnet.private
route_table_id = aws_route_table.nat[each.key].id
subnet_id = each.value.id
}
resource "aws_route_table" "nat" {
for_each = var.pub_subnet
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.main[each.key].id
}
tags = {
Name = var.rt_tags_private
}
}
resource "aws_subnet" "public" {
for_each = var.pub_subnet
vpc_id = aws_vpc.main.id
cidr_block = each.value.cidr_block
availability_zone = each.value.availability_zone
map_public_ip_on_launch = true
tags = {
Name = each.key
}
}
resource "aws_subnet" "private" {
for_each = var.priv_subnet
vpc_id = aws_vpc.main.id
cidr_block = each.value.cidr_block
availability_zone = each.value.availability_zone
map_public_ip_on_launch = false
tags = {
Name = each.key
}
}
Variables
variable "pub_subnet" {
type = map(object({
cidr_block = string
availability_zone = string
}))
default = {
"PubSub1" = {
cidr_block = "10.0.1.0/24"
availability_zone = "us-west-1a"
}
}
}
variable "priv_subnet" {
type = map(object({
cidr_block = string
availability_zone = string
}))
default = {
"PrivSub1" = {
cidr_block = "10.0.2.0/24"
availability_zone = "us-west-1c"
}
}
}
Error
Error: Invalid index
on vpc.tf line 61, in resource "aws_route_table_association" "nat":
61: route_table_id = aws_route_table.nat[each.key].id
|----------------
| aws_route_table.nat is object with 1 attribute "PubSub1"
| each.key is "PrivSub1"
The given key does not identify an element in this collection value.
NAT Gateway
resource "aws_nat_gateway" "main" {
for_each = aws_subnet.public
subnet_id = each.value.id
allocation_id = aws_eip.main[each.key].id
}
EIP
resource "aws_eip" "main" {
for_each = aws_subnet.public
vpc = true
lifecycle {
create_before_destroy = true
}
}
You are defining your route table for nat using var.pub_subnet which has the form of:
"PubSub1" = {
cidr_block = "10.0.1.0/24"
availability_zone = "us-west-1a"
}
Thus to refer to aws_route_table you have to use PubSub1 key.
However, in your aws_route_table_association you are iterating over aws_subnet.private which has key of PrivSub1.
update
The issue can be overcome by creating a local mapping for private=>public subnets names, e.g.:
locals {
private_public_mapping = zipmap(keys(var.priv_subnet), keys(var.pub_subnet))
}
resource "aws_route_table_association" "nat" {
for_each = aws_subnet.private
route_table_id = aws_route_table.nat[local.private_public_mapping[each.key]].id
subnet_id = each.value.id
}
I am using Terraform v0.10.2. I have created VPC in modules/vpc/main.tf and modules/acl/main.tf. I am accessing it using it's output.
I can successfully create ec2 instance in public subnet in above vpc like so:
subnet_id = "${element(module.vpc.public_subnet_ids, count.index)}"
I want to add the RDS instance to private subnet. I tried what the terraform doc said:
vpc_security_group_ids = [
"${aws_security_group.db_access_sg.id}"
]
db_subnet_group_name = "${module.vpc.aws_db_subnet_group_database}"
But, it is adding to the default VPC. If i put the subnet outside the module and access the resource, it gives the variable not found error.
I have referred many GitHub examples, but without success. Am i missing something ?
And this is one of the link i referred: https://github.com/hashicorp/terraform/issues/13739
Contents of modules/vpc/main.tf
resource "aws_vpc" "mod" {
cidr_block = "${var.cidr}"
tags {
Name = "${var.name}"
}
}
resource "aws_internet_gateway" "mod" {
vpc_id = "${aws_vpc.mod.id}"
}
resource "aws_route_table" "public" {
vpc_id = "${aws_vpc.mod.id}"
propagating_vgws = ["${compact(split(",", var.public_propagating_vgws))}"]
tags {
Name = "${var.name}-public"
}
}
resource "aws_route" "public_internet_gateway" {
route_table_id = "${aws_route_table.public.id}"
destination_cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.mod.id}"
}
resource "aws_route_table" "private" {
vpc_id = "${aws_vpc.mod.id}"
propagating_vgws = ["${compact(split(",", var.private_propagating_vgws))}"]
tags {
Name = "${var.name}-private"
}
}
resource "aws_subnet" "private" {
vpc_id = "${aws_vpc.mod.id}"
cidr_block = "${element(split(",", var.private_subnets), count.index)}"
availability_zone = "${element(split(",", var.azs), count.index)}"
count = "${length(compact(split(",", var.private_subnets)))}"
tags {
Name = "${var.name}-private"
}
}
resource "aws_subnet" "public" {
vpc_id = "${aws_vpc.mod.id}"
cidr_block = "${element(split(",", var.public_subnets), count.index)}"
availability_zone = "${element(split(",", var.azs), count.index)}"
count = "${length(compact(split(",", var.public_subnets)))}"
tags {
Name = "${var.name}-public"
}
map_public_ip_on_launch = true
}
resource "aws_db_subnet_group" "database" {
name = "${var.name}-rds-subnet-group-${count.index}"
description = "Database subnet groups for ${var.name}"
subnet_ids = ["${aws_subnet.private.*.id}"]
#tags = "${merge(var.tags, map("Name", format("%s-database-subnet-group", var.name)))}"
count = "${length(compact(split(",", var.private_subnets)))}"
}
resource "aws_route_table_association" "private" {
count = "${length(compact(split(",", var.private_subnets)))}"
subnet_id = "${element(aws_subnet.private.*.id, count.index)}"
route_table_id = "${aws_route_table.private.id}"
}
resource "aws_route_table_association" "public" {
count = "${length(compact(split(",", var.public_subnets)))}"
subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
route_table_id = "${aws_route_table.public.id}"
}
Contents of modules/vpc/outputs.tf
output "vpc_id" {
value = "${aws_vpc.mod.id}"
}
output "public_subnet_ids" {
value = ["${aws_subnet.public.*.id}"]
}
output "private_subnet_ids" {
value = ["${aws_subnet.private.*.id}"]
}
output "aws_db_subnet_group_database" {
value = "${aws_db_subnet_group.database.name}"
}
Contents of modules/acl/main.tf
resource "aws_network_acl" "private_app_subnets" {
vpc_id = "${var.vpc_id}"
subnet_ids = ["${var.private_subnet_ids}"]
}
The issue was, i had enabled the "Publicly Accessible" to true, while trying to add the RDS instance to private subnet. I had to remove the count from aws_db_subnet_group like ydaetskcoR told me to, of course.