Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resource "aws_default_network_acl" orphaned subnet_ids #529

Closed
jeremyciak opened this issue Oct 20, 2020 · 3 comments
Closed

Resource "aws_default_network_acl" orphaned subnet_ids #529

jeremyciak opened this issue Oct 20, 2020 · 3 comments

Comments

@jeremyciak
Copy link
Contributor

I'm not sure what changed but it seems like something recently corresponds with the blurb here on Managing Subnets in the Default Network ACL for the aws_default_network_acl resource. I am getting continuously prompted that the currently associated subnets will be removed. I believe this module either needs to populate the subnet_ids value for the aws_default_network_acl resource or the following lifecycle configuration on the resource is needed:

resource "aws_default_network_acl" "default" {
  # ... other configuration ...

  lifecycle {
    ignore_changes = [subnet_ids]
  }
}
@jeremyciak jeremyciak mentioned this issue Oct 20, 2020
Merged
@antonbabenko
Copy link
Member

Fixed in #530

v2.60.0 has been just released.

@lorengordon
Copy link
Contributor

Hmm, so the linked PR ended up only working if all the subnets are created by this module. If someone creates a subnet outside the module, it gets associated with the default NACL, and you continue to get a persistent diff. I think for this particular resource, the lifecycle ignore_changes is actually a better option.

  lifecycle {
    ignore_changes = [subnet_ids]
  }

@lorengordon lorengordon mentioned this issue Jan 25, 2022
Closed
lorengordon added a commit to lorengordon/terraform-aws-vpc that referenced this issue Jan 25, 2022
@lorengordon
fix: Addresses persistent diff with manage_default_network_acl
92b8fc9 
As noted in the [terraform docs][0], subnets using the default network acl
will generate a persistent diff if they are not specified to the aws_default_network_acl
resource. This module was handling subnets created by the module, but
of course is not aware of subnets created externally to the module.

The docs suggest using lifecycle ignore_changes as an option to avoid
the persistence diff, which is the approach implemented in this patch.

Fixes terraform-aws-modules#529

[0]: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_network_acl#managing-subnets-in-a-default-network-acl
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@antonbabenko @lorengordon @jeremyciak