AWS route updated every time

pjbeard99 · March 3, 2023, 2:06pm

I have a script that creates a VPC with public and private subnets, a internet gateway and some nat gateways.

The script works but if I run it again with no changes, it updates the routes in the route tables.

Why is this happening?

This is my route resource

# Create Private routes
resource "aws_route" "private_az1_route" {
  route_table_id                                    = aws_route_table.private_az1_rt.id
  destination_cidr_block                            = "0.0.0.0/0"
  gateway_id                                        = aws_nat_gateway.az1_nat_gw.id
}

This is the output from apply

 # aws_route.private_az1_route will be updated in-place
  ~ resource "aws_route" "private_az1_route" {
      + gateway_id             = "nat-0fe8273a37e902043"
        id                     = "r-rtb-0e72816e6977d7b651080289494"
      - nat_gateway_id         = "nat-0fe8273a37e902043" -> null
        # (4 unchanged attributes hidden)
    }

apparentlymart · March 3, 2023, 3:57pm

Hi @pjbeard99,

It seems like in the underlying AWS API there are two different ways to assign a NAT gateway to a route, but when reading this data back from AWS it gets normalized to always be assigned to using nat_gateway_id. The provider doesn’t seem to understand that these two are equivalent and so it’s generating a plan to switch it back to how you wrote it, instead of how it is expressed in the response from the API.

If so, an immediate solution would be to change you configuration to use nat_gateway_id instead, so that your configuration will match how the API or provider is expecting this argument to be set.

Might also be worth opening an issue for this in the AWS provider repository if there isn’t already one about it, because ideally the provider would notice that these two situations are equivalent and avoid switching to a different way to write the same information.

pjbeard99 · March 3, 2023, 5:41pm

Hi @apparentlymart

Many thanks for taking the time to reply and the solution.

devops9 · February 14, 2025, 6:00pm

This worked in my situation as well. I now get a match message: “No changes. Your infrastructure matches the configuration.”

Topic		Replies	Views
Aws route table getting recreated when adding a vpc peering rule AWS	0	192	March 20, 2023
TF apply always re-applying routes Terraform	0	343	September 16, 2022
Terraform plan shows there are changes to be applied but the code wasn't modified at all AWS	1	744	October 5, 2021
Inline way differences when define AWS Routes Terraform	1	728	August 10, 2021
Transit Gateway Route in Route Table Terraform	0	491	August 3, 2021

AWS route updated every time

Related topics