DynamoDB - Cannot create both Interface and Gateway endpoints

[oonisim]

Description

Unable to create both Interface and Gateway VPC endpoints for DynamoDB.

• [ x] ✋ I have searched the open/closed issues and my issue is not listed.

Searched with terraform registry module vpc endpoint cannot create both Interface and Gateway endpoints and found no related information.

⚠️ Note

Before you submit an issue, please perform the following first:

1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
2. Re-initialize the project root to pull down modules: terraform init
3. Re-attempt your terraform plan or apply and check if the issue still persists

Done

Versions

• Module version [Required]: 5.8.1

• Terraform version:

Terraform v1.8.1
on linux_amd64
+ provider registry.terraform.io/hashicorp/archive v2.4.2
+ provider registry.terraform.io/hashicorp/aws v5.41.0
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/random v3.6.0
+ provider registry.terraform.io/hashicorp/time v0.11.1

• Provider version(s):

 terraform providers -version 
Terraform v1.8.1
on linux_amd64
+ provider registry.terraform.io/hashicorp/archive v2.4.2
+ provider registry.terraform.io/hashicorp/aws v5.41.0
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/random v3.6.0
+ provider registry.terraform.io/hashicorp/time v0.11.1

Reproduction Code [Required]

resource "aws_security_group" "allow_from_security_group" {
  name        = "sg"
  vpc_id      = local.vpc_id

  ingress {
    from_port = 0
    to_port   = 0
    protocol  = -1
    self      = true
  }
  egress {
    from_port = 0
    to_port   = 0
    protocol  = -1
    self      = true
  }
}

module "dynamodb_endpoints" {
  source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
  version = "5.8.1"

  vpc_id = local.vpc_id
  security_group_ids = [
    aws_security_group.allow_from_security_group.id
  ]

  endpoints = {
    dynamodb = {
      service             = "dynamodb"
      private_dns_enabled = false
    },
    dynamodb = {
      service         = "dynamodb"
      route_table_ids = ["rtb-0a699a4d82df52a0e"]   # <--- replace your VPC route table id
    }
  }
}

Steps to reproduce the behavior:

terraform init
terraform apply

No

Yes

Expected behavior

Be able to create both Gateway and Interface VPC endpoints for DynamoDB.

Actual behavior

Only the Interface VPC endpoint is created.

Terminal Output Screenshot(s)

$ terraform apply
data.aws_availability_zones.all: Reading...
data.aws_caller_identity.current: Reading...
data.aws_region.current: Reading...
data.aws_vpc.dev: Reading...
module.dynamodb_endpoints.data.aws_vpc_endpoint_service.this["dynamodb"]: Reading...
data.aws_region.current: Read complete after 0s [id=ap-southeast-2]
data.aws_caller_identity.current: Read complete after 0s [id=****]
data.aws_availability_zones.all: Read complete after 0s [id=ap-southeast-2]
module.dynamodb_endpoints.data.aws_vpc_endpoint_service.this["dynamodb"]: Read complete after 0s [id=****]
data.aws_vpc.ai_dev: Read complete after 0s [id=vpc-****]
data.aws_subnet.private["subnet-0bdb15230b1897c8c"]: Reading...
data.aws_subnet.private["subnet-0e796e5a7f61139da"]: Reading...
data.aws_subnet.private["subnet-0e3c915076abe5564"]: Reading...
aws_security_group.allow_from_security_group: Refreshing state... [id=sg-036d8f63696cb8409]
data.aws_subnet.private["subnet-0bdb15230b1897c8c"]: Read complete after 0s [id=subnet-0bdb15230b1897c8c]
data.aws_subnet.private["subnet-0e3c915076abe5564"]: Read complete after 0s [id=subnet-0e3c915076abe5564]
data.aws_subnet.private["subnet-0e796e5a7f61139da"]: Read complete after 0s [id=subnet-0e796e5a7f61139da]
module.dynamodb_endpoints.aws_vpc_endpoint.this["dynamodb"]: Refreshing state... [id=vpce-0b6e2b09a36fc8d5e]

Additional context

[bryantbiggs]

why would you do this?