VPC Endpoints Configuration Does not Support "Non-Complete" Sets of VPCe Subnets #634
Description
Description
Hi, there.
Recently, I faced an issue with lambda vpc endpoints not being created in my installation, as AWS simply did not provide those endpoints in all AZs. Current code in vpc-endpoints.tf presumes that we can simply re-use all the private subnets, while in fact this is not always the case. Please consult the documentation https://aws.amazon.com/ru/premiumsupport/knowledge-center/interface-endpoint-availability-zone/
which says that one can get an error of "Service not supported in this Availability Zone."
The solution would be to filter private subnets by the criterion of them being supported by the corresponding VPCe.
⚠️ Note
Before you submit an issue, please perform the following first:
- Remove the local
.terraformdirectory (! ONLY if state is stored remotely, which hopefully you are following that best practice!):rm -rf .terraform/ - Re-initialize the project root to pull down modules:
terraform init - Re-attempt your terraform plan or apply and check if the issue still persists
Versions
-
Terraform:
-
any
-
Provider(s):
-
aws
-
Module:
-
terrraform-aws-vpc
Reproduction
Steps to reproduce the behavior:
no
yes
Be lucky enough to have your VPCe not supported in all the AZs.
Code Snippet to Reproduce
in my case it is "enable_lambda_endpoint" = true with empty lambda_endpoint_subnet_ids
Expected behavior
The module should in fact filter the list of private subnets for endpoint availabilitiy by leveraging aws_vpc_endpoint_service data source.
Actual behavior
Terraform fails with AWS Error "Service not supported in this Availability Zone."