To reproduce issue with terraform v0.11.14 and module version v1.6.1:
git checkout v1.6.1
cd examples/complete-vpn-gateway-with-static-routes
# Edit main.tf and set version on the vpc module to 1.67.0 (terraform-0.11 compatible)
#############################
# init #
#############################
terraform init
Initializing modules...
- module.vpn_gateway
- module.vpc
Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
- Downloading plugin for provider "aws" (2.21.1)...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.
* provider.aws: version = "~> 2.21"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
#############################
# plan #
#############################
terraform plan -out terraform.tfplan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ aws_customer_gateway.main
id: <computed>
bgp_asn: "65000"
ip_address: "172.83.124.11"
tags.%: "1"
tags.Name: "main-customer-gateway-complete-example-with-static-routes"
type: "ipsec.1"
+ module.vpc.aws_internet_gateway.this
id: <computed>
owner_id: <computed>
tags.%: "3"
tags.Environment: "staging"
tags.Name: "complete"
tags.Owner: "user"
vpc_id: "${local.vpc_id}"
+ module.vpc.aws_route.public_internet_gateway
id: <computed>
destination_cidr_block: "0.0.0.0/0"
destination_prefix_list_id: <computed>
egress_only_gateway_id: <computed>
gateway_id: "${aws_internet_gateway.this.id}"
instance_id: <computed>
instance_owner_id: <computed>
nat_gateway_id: <computed>
network_interface_id: <computed>
origin: <computed>
route_table_id: "${aws_route_table.public.id}"
state: <computed>
+ module.vpc.aws_route_table.private[0]
id: <computed>
owner_id: <computed>
propagating_vgws.#: <computed>
route.#: <computed>
tags.%: "3"
tags.Environment: "staging"
tags.Name: "complete"
tags.Owner: "user"
vpc_id: "${local.vpc_id}"
+ module.vpc.aws_route_table.private[1]
id: <computed>
owner_id: <computed>
propagating_vgws.#: <computed>
route.#: <computed>
tags.%: "3"
tags.Environment: "staging"
tags.Name: "complete"
tags.Owner: "user"
vpc_id: "${local.vpc_id}"
+ module.vpc.aws_route_table.private[2]
id: <computed>
owner_id: <computed>
propagating_vgws.#: <computed>
route.#: <computed>
tags.%: "3"
tags.Environment: "staging"
tags.Name: "complete"
tags.Owner: "user"
vpc_id: "${local.vpc_id}"
+ module.vpc.aws_route_table.public
id: <computed>
owner_id: <computed>
propagating_vgws.#: <computed>
route.#: <computed>
tags.%: "3"
tags.Environment: "staging"
tags.Name: "complete"
tags.Owner: "user"
vpc_id: "${local.vpc_id}"
+ module.vpc.aws_route_table_association.private[0]
id: <computed>
route_table_id: "${element(aws_route_table.private.*.id, (var.single_nat_gateway ? 0 : count.index))}"
subnet_id: "${element(aws_subnet.private.*.id, count.index)}"
+ module.vpc.aws_route_table_association.private[1]
id: <computed>
route_table_id: "${element(aws_route_table.private.*.id, (var.single_nat_gateway ? 0 : count.index))}"
subnet_id: "${element(aws_subnet.private.*.id, count.index)}"
+ module.vpc.aws_route_table_association.private[2]
id: <computed>
route_table_id: "${element(aws_route_table.private.*.id, (var.single_nat_gateway ? 0 : count.index))}"
subnet_id: "${element(aws_subnet.private.*.id, count.index)}"
+ module.vpc.aws_route_table_association.public[0]
id: <computed>
route_table_id: "${aws_route_table.public.id}"
subnet_id: "${element(aws_subnet.public.*.id, count.index)}"
+ module.vpc.aws_route_table_association.public[1]
id: <computed>
route_table_id: "${aws_route_table.public.id}"
subnet_id: "${element(aws_subnet.public.*.id, count.index)}"
+ module.vpc.aws_route_table_association.public[2]
id: <computed>
route_table_id: "${aws_route_table.public.id}"
subnet_id: "${element(aws_subnet.public.*.id, count.index)}"
+ module.vpc.aws_subnet.private[0]
id: <computed>
arn: <computed>
assign_ipv6_address_on_creation: "false"
availability_zone: "eu-west-2a"
availability_zone_id: <computed>
cidr_block: "10.10.1.0/24"
ipv6_cidr_block: <computed>
ipv6_cidr_block_association_id: <computed>
map_public_ip_on_launch: "false"
owner_id: <computed>
tags.%: "3"
tags.Environment: "staging"
tags.Name: "complete"
tags.Owner: "user"
vpc_id: "${local.vpc_id}"
+ module.vpc.aws_subnet.private[1]
id: <computed>
arn: <computed>
assign_ipv6_address_on_creation: "false"
availability_zone: "eu-west-2b"
availability_zone_id: <computed>
cidr_block: "10.10.2.0/24"
ipv6_cidr_block: <computed>
ipv6_cidr_block_association_id: <computed>
map_public_ip_on_launch: "false"
owner_id: <computed>
tags.%: "3"
tags.Environment: "staging"
tags.Name: "complete"
tags.Owner: "user"
vpc_id: "${local.vpc_id}"
+ module.vpc.aws_subnet.private[2]
id: <computed>
arn: <computed>
assign_ipv6_address_on_creation: "false"
availability_zone: "eu-west-2c"
availability_zone_id: <computed>
cidr_block: "10.10.3.0/24"
ipv6_cidr_block: <computed>
ipv6_cidr_block_association_id: <computed>
map_public_ip_on_launch: "false"
owner_id: <computed>
tags.%: "3"
tags.Environment: "staging"
tags.Name: "complete"
tags.Owner: "user"
vpc_id: "${local.vpc_id}"
+ module.vpc.aws_subnet.public[0]
id: <computed>
arn: <computed>
assign_ipv6_address_on_creation: "false"
availability_zone: "eu-west-2a"
availability_zone_id: <computed>
cidr_block: "10.10.11.0/24"
ipv6_cidr_block: <computed>
ipv6_cidr_block_association_id: <computed>
map_public_ip_on_launch: "true"
owner_id: <computed>
tags.%: "3"
tags.Environment: "staging"
tags.Name: "complete"
tags.Owner: "user"
vpc_id: "${local.vpc_id}"
+ module.vpc.aws_subnet.public[1]
id: <computed>
arn: <computed>
assign_ipv6_address_on_creation: "false"
availability_zone: "eu-west-2b"
availability_zone_id: <computed>
cidr_block: "10.10.12.0/24"
ipv6_cidr_block: <computed>
ipv6_cidr_block_association_id: <computed>
map_public_ip_on_launch: "true"
owner_id: <computed>
tags.%: "3"
tags.Environment: "staging"
tags.Name: "complete"
tags.Owner: "user"
vpc_id: "${local.vpc_id}"
+ module.vpc.aws_subnet.public[2]
id: <computed>
arn: <computed>
assign_ipv6_address_on_creation: "false"
availability_zone: "eu-west-2c"
availability_zone_id: <computed>
cidr_block: "10.10.13.0/24"
ipv6_cidr_block: <computed>
ipv6_cidr_block_association_id: <computed>
map_public_ip_on_launch: "true"
owner_id: <computed>
tags.%: "3"
tags.Environment: "staging"
tags.Name: "complete"
tags.Owner: "user"
vpc_id: "${local.vpc_id}"
+ module.vpc.aws_vpc.this
id: <computed>
arn: <computed>
assign_generated_ipv6_cidr_block: "false"
cidr_block: "10.10.0.0/16"
default_network_acl_id: <computed>
default_route_table_id: <computed>
default_security_group_id: <computed>
dhcp_options_id: <computed>
enable_classiclink: <computed>
enable_classiclink_dns_support: <computed>
enable_dns_hostnames: "false"
enable_dns_support: "true"
instance_tenancy: "default"
ipv6_association_id: <computed>
ipv6_cidr_block: <computed>
main_route_table_id: <computed>
owner_id: <computed>
tags.%: "3"
tags.Environment: "staging"
tags.Name: "complete"
tags.Owner: "user"
+ module.vpc.aws_vpn_gateway.this
id: <computed>
amazon_side_asn: "64512"
tags.%: "3"
tags.Environment: "staging"
tags.Name: "complete"
tags.Owner: "user"
vpc_id: "${local.vpc_id}"
+ module.vpn_gateway.aws_vpn_connection.tunnel_preshared
id: <computed>
customer_gateway_configuration: <computed>
customer_gateway_id: "${var.customer_gateway_id}"
routes.#: <computed>
static_routes_only: "true"
tags.%: <computed>
transit_gateway_attachment_id: <computed>
tunnel1_address: <computed>
tunnel1_bgp_asn: <computed>
tunnel1_bgp_holdtime: <computed>
tunnel1_cgw_inside_address: <computed>
tunnel1_inside_cidr: "169.254.33.88/30"
tunnel1_preshared_key: <sensitive>
tunnel1_vgw_inside_address: <computed>
tunnel2_address: <computed>
tunnel2_bgp_asn: <computed>
tunnel2_bgp_holdtime: <computed>
tunnel2_cgw_inside_address: <computed>
tunnel2_inside_cidr: "169.254.33.100/30"
tunnel2_preshared_key: <sensitive>
tunnel2_vgw_inside_address: <computed>
type: "ipsec.1"
vgw_telemetry.#: <computed>
vpn_gateway_id: "${var.vpn_gateway_id}"
+ module.vpn_gateway.aws_vpn_connection_route.default[0]
id: <computed>
destination_cidr_block: "10.100.0.1/32"
vpn_connection_id: "${element(split(\",\", (local.create_tunner_with_internal_cidr_only ? join(\",\", aws_vpn_connection.tunnel.*.id) : (local.create_tunner_with_preshared_key_only ? join(\",\", aws_vpn_connection.preshared.*.id) : (local.tunnel_details_specified ? join(\",\", aws_vpn_connection.tunnel_preshared.*.id) : join(\",\", aws_vpn_connection.default.*.id))))), 0)}"
+ module.vpn_gateway.aws_vpn_connection_route.default[1]
id: <computed>
destination_cidr_block: "10.200.0.1/32"
vpn_connection_id: "${element(split(\",\", (local.create_tunner_with_internal_cidr_only ? join(\",\", aws_vpn_connection.tunnel.*.id) : (local.create_tunner_with_preshared_key_only ? join(\",\", aws_vpn_connection.preshared.*.id) : (local.tunnel_details_specified ? join(\",\", aws_vpn_connection.tunnel_preshared.*.id) : join(\",\", aws_vpn_connection.default.*.id))))), 0)}"
+ module.vpn_gateway.aws_vpn_gateway_attachment.default
id: <computed>
vpc_id: "${var.vpc_id}"
vpn_gateway_id: "${var.vpn_gateway_id}"
+ module.vpn_gateway.aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[0]
id: <computed>
route_table_id: "${element(var.vpc_subnet_route_table_ids, count.index)}"
vpn_gateway_id: "${var.vpn_gateway_id}"
+ module.vpn_gateway.aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[1]
id: <computed>
route_table_id: "${element(var.vpc_subnet_route_table_ids, count.index)}"
vpn_gateway_id: "${var.vpn_gateway_id}"
+ module.vpn_gateway.aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[2]
id: <computed>
route_table_id: "${element(var.vpc_subnet_route_table_ids, count.index)}"
vpn_gateway_id: "${var.vpn_gateway_id}"
Plan: 28 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
This plan was saved to: terraform.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "terraform.tfplan"
#############################
# apply #
#############################
terraform apply terraform.tfplan
aws_customer_gateway.main: Creating...
bgp_asn: "" => "65000"
ip_address: "" => "172.83.124.11"
tags.%: "" => "1"
tags.Name: "" => "main-customer-gateway-complete-example-with-static-routes"
type: "" => "ipsec.1"
module.vpc.aws_vpc.this: Creating...
arn: "" => "<computed>"
assign_generated_ipv6_cidr_block: "" => "false"
cidr_block: "" => "10.10.0.0/16"
default_network_acl_id: "" => "<computed>"
default_route_table_id: "" => "<computed>"
default_security_group_id: "" => "<computed>"
dhcp_options_id: "" => "<computed>"
enable_classiclink: "" => "<computed>"
enable_classiclink_dns_support: "" => "<computed>"
enable_dns_hostnames: "" => "false"
enable_dns_support: "" => "true"
instance_tenancy: "" => "default"
ipv6_association_id: "" => "<computed>"
ipv6_cidr_block: "" => "<computed>"
main_route_table_id: "" => "<computed>"
owner_id: "" => "<computed>"
tags.%: "" => "3"
tags.Environment: "" => "staging"
tags.Name: "" => "complete"
tags.Owner: "" => "user"
module.vpc.aws_vpc.this: Creation complete after 2s (ID: vpc-0eb30eddb914a004c)
module.vpc.aws_vpn_gateway.this: Creating...
amazon_side_asn: "" => "64512"
tags.%: "" => "3"
tags.Environment: "" => "staging"
tags.Name: "" => "complete"
tags.Owner: "" => "user"
vpc_id: "" => "vpc-0eb30eddb914a004c"
module.vpc.aws_subnet.private[2]: Creating...
arn: "" => "<computed>"
assign_ipv6_address_on_creation: "" => "false"
availability_zone: "" => "eu-west-2c"
availability_zone_id: "" => "<computed>"
cidr_block: "" => "10.10.3.0/24"
ipv6_cidr_block: "" => "<computed>"
ipv6_cidr_block_association_id: "" => "<computed>"
map_public_ip_on_launch: "" => "false"
owner_id: "" => "<computed>"
tags.%: "" => "3"
tags.Environment: "" => "staging"
tags.Name: "" => "complete"
tags.Owner: "" => "user"
vpc_id: "" => "vpc-0eb30eddb914a004c"
module.vpc.aws_route_table.private[2]: Creating...
owner_id: "" => "<computed>"
propagating_vgws.#: "" => "<computed>"
route.#: "" => "<computed>"
tags.%: "" => "3"
tags.Environment: "" => "staging"
tags.Name: "" => "complete"
tags.Owner: "" => "user"
vpc_id: "" => "vpc-0eb30eddb914a004c"
module.vpc.aws_route_table.private[0]: Creating...
owner_id: "" => "<computed>"
propagating_vgws.#: "" => "<computed>"
route.#: "" => "<computed>"
tags.%: "" => "3"
tags.Environment: "" => "staging"
tags.Name: "" => "complete"
tags.Owner: "" => "user"
vpc_id: "" => "vpc-0eb30eddb914a004c"
module.vpc.aws_route_table.private[1]: Creating...
owner_id: "" => "<computed>"
propagating_vgws.#: "" => "<computed>"
route.#: "" => "<computed>"
tags.%: "" => "3"
tags.Environment: "" => "staging"
tags.Name: "" => "complete"
tags.Owner: "" => "user"
vpc_id: "" => "vpc-0eb30eddb914a004c"
module.vpc.aws_subnet.public[1]: Creating...
arn: "" => "<computed>"
assign_ipv6_address_on_creation: "" => "false"
availability_zone: "" => "eu-west-2b"
availability_zone_id: "" => "<computed>"
cidr_block: "" => "10.10.12.0/24"
ipv6_cidr_block: "" => "<computed>"
ipv6_cidr_block_association_id: "" => "<computed>"
map_public_ip_on_launch: "" => "true"
owner_id: "" => "<computed>"
tags.%: "" => "3"
tags.Environment: "" => "staging"
tags.Name: "" => "complete"
tags.Owner: "" => "user"
vpc_id: "" => "vpc-0eb30eddb914a004c"
module.vpc.aws_subnet.private[0]: Creating...
arn: "" => "<computed>"
assign_ipv6_address_on_creation: "" => "false"
availability_zone: "" => "eu-west-2a"
availability_zone_id: "" => "<computed>"
cidr_block: "" => "10.10.1.0/24"
ipv6_cidr_block: "" => "<computed>"
ipv6_cidr_block_association_id: "" => "<computed>"
map_public_ip_on_launch: "" => "false"
owner_id: "" => "<computed>"
tags.%: "" => "3"
tags.Environment: "" => "staging"
tags.Name: "" => "complete"
tags.Owner: "" => "user"
vpc_id: "" => "vpc-0eb30eddb914a004c"
module.vpc.aws_subnet.private[1]: Creating...
arn: "" => "<computed>"
assign_ipv6_address_on_creation: "" => "false"
availability_zone: "" => "eu-west-2b"
availability_zone_id: "" => "<computed>"
cidr_block: "" => "10.10.2.0/24"
ipv6_cidr_block: "" => "<computed>"
ipv6_cidr_block_association_id: "" => "<computed>"
map_public_ip_on_launch: "" => "false"
owner_id: "" => "<computed>"
tags.%: "" => "3"
tags.Environment: "" => "staging"
tags.Name: "" => "complete"
tags.Owner: "" => "user"
vpc_id: "" => "vpc-0eb30eddb914a004c"
module.vpc.aws_subnet.public[2]: Creating...
arn: "" => "<computed>"
assign_ipv6_address_on_creation: "" => "false"
availability_zone: "" => "eu-west-2c"
availability_zone_id: "" => "<computed>"
cidr_block: "" => "10.10.13.0/24"
ipv6_cidr_block: "" => "<computed>"
ipv6_cidr_block_association_id: "" => "<computed>"
map_public_ip_on_launch: "" => "true"
owner_id: "" => "<computed>"
tags.%: "" => "3"
tags.Environment: "" => "staging"
tags.Name: "" => "complete"
tags.Owner: "" => "user"
vpc_id: "" => "vpc-0eb30eddb914a004c"
module.vpc.aws_route_table.private[1]: Creation complete after 0s (ID: rtb-096383611e3e0ccc5)
module.vpc.aws_route_table.private[2]: Creation complete after 0s (ID: rtb-09963312dfb62c170)
module.vpc.aws_route_table.private[0]: Creation complete after 0s (ID: rtb-00f0f7ed0c67b17aa)
module.vpc.aws_internet_gateway.this: Creating...
owner_id: "" => "<computed>"
tags.%: "0" => "3"
tags.Environment: "" => "staging"
tags.Name: "" => "complete"
tags.Owner: "" => "user"
vpc_id: "" => "vpc-0eb30eddb914a004c"
module.vpc.aws_route_table.public: Creating...
owner_id: "" => "<computed>"
propagating_vgws.#: "" => "<computed>"
route.#: "" => "<computed>"
tags.%: "" => "3"
tags.Environment: "" => "staging"
tags.Name: "" => "complete"
tags.Owner: "" => "user"
vpc_id: "" => "vpc-0eb30eddb914a004c"
module.vpc.aws_subnet.public[0]: Creating...
arn: "" => "<computed>"
assign_ipv6_address_on_creation: "" => "false"
availability_zone: "" => "eu-west-2a"
availability_zone_id: "" => "<computed>"
cidr_block: "" => "10.10.11.0/24"
ipv6_cidr_block: "" => "<computed>"
ipv6_cidr_block_association_id: "" => "<computed>"
map_public_ip_on_launch: "" => "true"
owner_id: "" => "<computed>"
tags.%: "" => "3"
tags.Environment: "" => "staging"
tags.Name: "" => "complete"
tags.Owner: "" => "user"
vpc_id: "" => "vpc-0eb30eddb914a004c"
module.vpc.aws_subnet.private[0]: Creation complete after 0s (ID: subnet-0ef592ffc04a9aef2)
module.vpc.aws_subnet.private[2]: Creation complete after 0s (ID: subnet-0577e474c85ed5801)
module.vpc.aws_subnet.private[1]: Creation complete after 0s (ID: subnet-03cdf13a9b80b839c)
module.vpc.aws_route_table_association.private[0]: Creating...
route_table_id: "" => "rtb-00f0f7ed0c67b17aa"
subnet_id: "" => "subnet-0ef592ffc04a9aef2"
module.vpc.aws_route_table_association.private[2]: Creating...
route_table_id: "" => "rtb-09963312dfb62c170"
subnet_id: "" => "subnet-0577e474c85ed5801"
module.vpc.aws_route_table_association.private[1]: Creating...
route_table_id: "" => "rtb-096383611e3e0ccc5"
subnet_id: "" => "subnet-03cdf13a9b80b839c"
module.vpc.aws_subnet.public[1]: Creation complete after 0s (ID: subnet-002585e1b58aa393b)
module.vpc.aws_route_table.public: Creation complete after 0s (ID: rtb-01c53b5ccb9449d21)
module.vpc.aws_route_table_association.private[2]: Creation complete after 1s (ID: rtbassoc-06d335ca139bd595f)
module.vpc.aws_route_table_association.private[1]: Creation complete after 1s (ID: rtbassoc-03ea32f71446a2caf)
module.vpc.aws_route_table_association.private[0]: Creation complete after 1s (ID: rtbassoc-07c3d6d5cfa428c0b)
module.vpc.aws_subnet.public[2]: Creation complete after 1s (ID: subnet-0e423481f07528741)
module.vpc.aws_internet_gateway.this: Creation complete after 1s (ID: igw-06d7ad0014289a27f)
module.vpc.aws_route.public_internet_gateway: Creating...
