Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Preserve AWS VPC Peering routes if they do not change #39

Closed
wants to merge 2 commits into from
Closed

Preserve AWS VPC Peering routes if they do not change #39

wants to merge 2 commits into from

Conversation

jakedgy
Copy link

@jakedgy jakedgy commented Jun 8, 2022
edited
Loading

Use a for_each of the cross-product of route_table_ids -> VPC CIDR blocks to generate stable names for the requestor and acceptor aws_route resources.

If the order of the route tables changes, it forces replacement of all route tables which can cause downtime during an apply.

⚠️ Important ⚠️

Switching from a count to for_each changes all of the aws_route resource names, which can cause downtime during an apply. Callers will need to move the state of any existing aws_route resources to the new names to avoid any downtime.

For example, to move the state for the following aws_route:

  # module.vpc_peering.aws_route.requestor[0] will be destroyed
  # (because resource does not use count)
  - resource "aws_route" "requestor" {
      - destination_cidr_block    = "10.1.0.0/16" -> null
      - id                        = "r-rtb-xxxxyy" -> null
      - origin                    = "CreateRoute" -> null
      - route_table_id            = "rtb-xxxx" -> null
      - state                     = "active" -> null
      - vpc_peering_connection_id = "pcx-zzzz" -> null
    }
...
  # module.vpc_peering.aws_route.requestor["rtb-xxxx:10.1.0.0/16"] will be created
  + resource "aws_route" "requestor" {
      + destination_cidr_block    = "10.1.0.0/16"
      + id                        = (known after apply)
      + instance_id               = (known after apply)
      + instance_owner_id         = (known after apply)
      + network_interface_id      = (known after apply)
      + origin                    = (known after apply)
      + route_table_id            = "rtb-xxxx"
      + state                     = (known after apply)
      + vpc_peering_connection_id = "pcx-zzzz"
    }

Run the following command before the plan and apply:

terraform state mv module.vpc_peering.aws_route.requestor[0] module.vpc_peering.aws_route.requestor["rtb-xxxx:10.1.0.0/16"]

And module.vpc_peering.aws_route.requestor["rtb-xxxx:10.1.0.0/16"] should be unchanged.

closes #33

Use for_each for aws_route resources
41353fa 
Count is not stable and can result in downtime if all of the routes are
replaced.  Using a for_each lets us key by route_table_id:cidr_block,
which means we only delete or update routes when absolutly
necessary.
@jakedgy jakedgy requested review from a team as code owners June 8, 2022 22:35
@jakedgy jakedgy requested review from a team as code owners June 8, 2022 22:35
@jakedgy jakedgy requested review from adamcrews and florian0410 June 8, 2022 22:35
@jakedgy jakedgy closed this Jun 8, 2022
@jakedgy jakedgy mentioned this pull request Jun 8, 2022
Closed
@jakedgy
Copy link
Author

jakedgy commented Jun 20, 2022

I'm reopening this because I'm unable to get the CI bots the correct permissions to run on my primary organization fork (#40).

@jakedgy jakedgy reopened this Jun 20, 2022
@hans-d hans-d added the stale This PR has gone stale label Mar 8, 2024
@hans-d hans-d closed this Mar 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamcrews adamcrews Awaiting requested review from adamcrews adamcrews is a code owner automatically assigned from cloudposse/contributors

@florian0410 florian0410 Awaiting requested review from florian0410 florian0410 is a code owner automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
stale This PR has gone stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

VPC Peering routes should be preserved if they don't change.
3 participants
@jakedgy @hans-d @cloudpossebot