Home > OS >  VPC Peering is replaced all the time by Terraform
VPC Peering is replaced all the time by Terraform

Time:07-07

I'm trying to create VPC Peering between two VPCs in two different accounts. One is managed by me and another one by others and I don't have access to it. I'm using the next snippet of Terraform script.

resource "aws_vpc_peering_connection" "a" {
  peer_owner_id = var.a.aws_account_id
  peer_vpc_id   = var.a.vpc_id
  vpc_id        = aws_vpc.main.id
  peer_region   = "eu-west-1"

  requester {
    allow_remote_vpc_dns_resolution = false
  }
}

Next, it is going to be manually accepted by those who manage that account. The problem is whether Peering is accepted or not Terraform wants to replace that Peering connection:

  # module.vpc.aws_vpc_peering_connection.a is tainted, so must be replaced
-/  resource "aws_vpc_peering_connection" "a" {
      ~ accept_status = "active" -> (known after apply)
      ~ id            = "pcx-00000000000000000" -> (known after apply)
        # (5 unchanged attributes hidden)

        accepter {
            allow_classic_link_to_remote_vpc = (known after apply)
            allow_remote_vpc_dns_resolution  = (known after apply)
            allow_vpc_to_remote_classic_link = (known after apply)
        }

        # (1 unchanged block hidden)
    }

I have already tried to prevent the replacement by using lifecycle

  lifecycle {
    ignore_changes = all
  }

But it doesn't help...

CodePudding user response:

Try to untaint the resource e.g.

terraform untaint aws_vpc_peering_connection.a
  • Related