Skip to content

fix: Prevent coalescelist error with database subnets and no private subnets/NAT#1296

Open
raman1236 wants to merge 1 commit into
terraform-aws-modules:masterfrom
raman1236:fix/database-rt-association-944
Open

fix: Prevent coalescelist error with database subnets and no private subnets/NAT#1296
raman1236 wants to merge 1 commit into
terraform-aws-modules:masterfrom
raman1236:fix/database-rt-association-944

Conversation

@raman1236
Copy link
Copy Markdown

@raman1236 raman1236 commented Apr 30, 2026

Description

Fixes #944

When creating a VPC with database subnets but no private subnets and NAT disabled (enable_nat_gateway=false), Terraform fails with:

Error: Error in function call

Call to function "coalescelist" failed: no non-null arguments.

Reproduction Config (from issue)

module "vpc" {
  source = "github.com/terraform-aws-modules/terraform-aws-vpc"

  name = "foo"
  cidr = "10.0.0.0/16"
  azs  = ["eu-central-1a", "eu-central-1b"]

  enable_dns_hostnames = true
  enable_dns_support   = true
  enable_nat_gateway   = false
  enable_ipv6          = false

  public_subnets   = ["10.0.0.0/24", "10.0.1.0/24"]
  database_subnets = ["10.0.10.0/24", "10.0.11.0/24"]
  # No private_subnets!
}

Root Cause

The aws_route_table_association.database resource tries to coalesce database and private route table IDs:

coalescelist(aws_route_table.database[*].id, aws_route_table.private[*].id)

Both are empty when:

  • create_database_subnet_route_table is false (default)
  • No private subnets exist (private_subnets = [])

Solution

Add a new local create_database_rt_association that only creates database subnet route table associations when there's actually a route table to associate with (either a database or private route table).

locals {
  private_route_tables_exist = local.create_private_subnets && local.max_subnet_length > 0
  create_database_rt_association = local.create_database_subnets && (local.create_database_route_table || local.private_route_tables_exist)
}

Backward Compatibility

This is fully backward compatible - existing configurations continue to work identically since the association is only skipped when it would fail anyway (no route tables exist to associate with).

Testing

  • ✅ Configuration with database subnets + private subnets: Works (uses private route table)
  • ✅ Configuration with database subnets + create_database_subnet_route_table=true: Works (uses database route table)
  • ✅ Configuration with database subnets only (no private, no NAT): No error (association skipped)

@ramanvasi
fix: prevent coalescelist error with database subnets and no private …
e9da422 
…subnets/NAT

Fixes terraform-aws-modules#944

When creating a VPC with database subnets but no private subnets and NAT
disabled (enable_nat_gateway=false), Terraform fails with:
'Call to function coalescelist failed: no non-null arguments'

Root cause: The database route table association tries to coalesce
database and private route table IDs, but both are empty when:
- create_database_subnet_route_table is false (default)
- No private subnets exist

Fix: Add a local.create_database_rt_association that only creates
database subnet route table associations when there's actually a
route table to associate with (either database or private route table).

This is backward compatible - existing configurations continue to work
identically since the association is only skipped when it would fail anyway.
@raman1236 raman1236 changed the title fix: prevent coalescelist error with database subnets and no private subnets/NAT fix: Prevent coalescelist error with database subnets and no private subnets/NAT May 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

"Error in function call" when using neither private subnets nor NAT

2 participants

@raman1236 @ramanvasi