Feature Request: default_* attributes for aws_vpc data source

[cbarbour]

Affected data source

• aws_vpc

Terraform Configuration Files

data "aws_vpc" "default" {
  default = true
}

resource "aws_default_route_table" "main" {
  default_route_table_id = "${data.aws_vpc.default.default_route_table_id}"

  tags {
    Name = "Main VPC Default table"
  }
}

resource "aws_default_security_group" "main" {
  vpc_id = "${data.aws_vpc.default.id}"

  tags {
    Name = "Main Default security group"
  }
}

resource "aws_default_network_acl" "main" {
  default_network_acl_id = "${data.aws_vpc.default.default_network_acl_id}"
  subnet_ids = [ "${aws_subnet.main.*.id}" ]

  tags {
    Name = "Main VPC Default Network ACL"
  }
}

Expected Behavior

It would be useful if aws_default_network_acl, aws_default_route_table, & aws_default_security_group were available as attributes of the aws_vpc data source so that these resources could be managed without importing the default VPC.

Actual Behavior

The aws_vpc data source doesn't export these attributes, making it impossible to discover their resource IDs.

Important Factoids

The alternative would be to import the default VPC into Terraform, and reference it's attributes. However, if destroyed it's impossible for Terraform to recreate the default VPC.

prevent_destroy could be used, but that would break the blanket terraform destroy command.

References

https://aws.amazon.com/premiumsupport/knowledge-center/deleted-default-vpc/

[ewbankkit]

@cbarbour : With a couple of open PRs

• resource/aws: Add 'aws_default_vpc' resource #11710 to add an aws_default_vpc resource
• provider/aws: Add 'aws_network_acl' data source #12709 to add an aws_network_acl data source

I think this can be achieved without modifying the aws_vpc data source.

You can get the VPC ID from the aws_vpc data source and then use the existing aws_route_table data sources to get the ID you want:

data "aws_vpc" "default" {
  default = true
}

data "aws_route_table" "default" {
  vpc_id = "${data.aws_vpc.default.id}"

  filter {
    name = "association.main"

    values = [
      "true",
    ]
  }
}

resource "aws_default_route_table" "main" {
  default_route_table_id = "${data.aws_route_table.default.id}"

  tags {
    Name = "Main VPC Default table"
  }
}

Once #12709 is merged then you can do the same for the default NACL:

data "aws_network_acl" "default" {
  vpc_id = "${data.aws_vpc.default.id}"
  default = true
}

resource "aws_default_network_acl" "main" {
  default_network_acl_id = "${data.aws_network_acl.default.id}"
  subnet_ids = [ "${aws_subnet.main.*.id}" ]

  tags {
    Name = "Main VPC Default Network ACL"
  }
}

And once #11710 is merged:

resource "aws_default_vpc" "default" {
  tags {
    Name = "Main VPC"
  }
}

resource "aws_default_route_table" "main" {
  default_route_table_id = "${aws_default_vpc.default_route_table_id}"

  tags {
    Name = "Main VPC Default table"
  }
}

resource "aws_default_security_group" "main" {
  vpc_id = "${aws_default_vpc.id}"

  tags {
    Name = "Main Default security group"
  }
}

resource "aws_default_network_acl" "main" {
  default_network_acl_id = "${aws_default_vpc.default_network_acl_id}"
  subnet_ids = [ "${aws_subnet.main.*.id}" ]

  tags {
    Name = "Main VPC Default Network ACL"
  }
}

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.