You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're running into an issue on the latest version where if we make changes to the primary vpc module reference (that creates the VPC) and then create a secondary CIDR range with Cloud WAN in a separate vpc module reference, that it wants to recreate the Cloud WAN / Network Manager VPC attachment after initial apply with subsequent changes.
For example, you can use the code snippet (below in Code Snippet section) and leave off the public subnets. Terraform apply it, then add the public subnets or make some sort of small change, and all of a sudden it wants to additionally recreate the network manager vpc attachment, because it thinks the vpc_arn has changed... However, nothing else has changed that would cause the VPC ARN to change, the same VPC is being used.
Steps to reproduce:
Using Code Snippet (below), comment out public subnets
terraform apply
Uncomment public subnets
terraform apply --> this will cause the cwan attachment replacement, which should not happen
There are likely many more scenarios where a change to the main vpc module reference causes this same behavior.
Plan/Apply Output:
...
other tf changes hidden to condense the output
...
# module.vpc_cwan.aws_networkmanager_vpc_attachment.cwan[0] must be replaced
-/+ resource "aws_networkmanager_vpc_attachment" "cwan" {
~ arn = "arn:aws:networkmanager::<redacted>:attachment/attachment-<redacted>" -> (known after apply)
~ attachment_policy_rule_number = 0 -> (known after apply)
~ attachment_type = "VPC" -> (known after apply)
~ core_network_arn = "arn:aws:networkmanager::<redacted>:core-network/core-network-<redacted>" -> (known after apply)
~ edge_location = "us-east-1" -> (known after apply)
~ id = "attachment-<redacted>" -> (known after apply)
~ owner_account_id = "<redacted>" -> (known after apply)
~ resource_arn = "arn:aws:ec2:us-east-1:<redacted>:vpc/vpc-<redacted>" -> (known after apply)
+ segment_name = (known after apply)
~ state = "AVAILABLE" -> (known after apply)
tags = {
"Name" = "cwan-vpc_attachment"
"segname" = "prod"
}
~ vpc_arn = "arn:aws:ec2:us-east-1:<redacted>:vpc/vpc-<redacted>" -> (known after apply) # forces replacement
# (3 unchanged attributes hidden)
# (1 unchanged block hidden)
}
It must be that the data.aws_vpc resource is signaling that the value is potentially changing.
Any thoughts on how we can avoid this? We cannot have CWAN attachments getting dropped, as it forces a manual approval on the Network Manager side to allow it to attach again and could be disruptive to connectivity while it is re-associating to the core network.
Thanks!
The text was updated successfully, but these errors were encountered:
Release 4.4.3
Hello Team,
We're running into an issue on the latest version where if we make changes to the primary vpc module reference (that creates the VPC) and then create a secondary CIDR range with Cloud WAN in a separate vpc module reference, that it wants to recreate the Cloud WAN / Network Manager VPC attachment after initial apply with subsequent changes.
For example, you can use the code snippet (below in Code Snippet section) and leave off the public subnets. Terraform apply it, then add the public subnets or make some sort of small change, and all of a sudden it wants to additionally recreate the network manager vpc attachment, because it thinks the
vpc_arn
has changed... However, nothing else has changed that would cause the VPC ARN to change, the same VPC is being used.Steps to reproduce:
public
subnetspublic
subnetsThere are likely many more scenarios where a change to the main vpc module reference causes this same behavior.
Plan/Apply Output:
Code Snippet:
I noticed that the
aws_networkmanager_vpc_attachment
resource in the code is referencinglocal.vpc.arn
:https://github.com/aws-ia/terraform-aws-vpc/blob/8adf507bbddb5d959fc63cb894f40afc9d9f4405/data.tf#L92C3-L92C71
It must be that the
data.aws_vpc
resource is signaling that the value is potentially changing.Any thoughts on how we can avoid this? We cannot have CWAN attachments getting dropped, as it forces a manual approval on the Network Manager side to allow it to attach again and could be disruptive to connectivity while it is re-associating to the core network.
Thanks!
The text was updated successfully, but these errors were encountered: