I recently added a VPC peering route to my CDKTF infar like so:
new aws.vpc.Route(this, "vpc-peer-route", {
routeTableId: publicRouteTable.id,
vpcPeeringConnectionId: "pcx-0376ba4a56f7d508d",
destinationCidrBlock: "10.0.2.51/32",
});
Where pcx-0376ba4a56f7d508d is a manually created VPC peering connection.
Now, whenever I try to deploy my stack, terraform modifies the publicRouteTable like so.
goldsky-infra-prod # aws_route_table.publicRouteTable (publicRouteTable) will be updated in-place
~ resource "aws_route_table" "publicRouteTable" {
id = "rtb-009124a8c08b02abe"
~ route = [
- {
- carrier_gateway_id = ""
- cidr_block = "0.0.0.0/0"
- core_network_arn = ""
- destination_prefix_list_id = ""
- egress_only_gateway_id = ""
- gateway_id = "igw-04180e8d0b0cd5dd6"
- instance_id = ""
- ipv6_cidr_block = ""
- local_gateway_id = ""
- nat_gateway_id = ""
- network_interface_id = ""
- transit_gateway_id = ""
- vpc_endpoint_id = ""
- vpc_peering_connection_id = ""
},
- {
- carrier_gateway_id = ""
- cidr_block = "10.0.2.51/32"
- core_network_arn = ""
- destination_prefix_list_id = ""
- egress_only_gateway_id = ""
- gateway_id = ""
- instance_id = ""
- ipv6_cidr_block = ""
- local_gateway_id = ""
- nat_gateway_id = ""
- network_interface_id = ""
- transit_gateway_id = ""
- vpc_endpoint_id = ""
- vpc_peering_connection_id = "pcx-0376ba4a56f7d508d"
},
+ {
+ carrier_gateway_id = null
+ cidr_block = "0.0.0.0/0"
+ core_network_arn = null
+ destination_prefix_list_id = null
+ egress_only_gateway_id = null
+ gateway_id = "igw-04180e8d0b0cd5dd6"
+ instance_id = null
+ ipv6_cidr_block = null
+ local_gateway_id = null
+ nat_gateway_id = null
+ network_interface_id = null
+ transit_gateway_id = null
+ vpc_endpoint_id = null
+ vpc_peering_connection_id = null
},
]
tags = {
"name" = "publicRouteTable-prod"
}
Immediately after the deployment the AWS UI reports that the route doesn’t exist but after a bit the route shows up in the AWS UI. If I try deploying again, Terraform attempts to create the route. If I try again, it seems that Terraform wants to remove the route.
Why might this flip-flop be happening?
EDIT: when I check the cdk.tf.json file after a npx deploy command which attempts to remove the route, I see the following:
"aws_route": {
"thirdweb-vpc-peer-route": {
"//": {
"metadata": {
"path": "goldsky-infra-prod/vpc-peer-route",
"uniqueId": "vpc-peer-route"
}
},
"destination_cidr_block": "10.0.2.51/32",
"route_table_id": "${aws_route_table.publicRouteTable.id}",
"vpc_peering_connection_id": "pcx-0376ba4a56f7d508d"
}
},
which suggests that this this route should indeed be part of the route table.
EDIT 2: found the solution, moving the route into the route table solves the thrashing issue.
const publicRouteTable = new aws.vpc.RouteTable(this, "publicRouteTable", {
vpcId: clusterVpc.id,
route: [
{
cidrBlock: "0.0.0.0/0",
gatewayId: internetGateway.id,
},
{
vpcPeeringConnectionId: "pcx-0376ba4a56f7d508d",
cidrBlock: "10.0.2.51/32",
}
],
tags: {
name: `publicRouteTable-${environment}`,
},
});