destination_cidr_block: "" => "0.0.0.0/0"
destination_prefix_list_id: "" => "<computed>"
egress_only_gateway_id: "" => "<computed>"
gateway_id: "" => "igw-06d7ad0014289a27f"
instance_id: "" => "<computed>"
instance_owner_id: "" => "<computed>"
nat_gateway_id: "" => "<computed>"
network_interface_id: "" => "<computed>"
origin: "" => "<computed>"
route_table_id: "" => "rtb-01c53b5ccb9449d21"
state: "" => "<computed>"
module.vpc.aws_subnet.public[0]: Creation complete after 1s (ID: subnet-077b58fb5cd045377)
module.vpc.aws_route_table_association.public[0]: Creating...
route_table_id: "" => "rtb-01c53b5ccb9449d21"
subnet_id: "" => "subnet-077b58fb5cd045377"
module.vpc.aws_route_table_association.public[1]: Creating...
route_table_id: "" => "rtb-01c53b5ccb9449d21"
subnet_id: "" => "subnet-002585e1b58aa393b"
module.vpc.aws_route_table_association.public[2]: Creating...
route_table_id: "" => "rtb-01c53b5ccb9449d21"
subnet_id: "" => "subnet-0e423481f07528741"
module.vpc.aws_route_table_association.public[0]: Creation complete after 0s (ID: rtbassoc-0ff2ba12ac17ffcf5)
module.vpc.aws_route_table_association.public[2]: Creation complete after 0s (ID: rtbassoc-05220f154bc9b896d)
module.vpc.aws_route_table_association.public[1]: Creation complete after 0s (ID: rtbassoc-0e268c5b17c7d085c)
module.vpc.aws_route.public_internet_gateway: Creation complete after 0s (ID: r-rtb-01c53b5ccb9449d211080289494)
aws_customer_gateway.main: Still creating... (10s elapsed)
aws_customer_gateway.main: Creation complete after 11s (ID: cgw-04ce2729918353c48)
module.vpc.aws_vpn_gateway.this: Still creating... (10s elapsed)
module.vpc.aws_vpn_gateway.this: Still creating... (20s elapsed)
module.vpc.aws_vpn_gateway.this: Still creating... (30s elapsed)
module.vpc.aws_vpn_gateway.this: Creation complete after 34s (ID: vgw-02162a10ec2e4dc79)
module.vpn_gateway.aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[2]: Creating...
route_table_id: "" => "rtb-09963312dfb62c170"
vpn_gateway_id: "" => "vgw-02162a10ec2e4dc79"
module.vpn_gateway.aws_vpn_gateway_attachment.default: Creating...
vpc_id: "" => "vpc-0eb30eddb914a004c"
vpn_gateway_id: "" => "vgw-02162a10ec2e4dc79"
module.vpn_gateway.aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[1]: Creating...
route_table_id: "" => "rtb-096383611e3e0ccc5"
vpn_gateway_id: "" => "vgw-02162a10ec2e4dc79"
module.vpn_gateway.aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[0]: Creating...
route_table_id: "" => "rtb-00f0f7ed0c67b17aa"
vpn_gateway_id: "" => "vgw-02162a10ec2e4dc79"
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Creating...
customer_gateway_configuration: "" => "<computed>"
customer_gateway_id: "" => "cgw-04ce2729918353c48"
routes.#: "" => "<computed>"
static_routes_only: "" => "true"
tags.%: "" => "1"
tags.Name: "" => "VPN Connection between VPC vpc-0eb30eddb914a004c and Customer Gateway cgw-04ce2729918353c48"
transit_gateway_attachment_id: "" => "<computed>"
tunnel1_address: "" => "<computed>"
tunnel1_bgp_asn: "" => "<computed>"
tunnel1_bgp_holdtime: "" => "<computed>"
tunnel1_cgw_inside_address: "" => "<computed>"
tunnel1_inside_cidr: "" => "169.254.33.88/30"
tunnel1_preshared_key: "<sensitive>" => "<sensitive>"
tunnel1_vgw_inside_address: "" => "<computed>"
tunnel2_address: "" => "<computed>"
tunnel2_bgp_asn: "" => "<computed>"
tunnel2_bgp_holdtime: "" => "<computed>"
tunnel2_cgw_inside_address: "" => "<computed>"
tunnel2_inside_cidr: "" => "169.254.33.100/30"
tunnel2_preshared_key: "<sensitive>" => "<sensitive>"
tunnel2_vgw_inside_address: "" => "<computed>"
type: "" => "ipsec.1"
vgw_telemetry.#: "" => "<computed>"
vpn_gateway_id: "" => "vgw-02162a10ec2e4dc79"
module.vpn_gateway.aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[0]: Creation complete after 0s (ID: vgw-02162a10ec2e4dc79_rtb-00f0f7ed0c67b17aa)
module.vpn_gateway.aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[2]: Creation complete after 0s (ID: vgw-02162a10ec2e4dc79_rtb-09963312dfb62c170)
module.vpn_gateway.aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[1]: Creation complete after 0s (ID: vgw-02162a10ec2e4dc79_rtb-096383611e3e0ccc5)
module.vpn_gateway.aws_vpn_gateway_attachment.default: Still creating... (10s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (10s elapsed)
module.vpn_gateway.aws_vpn_gateway_attachment.default: Creation complete after 10s (ID: vpn-attachment-7ac79f76)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (20s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (30s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (40s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (50s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (1m0s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (1m10s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (1m20s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (1m30s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (1m40s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (1m50s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (2m0s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (2m10s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (2m20s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (2m30s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (2m40s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (2m50s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (3m0s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (3m10s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (3m20s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (3m30s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (3m40s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Creation complete after 3m43s (ID: vpn-08bc89cadb3a93911)
module.vpn_gateway.aws_vpn_connection_route.default[0]: Creating...
destination_cidr_block: "" => "10.100.0.1/32"
vpn_connection_id: "" => "vpn-08bc89cadb3a93911"
module.vpn_gateway.aws_vpn_connection_route.default[1]: Creating...
destination_cidr_block: "" => "10.200.0.1/32"
vpn_connection_id: "" => "vpn-08bc89cadb3a93911"
module.vpn_gateway.aws_vpn_connection_route.default[0]: Creation complete after 0s (ID: 10.100.0.1/32:vpn-08bc89cadb3a93911)
module.vpn_gateway.aws_vpn_connection_route.default[1]: Creation complete after 0s (ID: 10.200.0.1/32:vpn-08bc89cadb3a93911)
Apply complete! Resources: 28 added, 0 changed, 0 destroyed.
