Error creating route: RouteAlreadyExists

[ghost]

This issue was originally opened by @javcasalc as hashicorp/terraform#23759. It was migrated here as a result of the provider split. The original body of the issue is below.

---

Hi

the routing table inside any VPC always includes local route specific entries which reference the VPC CIDR. Terraform in unable to change these local entries, but with the arrival of VPC Ingress Routing this should not be longer the case.

Terraform Version

Terraform v0.12.18
Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "template" (hashicorp/template) 2.1.2...
- Downloading plugin for provider "aws" (hashicorp/aws) 2.43.0...

Summary

With the new release of AWS VPC Ingress Routing (https://aws.amazon.com/blogs/aws/new-vpc-ingress-routing-simplifying-integration-of-third-party-appliances/) now AWS gives you the chance to edge/associate a routing table to define incoming traffic from VPC attached Virtual Private Gateways or Internet Gateways

When you create a Routing Table inside a VPC, for every VPC CIDR prefix a route entry is automatically inserted with target local

Expected Behavior

With VPC Ingress Routing, it makes sense to intercept all CIDR prefix traffix through an instance/eni, so the target can be changed from local to eni-xxxxxxx

This can be tested easily from the web dashboard.

Actual Behavior

With Terraform, trying to change a local entry returns errors like this:

Error: Error creating route: RouteAlreadyExists: The route identified by 10.0.0.0/16 already exists.
	status code: 400, request id: 815bb0cb-1ba1-4ccd-831a-d2966c4a755d

Additional Context

• AWS VPC Ingress Routing (https://aws.amazon.com/blogs/aws/new-vpc-ingress-routing-simplifying-integration-of-third-party-appliances/)

[ewbankkit]

Hi @javcasalc,
The functionality you're looking for (changing the next-hop target for an in-vpc route from local to an ENI for a route table that is not the main route table for a VPC) could be achieved using the aws_route resource.
You could create the route table with no routes

resource "aws_vpc" "test" {
  cidr_block = "10.1.0.0/16"

  tags = {
    Name = "test"
  }
}

resource "aws_route_table" "test" {
  vpc_id = aws_vpc.test.id

  tags = {
    Name = "test"
  }
}

and then add the local route to the code

resource "aws_route" "test" {
  route_table_id = aws_route_table.test.id
  gateway_id     = "local"

  destination_cidr_block = aws_vpc.test.cidr_block
}

followed by an import of the existing local route

$ terraform12 import aws_route.test rtb-xxxxxxxxxxxxxxxx_10.1.0.0/16

This brings the local route under management by Terraform and you could then change the next-hop target on the route:

resource "aws_route" "test" {
  route_table_id = aws_route_table.test.id

  network_interface_id = aws_network_interface.test.id

  destination_cidr_block = aws_vpc.test.cidr_block
}

Currently changing the target type for a route fails (see e.g. #684), but I am addressing that in #14050 and will add this issue to the list of issue closed by that PR.

[ghost]

This has been released in version 3.34.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!