Terraform Scripts for forming PrivateLink with dedicated cluster.

[VipulZopSmart]

Hi @linouk23 , hope you're doing well.

I've created terraform scripts for provisioning of privateLink setup with dedicated cluster.
/~https://github.com/confluentinc/terraform-provider-confluent/blob/master/examples/configurations/dedicated-privatelink-aws-kafka-acls/main.tf

There's no issue while creating PrivateLink and dedicated cluster but the issue is every time it creates privateLink with different zones - us2-az2,us2-az3, us2-az4 or us2-az1,us2-az3, us2-az4. but as per my zone IDs it should be us2-az1,us2-az2, us2-az3. After this when i try to destroy this cluster and then provision it again then it creates with right Zones.

I'm facing this issue whenever i run this scripts.

[VipulZopSmart]

The Zones you can see in this screenshot are different from the inputs that i've given:

subnets_to_privatelink = {
   "usw2-az1" = "subnet-xyz",
   "usw2-az2" = "subnet-abc",
   "usw2-az3" = "subnet-def",
 }

It's failing this with error.
│ Error: creating EC2 VPC Endpoint (com.amazonaws.vpce.us-west-2.vpce-svc-0a28dd62aa81eaaf5): InvalidParameter: The VPC endpoint service com.amazonaws.vpce.us-west-2.vpce-svc-0a28dd62aa81eaaf5 does not support the availability zone of the subnet: subnet-abc.
│       status code: 400, request id: 1f92ff66-17fe-4919-a7d8-2be5852a7cb1
│
│   with aws_vpc_endpoint.privatelink,
│   on main.tf line 141, in resource "aws_vpc_endpoint" "privatelink":
│  141: resource "aws_vpc_endpoint" "privatelink" {

[linouk23]

Thanks for opening an issue @VipulZopSmart!

This issue looks the same as #80 (see #80 (comment)).

TLDR you might want to add zones = keys(var.subnets_to_privatelink) to fix it and we're hoping to create a new release soon that will fix that typo too:

resource "confluent_network" "private-link" {
  display_name     = "Private Link Network"
  cloud            = "AWS"
  region           = var.region
  connection_types = ["PRIVATELINK"]
  zones            = keys(var.subnets_to_privatelink)
  environment {
    id = confluent_environment.staging.id
  }
}

[VipulZopSmart]

Thanks a lot, will verify and update here. I took help from the example and i think it was mentioned in that example.

[linouk23]

Update: we updated an example to include zones = keys(var.subnets_to_privatelink) in our latest 1.1.0 release.

[VipulZopSmart]

I've provided zones like above, now it's taking so much time to create privateLink with the right zones. @linouk23

[VipulZopSmart]

@linouk23 It used to create privateLink in around 5-7 mins before, but now it's taking around 50+ mins, and still creating privateLink. How much time it takes generally, also i've checked the plan everything looks fine to me.

[linouk23]

@VipulZopSmart it might be an issue with our backend, could you email your networkID and orgID to cflt-tf-access@confluent.io so we could take a look at it?

[VipulZopSmart]

Hi @linouk23, even after you email i'm getting into the same issue again. Could you please debugging the issue?