Outputs:
vpn_connection_id = vpn-08bc89cadb3a93911
vpn_connection_tunnel1_address = 35.176.221.149
vpn_connection_tunnel1_cgw_inside_address = 169.254.33.102
vpn_connection_tunnel1_vgw_inside_address = 169.254.33.101
vpn_connection_tunnel2_address = 35.177.162.188
vpn_connection_tunnel2_cgw_inside_address = 169.254.33.90
vpn_connection_tunnel2_vgw_inside_address = 169.254.33.89
#############################
# plan #
#############################
terraform plan -out terraform.tfplan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_customer_gateway.main: Refreshing state... (ID: cgw-04ce2729918353c48)
aws_vpc.this: Refreshing state... (ID: vpc-0eb30eddb914a004c)
aws_route_table.private[1]: Refreshing state... (ID: rtb-096383611e3e0ccc5)
aws_route_table.private[2]: Refreshing state... (ID: rtb-09963312dfb62c170)
aws_route_table.private[0]: Refreshing state... (ID: rtb-00f0f7ed0c67b17aa)
aws_vpn_gateway.this: Refreshing state... (ID: vgw-02162a10ec2e4dc79)
aws_subnet.private[2]: Refreshing state... (ID: subnet-0577e474c85ed5801)
aws_subnet.private[1]: Refreshing state... (ID: subnet-03cdf13a9b80b839c)
aws_subnet.private[0]: Refreshing state... (ID: subnet-0ef592ffc04a9aef2)
aws_subnet.public[1]: Refreshing state... (ID: subnet-002585e1b58aa393b)
aws_subnet.public[2]: Refreshing state... (ID: subnet-0e423481f07528741)
aws_subnet.public[0]: Refreshing state... (ID: subnet-077b58fb5cd045377)
aws_route_table.public: Refreshing state... (ID: rtb-01c53b5ccb9449d21)
aws_internet_gateway.this: Refreshing state... (ID: igw-06d7ad0014289a27f)
aws_vpn_gateway_attachment.default: Refreshing state... (ID: vpn-attachment-7ac79f76)
aws_vpn_connection.tunnel_preshared: Refreshing state... (ID: vpn-08bc89cadb3a93911)
aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[2]: Refreshing state... (ID: vgw-02162a10ec2e4dc79_rtb-09963312dfb62c170)
aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[0]: Refreshing state... (ID: vgw-02162a10ec2e4dc79_rtb-00f0f7ed0c67b17aa)
aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[1]: Refreshing state... (ID: vgw-02162a10ec2e4dc79_rtb-096383611e3e0ccc5)
aws_route_table_association.private[2]: Refreshing state... (ID: rtbassoc-06d335ca139bd595f)
aws_route_table_association.private[0]: Refreshing state... (ID: rtbassoc-07c3d6d5cfa428c0b)
aws_route_table_association.private[1]: Refreshing state... (ID: rtbassoc-03ea32f71446a2caf)
aws_route_table_association.public[2]: Refreshing state... (ID: rtbassoc-05220f154bc9b896d)
aws_route_table_association.public[1]: Refreshing state... (ID: rtbassoc-0e268c5b17c7d085c)
aws_route.public_internet_gateway: Refreshing state... (ID: r-rtb-01c53b5ccb9449d211080289494)
aws_route_table_association.public[0]: Refreshing state... (ID: rtbassoc-0ff2ba12ac17ffcf5)
aws_vpn_connection_route.default[0]: Refreshing state... (ID: 10.100.0.1/32:vpn-08bc89cadb3a93911)
aws_vpn_connection_route.default[1]: Refreshing state... (ID: 10.200.0.1/32:vpn-08bc89cadb3a93911)
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
-/+ module.vpn_gateway.aws_vpn_connection.tunnel_preshared (new resource required)
id: "vpn-08bc89cadb3a93911" => <computed> (forces new resource)
customer_gateway_configuration: "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<vpn_connection id=\"vpn-08bc89cadb3a93911\">\n <customer_gateway_id>cgw-04ce2729918353c48</customer_gateway_id>\n <vpn_gateway_id>vgw-02162a10ec2e4dc79</vpn_gateway_id>\n <vpn_connection_type>ipsec.1</vpn_connection_type>\n <vpn_connection_attributes>NoBGPVPNConnection</vpn_connection_attributes>\n <ipsec_tunnel>\n <customer_gateway>\n <tunnel_outside_address>\n <ip_address>172.83.124.11</ip_address>\n </tunnel_outside_address>\n <tunnel_inside_address>\n <ip_address>169.254.33.102</ip_address>\n <network_mask>255.255.255.252</network_mask>\n <network_cidr>30</network_cidr>\n </tunnel_inside_address>\n </customer_gateway>\n <vpn_gateway>\n <tunnel_outside_address>\n <ip_address>35.176.221.149</ip_address>\n </tunnel_outside_address>\n <tunnel_inside_address>\n <ip_address>169.254.33.101</ip_address>\n <network_mask>255.255.255.252</network_mask>\n <network_cidr>30</network_cidr>\n </tunnel_inside_address>\n </vpn_gateway>\n <ike>\n <authentication_protocol>sha1</authentication_protocol>\n <encryption_protocol>aes-128-cbc</encryption_protocol>\n <lifetime>28800</lifetime>\n <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n <mode>main</mode>\n <pre_shared_key>abcdefghijklmn1234567890</pre_shared_key>\n </ike>\n <ipsec>\n <protocol>esp</protocol>\n <authentication_protocol>hmac-sha1-96</authentication_protocol>\n <encryption_protocol>aes-128-cbc</encryption_protocol>\n <lifetime>3600</lifetime>\n <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n <mode>tunnel</mode>\n <clear_df_bit>true</clear_df_bit>\n <fragmentation_before_encryption>true</fragmentation_before_encryption>\n <tcp_mss_adjustment>1379</tcp_mss_adjustment>\n <dead_peer_detection>\n <interval>10</interval>\n <retries>3</retries>\n </dead_peer_detection>\n </ipsec>\n </ipsec_tunnel>\n <ipsec_tunnel>\n <customer_gateway>\n <tunnel_outside_address>\n <ip_address>172.83.124.11</ip_address>\n </tunnel_outside_address>\n <tunnel_inside_address>\n <ip_address>169.254.33.90</ip_address>\n <network_mask>255.255.255.252</network_mask>\n <network_cidr>30</network_cidr>\n </tunnel_inside_address>\n </customer_gateway>\n <vpn_gateway>\n <tunnel_outside_address>\n <ip_address>35.177.162.188</ip_address>\n </tunnel_outside_address>\n <tunnel_inside_address>\n <ip_address>169.254.33.89</ip_address>\n <network_mask>255.255.255.252</network_mask>\n <network_cidr>30</network_cidr>\n </tunnel_inside_address>\n </vpn_gateway>\n <ike>\n <authentication_protocol>sha1</authentication_protocol>\n <encryption_protocol>aes-128-cbc</encryption_protocol>\n <lifetime>28800</lifetime>\n <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n <mode>main</mode>\n <pre_shared_key>1234567890abcdefghijklmn</pre_shared_key>\n </ike>\n <ipsec>\n <protocol>esp</protocol>\n <authentication_protocol>hmac-sha1-96</authentication_protocol>\n <encryption_protocol>aes-128-cbc</encryption_protocol>\n <lifetime>3600</lifetime>\n <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n <mode>tunnel</mode>\n <clear_df_bit>true</clear_df_bit>\n <fragmentation_before_encryption>true</fragmentation_before_encryption>\n <tcp_mss_adjustment>1379</tcp_mss_adjustment>\n <dead_peer_detection>\n <interval>10</interval>\n <retries>3</retries>\n </dead_peer_detection>\n </ipsec>\n </ipsec_tunnel>\n</vpn_connection>" => <computed>
