Fix non consistent plans due to unpredictable dynamic blocks

quortex · Feb 7, 2024 · 2fa87a5 · 2fa87a5
1 parent 439c518
commit 2fa87a5
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 19 deletions.
diff --git a/locals.tf b/locals.tf
@@ -1,5 +1,5 @@
 locals {
   public_subnets    = { for k, v in aws_subnet.quortex : k => v if v.map_public_ip_on_launch == true }
   private_subnets   = { for k, v in aws_subnet.quortex : k => v if v.map_public_ip_on_launch == false }
-  zoned_gateway_ids = { for k, v in local.public_subnets : v.availability_zone => [for gw in values(aws_nat_gateway.quortex) : gw.id if gw.subnet_id == v.id][0] }
+  zoned_gateway_ids = { for k, v in aws_subnet.quortex : v.availability_zone => [for gw in values(aws_nat_gateway.quortex) : gw.id if gw.subnet_id == v.id][0] if v.map_public_ip_on_launch == true }
 }
diff --git a/main.tf b/main.tf
@@ -118,29 +118,21 @@ resource "aws_route_table" "quortex_private" {
 
   vpc_id = aws_vpc.quortex.id
 
-  # Route to the NAT, if NAT is enabled...
-  dynamic "route" {
-    for_each = local.zoned_gateway_ids[each.value.availability_zone] != null ? [1] : []
-
-    content {
-      cidr_block     = "0.0.0.0/0"
-      nat_gateway_id = local.zoned_gateway_ids[each.value.availability_zone]
-    }
-  }
-
-  # ...otherwise, route to the Internet Gateway
-  dynamic "route" {
-    for_each = local.zoned_gateway_ids[each.value.availability_zone] == null ? [1] : []
-
-    content {
-      cidr_block = "0.0.0.0/0"
-      gateway_id = aws_internet_gateway.quortex.id
-    }
+  route {
+    # Create default route depending on wether a NAT Gateway exists in
+    # this availability zone. Only one of nat_gateway_id and gateway_id will be
+    # non null
+    cidr_block = "0.0.0.0/0"
+    # Route to the NAT, if NAT is enabled...
+    nat_gateway_id = lookup(local.zoned_gateway_ids, each.value.availability_zone, null)
+    # ...otherwise, route to the Internet Gateway
+    gateway_id = lookup(local.zoned_gateway_ids, each.value.availability_zone, null) != null ? null : aws_internet_gateway.quortex.id
   }
 
   # Additional route(s) to peered VPC
   dynamic "route" {
     for_each = var.vpc_peering_routes
+    iterator = peering_route
     content {
       cidr_block                = route.value.cidr_block
       vpc_peering_connection_id = route.value.vpc_peering_connection_id
@@ -150,6 +142,7 @@ resource "aws_route_table" "quortex_private" {
   # Additional route(s) to a VPC internet gateway or a virtual private gateway.
   dynamic "route" {
     for_each = var.gateway_routes
+    iterator = gw_route
     content {
       cidr_block = route.value.cidr_block
       gateway_id = route.value.gateway_id