search

aws-samples / aws-secure-environment-accelerator

The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
Apache License 2.0
724 stars 234 forks source link

[BUG] [SM] TGW Route does not check for existence of routes in TGW RT #978

Closed iamtgray closed 9 months ago

iamtgray commented 2 years ago

Bug reports which fail to provide the required information will be closed without action.

Required Basic Info

Describe the bug When a user creates the deployment of a transit gateway, they specify the route-tables block of available tables, then they further specify the tgw-routes.

If in the tgw-routes block the name that they specify does not exist in the route-tables block, rather than failing with an error to state this, the Phase 3 builder attempts to create the route anyway, failing with an error stating the lack of TGW Route Table ID

Failure Info

In the below example the route is being created for the account "Shared_services", the transit gateway attachment ID and address range have been altered.

Error: SharedNetworkPhase3/tgw_route_Shared_servicestgw-attach-00aaaaaaaaaaaa0undefined10.0.0.0--16undefined [AWS::EC2::TransitGatewayRoute] is missing required property: transitGatewayRouteTableId

53 | at Object.requireProperty (/app/node_modules/.pnpm/@aws-cdk+core@1.144.0/node_modules/@aws-cdk/core/lib/runtime.ts:320:11) 54 | at new CfnTransitGatewayRoute (/app/node_modules/.pnpm/@aws-cdk+aws-ec2@1.144.0/node_modules/@aws-cdk/aws-ec2/lib/ec2.generated.ts:20196:13) 55 | at CreateTransitGatewayRoute (/app/src/deployments/cdk/src/deployments/transit-gateway/step-3.ts:286:5) 56 | at CreateRoute (/app/src/deployments/cdk/src/deployments/transit-gateway/step-3.ts:238:5) 57 | at CreateRoutes (/app/src/deployments/cdk/src/deployments/transit-gateway/step-3.ts:204:5) 58 | at Object.step3 (/app/src/deployments/cdk/src/deployments/transit-gateway/step-3.ts:107:13) 59 | at deploy (/app/src/deployments/cdk/src/apps/phase-3.ts:155:24) 60 | at processTicksAndRejections (internal/process/task_queues.js:95:5) 61 | at Object.deploy (/app/src/deployments/cdk/src/app.ts:87:3) 62 | at main (/app/src/deployments/cdk/cdk.ts:92:16)

Required files Config.json extract

"deployments": {
        "tgw": [
          {
            "name": "Main",
            "asn": 65521,
            "region": "eu-west-2",
            "features": {
              "DNS-support": true,
              "VPN-ECMP-support": true,
              "Default-route-table-association": false,
              "Default-route-table-propagation": false,
              "Auto-accept-sharing-attachments": true
            },
            "route-tables": [
              "My-RT"
            ],
            "tgw-routes": [
              {
                "name": "a-name-here-differnet-to-above",
                "routes": [
                  {
                    "destination": "0.0.0.0/0",
                    "target-account": "perimeter",
                    "target-vpc": "Perimeter"
                  }
                ]
              }
            ]
          }
        ]
      },

Expected behavior An error message to be produced, rather than Phase3 attempting to deploy the tgw route

archikierstead commented 9 months ago

Done