customer_gateway_id: "cgw-04ce2729918353c48" => "cgw-04ce2729918353c48"
routes.#: "2" => <computed>
static_routes_only: "true" => "true"
tags.%: "1" => "1"
tags.Name: "VPN Connection between VPC vpc-0eb30eddb914a004c and Customer Gateway cgw-04ce2729918353c48" => "VPN Connection between VPC vpc-0eb30eddb914a004c and Customer Gateway cgw-04ce2729918353c48"
transit_gateway_attachment_id: "" => <computed>
tunnel1_address: "35.176.221.149" => <computed>
tunnel1_bgp_asn: "" => <computed>
tunnel1_bgp_holdtime: "0" => <computed>
tunnel1_cgw_inside_address: "169.254.33.102" => <computed>
tunnel1_inside_cidr: "169.254.33.88/30" => "169.254.33.88/30"
tunnel1_preshared_key: <sensitive> => <sensitive> (forces new resource)
tunnel1_vgw_inside_address: "169.254.33.101" => <computed>
tunnel2_address: "35.177.162.188" => <computed>
tunnel2_bgp_asn: "" => <computed>
tunnel2_bgp_holdtime: "0" => <computed>
tunnel2_cgw_inside_address: "169.254.33.90" => <computed>
tunnel2_inside_cidr: "169.254.33.100/30" => "169.254.33.100/30"
tunnel2_preshared_key: <sensitive> => <sensitive> (forces new resource)
tunnel2_vgw_inside_address: "169.254.33.89" => <computed>
type: "ipsec.1" => "ipsec.1"
vgw_telemetry.#: "2" => <computed>
vpn_gateway_id: "vgw-02162a10ec2e4dc79" => "vgw-02162a10ec2e4dc79"
-/+ module.vpn_gateway.aws_vpn_connection_route.default[0] (new resource required)
id: "10.100.0.1/32:vpn-08bc89cadb3a93911" => <computed> (forces new resource)
destination_cidr_block: "10.100.0.1/32" => "10.100.0.1/32"
vpn_connection_id: "vpn-08bc89cadb3a93911" => "${element(split(\",\", (local.create_tunner_with_internal_cidr_only ? join(\",\", aws_vpn_connection.tunnel.*.id) : (local.create_tunner_with_preshared_key_only ? join(\",\", aws_vpn_connection.preshared.*.id) : (local.tunnel_details_specified ? join(\",\", aws_vpn_connection.tunnel_preshared.*.id) : join(\",\", aws_vpn_connection.default.*.id))))), 0)}" (forces new resource)
-/+ module.vpn_gateway.aws_vpn_connection_route.default[1] (new resource required)
id: "10.200.0.1/32:vpn-08bc89cadb3a93911" => <computed> (forces new resource)
destination_cidr_block: "10.200.0.1/32" => "10.200.0.1/32"
vpn_connection_id: "vpn-08bc89cadb3a93911" => "${element(split(\",\", (local.create_tunner_with_internal_cidr_only ? join(\",\", aws_vpn_connection.tunnel.*.id) : (local.create_tunner_with_preshared_key_only ? join(\",\", aws_vpn_connection.preshared.*.id) : (local.tunnel_details_specified ? join(\",\", aws_vpn_connection.tunnel_preshared.*.id) : join(\",\", aws_vpn_connection.default.*.id))))), 0)}" (forces new resource)
Plan: 3 to add, 0 to change, 3 to destroy.
------------------------------------------------------------------------
This plan was saved to: terraform.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "terraform.tfplan"The second plan command reproduces the issue, offering to 3 to add, 0 to change, 3 to destroy while nothing should be changing.
Planning and applying twice seems to fix the connection.
#############################
# plan #
#############################
terraform plan -out terraform.tfplan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_customer_gateway.main: Refreshing state... (ID: cgw-04ce2729918353c48)
aws_vpc.this: Refreshing state... (ID: vpc-0eb30eddb914a004c)
aws_route_table.private[1]: Refreshing state... (ID: rtb-096383611e3e0ccc5)
aws_route_table.private[2]: Refreshing state... (ID: rtb-09963312dfb62c170)
aws_route_table.private[0]: Refreshing state... (ID: rtb-00f0f7ed0c67b17aa)
aws_vpn_gateway.this: Refreshing state... (ID: vgw-02162a10ec2e4dc79)
aws_subnet.private[2]: Refreshing state... (ID: subnet-0577e474c85ed5801)
aws_subnet.private[1]: Refreshing state... (ID: subnet-03cdf13a9b80b839c)
aws_subnet.private[0]: Refreshing state... (ID: subnet-0ef592ffc04a9aef2)
aws_subnet.public[1]: Refreshing state... (ID: subnet-002585e1b58aa393b)
aws_subnet.public[2]: Refreshing state... (ID: subnet-0e423481f07528741)
aws_subnet.public[0]: Refreshing state... (ID: subnet-077b58fb5cd045377)
aws_route_table.public: Refreshing state... (ID: rtb-01c53b5ccb9449d21)
aws_internet_gateway.this: Refreshing state... (ID: igw-06d7ad0014289a27f)
aws_vpn_gateway_attachment.default: Refreshing state... (ID: vpn-attachment-7ac79f76)
aws_vpn_connection.tunnel_preshared: Refreshing state... (ID: vpn-08bc89cadb3a93911)
aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[2]: Refreshing state... (ID: vgw-02162a10ec2e4dc79_rtb-09963312dfb62c170)
aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[0]: Refreshing state... (ID: vgw-02162a10ec2e4dc79_rtb-00f0f7ed0c67b17aa)
aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[1]: Refreshing state... (ID: vgw-02162a10ec2e4dc79_rtb-096383611e3e0ccc5)
aws_route_table_association.private[2]: Refreshing state... (ID: rtbassoc-06d335ca139bd595f)
aws_route_table_association.private[0]: Refreshing state... (ID: rtbassoc-07c3d6d5cfa428c0b)
aws_route_table_association.private[1]: Refreshing state... (ID: rtbassoc-03ea32f71446a2caf)
aws_route_table_association.public[2]: Refreshing state... (ID: rtbassoc-05220f154bc9b896d)
aws_route_table_association.public[1]: Refreshing state... (ID: rtbassoc-0e268c5b17c7d085c)
aws_route.public_internet_gateway: Refreshing state... (ID: r-rtb-01c53b5ccb9449d211080289494)
aws_route_table_association.public[0]: Refreshing state... (ID: rtbassoc-0ff2ba12ac17ffcf5)
aws_vpn_connection_route.default[0]: Refreshing state... (ID: 10.100.0.1/32:vpn-08bc89cadb3a93911)
aws_vpn_connection_route.default[1]: Refreshing state... (ID: 10.200.0.1/32:vpn-08bc89cadb3a93911)
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
-/+ module.vpn_gateway.aws_vpn_connection.tunnel_preshared (new resource required)
