Recieving an Error when attempting to provision Viya without a nat gateway

[MattyStacks]

Terraform Version Details

➜ tools git:(dev) ✗ ./iac_tooling_version.sh
{
"terraform_version": ""1.3.7"",
"terraform_revision": "null",
"terraform_outdated": "false",
"provider_selections": "{}"
}

Terraform Variable File Details

Cluster config

cluster_api_mode = "private"

Jump Server

create_jump_vm = false
create_jump_public_ip = false
create_nfs_public_ip = false

storage_type = "ha"

Bring your own existing resources

vpc_id = "vpc-" # only needed if using pre-existing VPC
subnet_ids = { # only needed if using pre-existing subnets
"private" : ["subnet-", "subnet-"],
"database" : ["subnet-", "subnet-***"]
}

Steps to Reproduce

Run the terraform plan with the vpcid, and subnet ids set without a nat gateway.

Expected Behavior

To run the plan without error. When running the plan without a vpcid it works, but we have a byo vpc we have to include.

Actual Behavior

Recieved this error

│   on modules/aws_vpc/main.tf line 292, in resource "aws_route" "private_nat_gateway":
│  292:   route_table_id         = aws_route_table.private.*.id
│     ├────────────────
│     │ aws_route_table.private is empty tuple
│
│ Inappropriate value for attribute "route_table_id": string required.
╵
╷
│ Error: Incorrect attribute value type
│
│   on modules/aws_vpc/main.tf line 294, in resource "aws_route" "private_nat_gateway":
│  294:   nat_gateway_id         = aws_nat_gateway.nat_gateway.*.id
│     ├────────────────
│     │ aws_nat_gateway.nat_gateway is tuple with 1 element
│
│ Inappropriate value for attribute "nat_gateway_id": string required.

Additional Context

We don't currently run NAT gateways in this account. However, we do have private subnets, and a VPC already set up.

References

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[jograca]

We're seeing the same behavior with our TF Plan

[manoatsas]

IMO this is an enhancement request and not a bug and works as designed. See BYO detailed requirements page - https://github.com/sassoftware/viya4-iac-aws/blob/main/docs/user/BYOnetwork.md, that states nat_id is required except for scenario 1, where only vpc_id is provided as an input.

[MattyStacks]

Would you be able to tell me what the NAT is actually doing? It says it's a requirement, but it doesn't say why it's a requirement.

[MattyStacks]

I still do think this is a bug, because I don't think it's actually needed unless you are using a public subnet. However, I need someone to confirm what the NAT gateway actually does if you specify a vpc_id.

[dhoucgitter]

@MattyStacks, the latest viya4-iac-aws has new behavior related to BYO network input requirements and the BYO network requirements page https://github.com/sassoftware/viya4-iac-aws/blob/main/docs/user/BYOnetwork.md has been updated for the 8.0.0 - December 6, 2023 release to reflect the changes. . Note that nat_id is no longer a required input for byo_network_scenarios 2 & 3 as it used to be.