Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: secondary_private_ip_address_count causes NAT Gateway replacement #33964

Open
jamesh37 opened this issue Oct 17, 2023 · 3 comments · May be fixed by #36360
Open

[Bug]: secondary_private_ip_address_count causes NAT Gateway replacement #33964

jamesh37 opened this issue Oct 17, 2023 · 3 comments · May be fixed by #36360
Labels
bug Addresses a defect in current functionality. service/vpc Issues and PRs that pertain to the vpc service.

Comments

@jamesh37
Copy link

jamesh37 commented Oct 17, 2023
edited
Loading

Terraform Core Version

0.13.21

AWS Provider Version

5.21.0

Affected Resource(s)

aws_nat_gateway

Expected Behavior

Changing secondary IPs should not cause the affected NAT gateway to be replaced.

Actual Behavior

The NAT gateway is marked to be replaced with the secondary_private_ip_address_count marked as the cause.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_nat_gateway" "example" {
  subnet_id                = aws_subnet.public.example.id
  allocation_id            = var.elastic_ip_id
  secondary_allocation_ids = var.additional_ip_ids
}

Steps to Reproduce

  1. Create a NAT gateway with no secondary allocation IDs.
  2. Add the secondary_allocation_ids argument with additional IPs to assign.
  3. Run the plan.
  4. NAT gateway resource should be marked for recreation.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

The resource works as expected if the ForceNew: true option is removed from https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/ec2/vpc_nat_gateway.go#L89
I'm unsure though if that option is required for some some reason. If it is as simple as that, I'd be happy to get a PR up.

Would you like to implement a fix?

None
@jamesh37 jamesh37 added the bug Addresses a defect in current functionality. label Oct 17, 2023
@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added the service/vpc Issues and PRs that pertain to the vpc service. label Oct 17, 2023
@terraform-aws-provider terraform-aws-provider bot added the needs-triage Waiting for first response or review from a maintainer. label Oct 17, 2023
@justinretzolk justinretzolk removed the needs-triage Waiting for first response or review from a maintainer. label Oct 25, 2023
@b-diggity
Copy link
Contributor

It appears the 'ForceNew: true' option on the 'secondary_ip_address_count' is needed as that value is additive. Example: if that input was set to 2, and then you change it to 3, the computed value becomes 5.

The 'secondary_ip_address_count' value needs to be ignored unless explicitly set.

@davidsonjon davidsonjon linked a pull request Mar 13, 2024 that will close this issue
Open
@jeremyweber72 jeremyweber72 mentioned this issue Sep 4, 2024
Open
This was referenced Oct 31, 2024
Closed
Open
@velkovb
Copy link

velkovb commented Oct 31, 2024

secondary_private_ip_address_count - (Optional) [Private NAT Gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT Gateway.

Why does it appear at all on a public NAT Gateway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/vpc Issues and PRs that pertain to the vpc service.
Projects
None yet
Milestone
No milestone
4 participants
@velkovb @jamesh37 @justinretzolk @b-diggity