id: "vpn-08bc89cadb3a93911" => <computed> (forces new resource)
customer_gateway_configuration: "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<vpn_connection id=\"vpn-08bc89cadb3a93911\">\n <customer_gateway_id>cgw-04ce2729918353c48</customer_gateway_id>\n <vpn_gateway_id>vgw-02162a10ec2e4dc79</vpn_gateway_id>\n <vpn_connection_type>ipsec.1</vpn_connection_type>\n <vpn_connection_attributes>NoBGPVPNConnection</vpn_connection_attributes>\n <ipsec_tunnel>\n <customer_gateway>\n <tunnel_outside_address>\n <ip_address>172.83.124.11</ip_address>\n </tunnel_outside_address>\n <tunnel_inside_address>\n <ip_address>169.254.33.102</ip_address>\n <network_mask>255.255.255.252</network_mask>\n <network_cidr>30</network_cidr>\n </tunnel_inside_address>\n </customer_gateway>\n <vpn_gateway>\n <tunnel_outside_address>\n <ip_address>35.176.221.149</ip_address>\n </tunnel_outside_address>\n <tunnel_inside_address>\n <ip_address>169.254.33.101</ip_address>\n <network_mask>255.255.255.252</network_mask>\n <network_cidr>30</network_cidr>\n </tunnel_inside_address>\n </vpn_gateway>\n <ike>\n <authentication_protocol>sha1</authentication_protocol>\n <encryption_protocol>aes-128-cbc</encryption_protocol>\n <lifetime>28800</lifetime>\n <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n <mode>main</mode>\n <pre_shared_key>abcdefghijklmn1234567890</pre_shared_key>\n </ike>\n <ipsec>\n <protocol>esp</protocol>\n <authentication_protocol>hmac-sha1-96</authentication_protocol>\n <encryption_protocol>aes-128-cbc</encryption_protocol>\n <lifetime>3600</lifetime>\n <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n <mode>tunnel</mode>\n <clear_df_bit>true</clear_df_bit>\n <fragmentation_before_encryption>true</fragmentation_before_encryption>\n <tcp_mss_adjustment>1379</tcp_mss_adjustment>\n <dead_peer_detection>\n <interval>10</interval>\n <retries>3</retries>\n </dead_peer_detection>\n </ipsec>\n </ipsec_tunnel>\n <ipsec_tunnel>\n <customer_gateway>\n <tunnel_outside_address>\n <ip_address>172.83.124.11</ip_address>\n </tunnel_outside_address>\n <tunnel_inside_address>\n <ip_address>169.254.33.90</ip_address>\n <network_mask>255.255.255.252</network_mask>\n <network_cidr>30</network_cidr>\n </tunnel_inside_address>\n </customer_gateway>\n <vpn_gateway>\n <tunnel_outside_address>\n <ip_address>35.177.162.188</ip_address>\n </tunnel_outside_address>\n <tunnel_inside_address>\n <ip_address>169.254.33.89</ip_address>\n <network_mask>255.255.255.252</network_mask>\n <network_cidr>30</network_cidr>\n </tunnel_inside_address>\n </vpn_gateway>\n <ike>\n <authentication_protocol>sha1</authentication_protocol>\n <encryption_protocol>aes-128-cbc</encryption_protocol>\n <lifetime>28800</lifetime>\n <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n <mode>main</mode>\n <pre_shared_key>1234567890abcdefghijklmn</pre_shared_key>\n </ike>\n <ipsec>\n <protocol>esp</protocol>\n <authentication_protocol>hmac-sha1-96</authentication_protocol>\n <encryption_protocol>aes-128-cbc</encryption_protocol>\n <lifetime>3600</lifetime>\n <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n <mode>tunnel</mode>\n <clear_df_bit>true</clear_df_bit>\n <fragmentation_before_encryption>true</fragmentation_before_encryption>\n <tcp_mss_adjustment>1379</tcp_mss_adjustment>\n <dead_peer_detection>\n <interval>10</interval>\n <retries>3</retries>\n </dead_peer_detection>\n </ipsec>\n </ipsec_tunnel>\n</vpn_connection>" => <computed>
customer_gateway_id: "cgw-04ce2729918353c48" => "cgw-04ce2729918353c48"
routes.#: "2" => <computed>
static_routes_only: "true" => "true"
tags.%: "1" => "1"
tags.Name: "VPN Connection between VPC vpc-0eb30eddb914a004c and Customer Gateway cgw-04ce2729918353c48" => "VPN Connection between VPC vpc-0eb30eddb914a004c and Customer Gateway cgw-04ce2729918353c48"
transit_gateway_attachment_id: "" => <computed>
tunnel1_address: "35.176.221.149" => <computed>
tunnel1_bgp_asn: "" => <computed>
tunnel1_bgp_holdtime: "0" => <computed>
tunnel1_cgw_inside_address: "169.254.33.102" => <computed>
tunnel1_inside_cidr: "169.254.33.88/30" => "169.254.33.88/30"
tunnel1_preshared_key: <sensitive> => <sensitive> (forces new resource)
tunnel1_vgw_inside_address: "169.254.33.101" => <computed>
tunnel2_address: "35.177.162.188" => <computed>
tunnel2_bgp_asn: "" => <computed>
tunnel2_bgp_holdtime: "0" => <computed>
tunnel2_cgw_inside_address: "169.254.33.90" => <computed>
tunnel2_inside_cidr: "169.254.33.100/30" => "169.254.33.100/30"
tunnel2_preshared_key: <sensitive> => <sensitive> (forces new resource)
tunnel2_vgw_inside_address: "169.254.33.89" => <computed>
type: "ipsec.1" => "ipsec.1"
vgw_telemetry.#: "2" => <computed>
vpn_gateway_id: "vgw-02162a10ec2e4dc79" => "vgw-02162a10ec2e4dc79"
-/+ module.vpn_gateway.aws_vpn_connection_route.default[0] (new resource required)
id: "10.100.0.1/32:vpn-08bc89cadb3a93911" => <computed> (forces new resource)
destination_cidr_block: "10.100.0.1/32" => "10.100.0.1/32"
vpn_connection_id: "vpn-08bc89cadb3a93911" => "${element(split(\",\", (local.create_tunner_with_internal_cidr_only ? join(\",\", aws_vpn_connection.tunnel.*.id) : (local.create_tunner_with_preshared_key_only ? join(\",\", aws_vpn_connection.preshared.*.id) : (local.tunnel_details_specified ? join(\",\", aws_vpn_connection.tunnel_preshared.*.id) : join(\",\", aws_vpn_connection.default.*.id))))), 0)}" (forces new resource)
-/+ module.vpn_gateway.aws_vpn_connection_route.default[1] (new resource required)
id: "10.200.0.1/32:vpn-08bc89cadb3a93911" => <computed> (forces new resource)
destination_cidr_block: "10.200.0.1/32" => "10.200.0.1/32"
vpn_connection_id: "vpn-08bc89cadb3a93911" => "${element(split(\",\", (local.create_tunner_with_internal_cidr_only ? join(\",\", aws_vpn_connection.tunnel.*.id) : (local.create_tunner_with_preshared_key_only ? join(\",\", aws_vpn_connection.preshared.*.id) : (local.tunnel_details_specified ? join(\",\", aws_vpn_connection.tunnel_preshared.*.id) : join(\",\", aws_vpn_connection.default.*.id))))), 0)}" (forces new resource)
Plan: 3 to add, 0 to change, 3 to destroy.
