Making any changes to repo forces all routes to be deleted and remade

[toestreich]

Description

I am using this module and each time I make a change to any resources it forces all of the private subnet route tables to be recreated. Even if I make a new tag on an EC2 instance the change occurs still. I searched through past issues and saw that the issue happens when you create routes using the aws_route resource as well as the inline route. We are creating all routes using the route resource and don't have any inline routes. I also searched through the module and it doesn't appear to making inline routes either.

Note this only does it for the private route tables - the public ones are consistent. But we are also not attaching any new routes to those.

If your request is for a new feature, please use the Feature request template.

• [X ] ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
2. Re-initialize the project root to pull down modules: terraform init
3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

• Module version [Required]: 5.15.0

• Terraform version: 1.3.0

• Provider version(s): aws 5.74.0

Reproduction Code [Required]

module "prod-it-vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.15.0"

  name = "prod-it-vpc"
  cidr = "1.1.1.1"

  azs             = ["us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d"]
  private_subnets = ["1.1.1.1", "2.2.2.2", "3.3.3.3", "4.4.4.4"]
  public_subnets  = ["1.1.1.1", "2.2.2.2"]

  enable_nat_gateway = true
  enable_vpn_gateway = true

  enable_dhcp_options              = true
  dhcp_options_domain_name_servers = ["1.1.1.1"]
  dhcp_options_domain_name         = "company.local"

  dhcp_options_tags = local.tags
  tags              = local.tags

  depends_on = [aws_iam_role_policy_attachment.vpc-attach]
}

resource "aws_route" "dev-route" {
  for_each               = toset(module.prod-it-vpc.private_route_table_ids)
  route_table_id         = each.value
  destination_cidr_block = ""1.1.1.1"
  transit_gateway_id     = module.tgw.ec2_transit_gateway_id
}

module "tgw" {
  source  = "terraform-aws-modules/transit-gateway/aws"
  version = "~> 2.12.2"

  vpc_attachments = {
    vpc = {
      vpc_id       = module.prod-it-vpc.vpc_id
      subnet_ids   = module.prod-it-vpc.private_subnets
      dns_support  = true
      ipv6_support = false

      transit_gateway_default_route_table_association = true
      transit_gateway_default_route_table_propagation = true

    }
  }

  ram_allow_external_principals = false
  ram_principals                = [var.target_ou]

  tags = local.tags
}

module "subnet-routing" {
  source    = "../../modules/aws/dc-routing"
  for_each  = toset(module.prod-it-vpc.private_subnets)
  subnet_id = each.key

  cidr_blocks = local.cidr_block
  rtb_id      = module.tgw.ec2_transit_gateway_route_table_id
  tgw_id      = module.tgw.ec2_transit_gateway_id

  depends_on = [module.prod-it-vpc]
}

### MODULE REFERED TO ABOVE ###
data "aws_route_table" "this-subnet-rtb" {
  subnet_id = var.subnet_id
}
resource "aws_route" "this" {
  for_each               = toset(var.cidr_blocks)
  route_table_id         = data.aws_route_table.this-subnet-rtb.route_table_id
  destination_cidr_block = each.key
  transit_gateway_id     = var.tgw_id
}

Steps to reproduce the behavior:

Apply above and make a change small change to any infra.

Expected behavior

Given there are no changes to the subnets or the route tables we would expect them not to be deleted and remade.

Actual behavior

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

~ resource "aws_route_table" "private" {
        id               = "rtb-ID"
      ~ route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "1.1.1.1"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = ""
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = "tgw-id"
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "1.1.1.1"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = ""
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = "tgw-id"
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "1.1.1.1"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = ""
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = "tgw-id"
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "1.1.1.1"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = ""
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = "tgw-id"
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
    # does this for 4 route tables and about 72 routes in each 

Additional context

I have searched past issues and docs and saw that you cant have routes defined both ways but as shown above we are only using route resources.

[RHeynsZa]

Straight from the docs

NOTE on Route Tables and Routes:
Terraform currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite rules.

The module uses Route resources, and you are clearly using a Route Table with inline declarations.

resource "aws_route_table" "private" {
       
        route            = [                 <--- this