Adding multiple routes to multiple VPCs

my10c · November 22, 2020, 7:02pm

Hello,

Im trying to added multiple routes to multiple VPCs, this is part of VPC_PEERING between the new VPC and the other VPC that host things like CI/CD, database, scanner etc

my code
peering (works)

resource "aws_vpc_peering_connection" "peers_vpc" {
  depends_on    = [module.k8s_vpc]
  count         = length(local.peer_to)
    vpc_id        = module.k8s_vpc.vpc_id
    peer_vpc_id   = element(local.peer_to, count.index)
    peer_owner_id = data.aws_caller_identity.current.account_id
    auto_accept   = true
  accepter {
    allow_remote_vpc_dns_resolution = true
  }
  requester {
    allow_remote_vpc_dns_resolution = true
  }
  tags = {
    Side        = "Requester"
    Name        = "${local.vpc_name} <--> ${element(local.peer_to_label, count.index)}"
    terraform   = "true"
    environment = local.environment
  }
}

next works too: from VPC’s main route to peer’s main route

resource "aws_route" "peers_vpc" {
  depends_on                = [module.k8s_vpc,aws_vpc_peering_connection.peers_vpc]
  count                     = length(local.peer_to)
  route_table_id            = module.k8s_vpc.vpc_main_route_table_id
  destination_cidr_block    = element(local.peer_to_cidr, count.index)
  vpc_peering_connection_id = aws_vpc_peering_connection.peers_vpc[count.index].id
}

here is where im at lost any help really appreciated
from VPC’s subnets to peer’s subnet, private subnets

resource "aws_route" "private_subnets_to_peer_vpc" {
  depends_on                = [module.k8s_vpc,aws_vpc_peering_connection.peers_vpc]
    for_each = [ for route in module.k8s_vpc.private_route_table_ids: {
       count                     = length(local.peer_to)
       route_table_id            = route
       destination_cidr_block    = element(local.peer_to_cidr, count.index)
       vpc_peering_connection_id = aws_vpc_peering_connection.peers_vpc[count.index].id
    }]
}

the error:

Error: Missing required argument

  on vpc_peering.tf line 85, in resource "aws_route" "private_subnets_to_peer_vpc":
  85: resource "aws_route" "private_subnets_to_peer_vpc" {

The argument "route_table_id" is required, but no definition was found.


Error: Reference to "count" in non-counted context

  on vpc_peering.tf line 90, in resource "aws_route" "private_subnets_to_peer_vpc":
  90:        destination_cidr_block    = element(local.peer_to_cidr, count.index)

The "count" object can only be used in "module", "resource", and "data"
blocks, and only when the "count" argument is set.


Error: Reference to "count" in non-counted context

  on vpc_peering.tf line 91, in resource "aws_route" "private_subnets_to_peer_vpc":
  91:        vpc_peering_connection_id = aws_vpc_peering_connection.peers_vpc[count.index].id

The "count" object can only be used in "module", "resource", and "data"
blocks, and only when the "count" argument is set.

thanks
ls

my10c · November 23, 2020, 4:49am

tried this

resource "aws_route" "private_subnets_to_shared_vpc" {
  depends_on                = [module.k8s_vpc,aws_vpc_peering_connection.peers_vpc]
  for_each                  = module.k8s_vpc.private_route_table_ids
  route_table_id            = each.key
  dynamic "vpcs_cidr" {
    for_each = local.peer_to_cidr
    content {
       destination_cidr_block = vpcs_cidr.each.key

       dynamic "vpc_peer" {
         for_each = aws_vpc_peering_connection.peers_vpc
       context {
         vpc_peering_connection_id = vpc_peer.each.key
       }
     }
   }
  }
}

still errors with

Error: Unsupported block type

  on vpc_peering.tf line 74, in resource "aws_route" "private_subnets_to_shared_vpc":
  74:   dynamic "vpcs_cidr" {

Blocks of type "vpcs_cidr" are not expected here.

im sure im not the only one trying todo this

my10c · November 23, 2020, 6:12am

still errors
change :

resource "aws_route" "private_subnets_to_shared_vpc" {
  depends_on                = [module.k8s_vpc,aws_vpc_peering_connection.peers_vpc]
  for_each                  = module.k8s_vpc.private_route_table_ids
  route_table_id            = each.key
  dynamic "cidr_to_peer" {
    for_each = length(local.peer_to_cidr)
    content {
      destination_cidr_block    = local.peer_to_cidr[each.key]
      vpc_peering_connection_id = aws_vpc_peering_connection.peers_vpc[each.key]
   }
 }
}

error:

Error: Unsupported block type

  on vpc_peering.tf line 74, in resource "aws_route" "private_subnets_to_shared_vpc":
  74:   dynamic "cidr_to_peer" {

Blocks of type "cidr_to_peer" are not expected here.

Terraform v0.13.5
+ provider registry.terraform.io/hashicorp/aws v3.16.0
+ provider registry.terraform.io/hashicorp/null v3.0.0

my10c · November 23, 2020, 8:45am

tried and failed

locals {
  route_info = flatten([
    for idx, cidr in var.aws_peer_to_cidr: {
      vpc_cidr = cidr
      idx      = idx
    }
  ])
}

and

resource "aws_route" "private_subnets_to_shared_vpc" {
  depends_on                = [module.k8s_vpc,aws_vpc_peering_connection.peers_vpc]
  count                     = length(module.k8s_vpc.private_route_table_ids)
  route_table_id            = element(module.k8s_vpc.private_route_table_ids, count.index)
  dynamic "route_info" {
    for_each = local.route_info
    content {
      destination_cidr_block    = route_info.value["vpc_cidr"]
      vpc_peering_connection_id = aws_vpc_peering_connection.peers_vpc[route_info.value["idx"]].id
    }
  }
}

this should not be this hard
anyone has successfully use terraform to create a VPC and peer with more than 2 VPCs and add the routes?

nibatandukar · July 6, 2021, 1:38pm

@my10c . How did you resolve this issue? I have same issue.