------------------------------------------------------------------------
This plan was saved to: terraform.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "terraform.tfplan"
#############################
# apply #
#############################
terraform apply terraform.tfplan
module.vpn_gateway.aws_vpn_connection_route.default[0]: Destroying... (ID: 10.100.0.1/32:vpn-08bc89cadb3a93911)
module.vpn_gateway.aws_vpn_connection_route.default[1]: Destroying... (ID: 10.200.0.1/32:vpn-08bc89cadb3a93911)
module.vpn_gateway.aws_vpn_connection_route.default[1]: Destruction complete after 0s
module.vpn_gateway.aws_vpn_connection_route.default[0]: Destruction complete after 0s
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Destroying... (ID: vpn-08bc89cadb3a93911)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still destroying... (ID: vpn-08bc89cadb3a93911, 10s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Destruction complete after 11s
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Creating...
customer_gateway_configuration: "" => "<computed>"
customer_gateway_id: "" => "cgw-04ce2729918353c48"
routes.#: "" => "<computed>"
static_routes_only: "" => "true"
tags.%: "" => "1"
tags.Name: "" => "VPN Connection between VPC vpc-0eb30eddb914a004c and Customer Gateway cgw-04ce2729918353c48"
transit_gateway_attachment_id: "" => "<computed>"
tunnel1_address: "" => "<computed>"
tunnel1_bgp_asn: "" => "<computed>"
tunnel1_bgp_holdtime: "" => "<computed>"
tunnel1_cgw_inside_address: "" => "<computed>"
tunnel1_inside_cidr: "" => "169.254.33.88/30"
tunnel1_preshared_key: "<sensitive>" => "<sensitive>"
tunnel1_vgw_inside_address: "" => "<computed>"
tunnel2_address: "" => "<computed>"
tunnel2_bgp_asn: "" => "<computed>"
tunnel2_bgp_holdtime: "" => "<computed>"
tunnel2_cgw_inside_address: "" => "<computed>"
tunnel2_inside_cidr: "" => "169.254.33.100/30"
tunnel2_preshared_key: "<sensitive>" => "<sensitive>"
tunnel2_vgw_inside_address: "" => "<computed>"
type: "" => "ipsec.1"
vgw_telemetry.#: "" => "<computed>"
vpn_gateway_id: "" => "vgw-02162a10ec2e4dc79"
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (10s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (20s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (30s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (40s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (50s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (1m0s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (1m10s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (1m20s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (1m30s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (1m40s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (1m50s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (2m0s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (2m10s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (2m20s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (2m30s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (2m40s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (2m50s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (3m0s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (3m10s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (3m20s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (3m30s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (3m40s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (3m50s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Still creating... (4m0s elapsed)
module.vpn_gateway.aws_vpn_connection.tunnel_preshared: Creation complete after 4m3s (ID: vpn-0ef4677215e447f31)
module.vpn_gateway.aws_vpn_connection_route.default[0]: Creating...
destination_cidr_block: "" => "10.100.0.1/32"
vpn_connection_id: "" => "vpn-0ef4677215e447f31"
module.vpn_gateway.aws_vpn_connection_route.default[1]: Creating...
destination_cidr_block: "" => "10.200.0.1/32"
vpn_connection_id: "" => "vpn-0ef4677215e447f31"
module.vpn_gateway.aws_vpn_connection_route.default[1]: Creation complete after 0s (ID: 10.200.0.1/32:vpn-0ef4677215e447f31)
module.vpn_gateway.aws_vpn_connection_route.default[0]: Creation complete after 0s (ID: 10.100.0.1/32:vpn-0ef4677215e447f31)
Apply complete! Resources: 3 added, 0 changed, 3 destroyed.
Outputs:
vpn_connection_id = vpn-0ef4677215e447f31
vpn_connection_tunnel1_address = 3.8.243.218
vpn_connection_tunnel1_cgw_inside_address = 169.254.33.90
vpn_connection_tunnel1_vgw_inside_address = 169.254.33.89
vpn_connection_tunnel2_address = 3.9.113.194
vpn_connection_tunnel2_cgw_inside_address = 169.254.33.102
vpn_connection_tunnel2_vgw_inside_address = 169.254.33.101
#############################
# plan #
#############################
terraform plan -out terraform.tfplan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_customer_gateway.main: Refreshing state... (ID: cgw-04ce2729918353c48)
aws_vpc.this: Refreshing state... (ID: vpc-0eb30eddb914a004c)
aws_internet_gateway.this: Refreshing state... (ID: igw-06d7ad0014289a27f)
aws_vpn_gateway.this: Refreshing state... (ID: vgw-02162a10ec2e4dc79)
aws_route_table.private[0]: Refreshing state... (ID: rtb-00f0f7ed0c67b17aa)
aws_route_table.private[2]: Refreshing state... (ID: rtb-09963312dfb62c170)
aws_route_table.private[1]: Refreshing state... (ID: rtb-096383611e3e0ccc5)
aws_subnet.public[1]: Refreshing state... (ID: subnet-002585e1b58aa393b)
aws_route_table.public: Refreshing state... (ID: rtb-01c53b5ccb9449d21)
aws_subnet.public[0]: Refreshing state... (ID: subnet-077b58fb5cd045377)
aws_subnet.public[2]: Refreshing state... (ID: subnet-0e423481f07528741)
aws_subnet.private[1]: Refreshing state... (ID: subnet-03cdf13a9b80b839c)
aws_subnet.private[0]: Refreshing state... (ID: subnet-0ef592ffc04a9aef2)
aws_subnet.private[2]: Refreshing state... (ID: subnet-0577e474c85ed5801)
aws_route.public_internet_gateway: Refreshing state... (ID: r-rtb-01c53b5ccb9449d211080289494)
aws_vpn_connection.tunnel_preshared: Refreshing state... (ID: vpn-0ef4677215e447f31)
aws_vpn_gateway_attachment.default: Refreshing state... (ID: vpn-attachment-7ac79f76)
aws_route_table_association.public[1]: Refreshing state... (ID: rtbassoc-0e268c5b17c7d085c)
aws_route_table_association.public[2]: Refreshing state... (ID: rtbassoc-05220f154bc9b896d)
aws_route_table_association.public[0]: Refreshing state... (ID: rtbassoc-0ff2ba12ac17ffcf5)
aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[2]: Refreshing state... (ID: vgw-02162a10ec2e4dc79_rtb-09963312dfb62c170)
aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[0]: Refreshing state... (ID: vgw-02162a10ec2e4dc79_rtb-00f0f7ed0c67b17aa)
aws_vpn_gateway_route_propagation.private_subnets_vpn_routing[1]: Refreshing state... (ID: vgw-02162a10ec2e4dc79_rtb-096383611e3e0ccc5)
aws_route_table_association.private[2]: Refreshing state... (ID: rtbassoc-06d335ca139bd595f)
aws_route_table_association.private[1]: Refreshing state... (ID: rtbassoc-03ea32f71446a2caf)
aws_route_table_association.private[0]: Refreshing state... (ID: rtbassoc-07c3d6d5cfa428c0b)
aws_vpn_connection_route.default[0]: Refreshing state... (ID: 10.100.0.1/32:vpn-0ef4677215e447f31)
aws_vpn_connection_route.default[1]: Refreshing state... (ID: 10.200.0.1/32:vpn-0ef4677215e447f31)
------------------------------------------------------------------------
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.Having the same issue. Is there a workaround for now? Update: Removing pre-shared keys after the first run helped me.
I'm guessing that @alien2150 meant removing the keys from the state, which would indicate that recreating them fixed the issue, as in the workaround of planning anf applying twice.