Open
Description
Describe the Bug
Module call code:
module "vpc_peering" {
source = "git::https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account?ref=v1.0.0"
namespace = "XXXXXXX"
name = "XXXXXXX"
requester_aws_assume_role_arn = "XXXXXXX"
requester_region = XXXXXXX
requester_vpc_id = XXXXXXX
requester_allow_remote_vpc_dns_resolution = true
requester_subnet_tags = {
XXXXXXX = XXXXXXX
}
accepter_aws_assume_role_arn = "XXXXXXX"
accepter_region = XXXXXXX
accepter_vpc_id = XXXXXXX
accepter_allow_remote_vpc_dns_resolution = true
}
If I do not specify accepter_enabled (defaults to true), plans and applies run correctly, peering connections are created, route table entires, etc.
But if I set accepter_enabled = false without changing anything else, the plan shows peer_vpc_id being changed to null in the requester peering connection.
# module.vpc_peering.aws_vpc_peering_connection.requester[0] must be replaced
-/+ resource "aws_vpc_peering_connection" "requester" {
~ accept_status = "active" -> (known after apply)
~ id = "pcx-XXXX" -> (known after apply)
~ peer_owner_id = "XXXXXX" -> (known after apply)
~ peer_region = "XXXXX" -> (known after apply)
- peer_vpc_id = "vpc-XXXXXX" -> null # forces replacement
tags = {
"Attributes" = "requester"
"Name" = "XXXXXX"
"Namespace" = "XXXXXXX"
"Side" = "requester"
}
# (3 unchanged attributes hidden)
~ accepter (known after apply)
~ requester (known after apply)
- requester {
- allow_remote_vpc_dns_resolution = true -> null
}
}
With peer_vpc_id set to null, the following error then occurs:
* Failed to execute "terraform apply" in .
╷
│ Error: creating EC2 VPC Peering Connection: operation error EC2: CreateVpcPeeringConnection, https response error StatusCode: 400, RequestID: XXXXXXXX, api error InvalidVpcId.Malformed: Invalid id: "" (expecting "vpc-...")
│
│ with module.vpc_peeringt.aws_vpc_peering_connection.requester[0],
│ on .terraform/modules/vpc_peering/requester.tf line 138, in resource "aws_vpc_peering_connection" "requester":
│ 138: resource "aws_vpc_peering_connection" "requester" {
│
╵
exit status 1
Reproduced the same behavior from fresh, where having accepter_enabled = false results in the same error
module "vpc_peering" {
source = "git::https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account?ref=v1.0.0"
namespace = "XXXXXXX"
name = "XXXXXXX"
requester_aws_assume_role_arn = "XXXXXXX"
requester_region = XXXXXXX
requester_vpc_id = XXXXXXX
requester_allow_remote_vpc_dns_resolution = true
requester_subnet_tags = {
XXXXXXX = XXXXXXX
}
accepter_enabled = false
accepter_aws_assume_role_arn = "XXXXXXX"
accepter_region = XXXXXXX
accepter_vpc_id = XXXXXXX
accepter_allow_remote_vpc_dns_resolution = true
}
* Failed to execute "terraform apply" in .
╷
│ Error: creating EC2 VPC Peering Connection: operation error EC2: CreateVpcPeeringConnection, https response error StatusCode: 400, RequestID: XXXXXX, api error InvalidVpcId.Malformed: Invalid id: "" (expecting "vpc-...")
│
│ with module.vpc_peering.aws_vpc_peering_connection.requester[0],
│ on .terraform/modules/vpc_peering/requester.tf line 138, in resource "aws_vpc_peering_connection" "requester":
│ 138: resource "aws_vpc_peering_connection" "requester" {
Expected Behavior
Expect to be able to use the accepter_enabled flag to set it to false without an error.
Steps to Reproduce
Use the flag.
Screenshots
No response
Environment
Module version 1.0.0
Additional Context
No response