Question on using transit GW in account1using RAM to share with say test account2 - Githubissues

PaloAltoNetworks / AWS-GWLB-VMSeries

This repository contains CFT and TF templates for deploying VM-Series Firewalls behind AWS Gateway Load Balancer

MIT License

54 stars 67 forks source link

Question on using transit GW in account1using RAM to share with say test account2 #16

Closed niteenkole closed 3 years ago

niteenkole commented 3 years ago

trying to use your below template as it is to test.

https://github.com/PaloAltoNetworks/AWS-GWLB-VMSeries/tree/main/cft%20with%20autoscale/app_stack

Only thing is I want to test setting up app stack in separate account and use transit GW setup in our security account.TGW is shared from security account using RAM and is visible inside my test account.

Deployment fails saying. Transit Gateway tgw-0609xxx7 was deleted or does not exist. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidTransitGatewayID.NotFound; Request ID: 80918cdd-5f72-48eb-9200-335a73e6730d; Proxy: null)

shared TGW is visible in this account.

niteenkole commented 3 years ago

closing ....

lachlanjholmes commented 2 years ago

@niteenkole what was your fix for this?

niteenkole commented 2 years ago

@lachlanjholmes trying to recollect it was almost year back.

lachlanjholmes commented 2 years ago

@niteenkole was it the App VPC template uses AWS::EC2::TransitGatewayAttachment resource and not AWS::EC2::TransitGatewayVpcAttachment?

lachlanjholmes commented 2 years ago

Hey @niteenkole did you get errors in your cloudwatch logs saying that the lambda from the return route in the Security VPC couldn't create because it couldn't describeVPCs CIDR from the TGW attachment?