VPC Endpoints Configuration Does not Support "Non-Complete" Sets of VPCe Subnets #634
Comments
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
Hi, there.
Recently, I faced an issue with lambda vpc endpoints not being created in my installation, as AWS simply did not provide those endpoints in all AZs. Current code in vpc-endpoints.tf presumes that we can simply re-use all the private subnets, while in fact this is not always the case. Please consult the documentation https://aws.amazon.com/ru/premiumsupport/knowledge-center/interface-endpoint-availability-zone/
which says that one can get an error of "Service not supported in this Availability Zone."
The solution would be to filter private subnets by the criterion of them being supported by the corresponding VPCe.
Before you submit an issue, please perform the following first:
.terraformdirectory (! ONLY if state is stored remotely, which hopefully you are following that best practice!):rm -rf .terraform/terraform initVersions
Terraform:
any
Provider(s):
aws
Module:
terrraform-aws-vpc
Reproduction
Steps to reproduce the behavior:
no
yes
Be lucky enough to have your VPCe not supported in all the AZs.
Code Snippet to Reproduce
in my case it is "enable_lambda_endpoint" = true with empty lambda_endpoint_subnet_ids
Expected behavior
The module should in fact filter the list of private subnets for endpoint availabilitiy by leveraging aws_vpc_endpoint_service data source.
Actual behavior
Terraform fails with AWS Error "Service not supported in this Availability Zone."
The text was updated successfully, but these errors were encountered: