josh-romme
commented
1 year ago This issue was fixed in the latest v1.3.1 release. Thanks!
Closed josh-romme closed 1 year ago
josh-romme
commented
1 year ago This issue was fixed in the latest v1.3.1 release. Thanks!
Describe the bug Attempting to deploy LZA network-config with 2 transit gateways, with attachments to the same two VPC's. During the build for the Network-Associations stack it fails with error message:
AWSAccelerator-NetworkAssociationsStack-XXXXXXXXXXXX-us-east-1 | 1/22 | 4:04:53 PM | UPDATE_IN_PROGRESS | AWS::EC2::TransitGatewayRouteTablePropagation | NetworkInspectionNetworkMainSegregatedPropagation (NetworkInspectionNetworkMainSegregatedPropagationA07EB35C) Requested update requires the creation of a new physical resource; hence creating one.
544 | AWSAccelerator-NetworkAssociationsStack-XXXXXXXXXXXXX-us-east-1 | 1/22 | 4:04:54 PM | UPDATE_IN_PROGRESS | AWS::EC2::TransitGatewayRouteTableAssociation | NetworkInspectionNetworkMainSharedAssociation (NetworkInspectionNetworkMainSharedAssociationC5D467EA) Requested update requires the creation of a new physical resource; hence creating one. 545 | AWSAccelerator-NetworkAssociationsStack-XXXXXXXXXXXX-us-east-1 | 1/22 | 4:04:55 PM | UPDATE_IN_PROGRESS | AWS::EC2::TransitGatewayRouteTablePropagation | NetworkInspectionNetworkMainSharedPropagation (NetworkInspectionNetworkMainSharedPropagation9C8183A3) Requested update requires the creation of a new physical resource; hence creating one. 546 | AWSAccelerator-NetworkAssociationsStack-XXXXXXXXXXXXX-us-east-1 | 1/22 | 4:04:55 PM | UPDATE_FAILED | AWS::EC2::TransitGatewayRouteTablePropagation | NetworkInspectionNetworkMainSegregatedPropagation (NetworkInspectionNetworkMainSegregatedPropagationA07EB35C) Transit Gateway Attachment tgw-attach-0c87f51d6b7c04ef1 was deleted or does not exist. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidTransitGatewayAttachmentID.NotFound; Request ID: 6042f230-c022-4b51-a55d-8e016bfc293c; Proxy: null)
Was able to deploy 2 transit gateways, but as soon as we added attachments for the 2nd TGW we started getting this error message. It appears
To Reproduce Deploy LZA AWS Best Practices and Elections config overlays and change network-config.yaml to create 2 transit gateways attached to the same VPC's.
Expected behavior During Network Association stack build it fails while attempting to create transit gateway route table propagation
Please complete the following information about the solution:
[ ] Version: 1.3
[ ] Region: us-east-1
[ ] Was the solution modified from the version published on this repository? No
[ ] If the answer to the previous question was yes, are the changes available on GitHub? N/A
[ ] Have you checked your service quotas for the sevices this solution uses? Not a quota issue
[ ] Were there any errors in the CloudWatch Logs? Yes
Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).
Additional context It seems to be that the network-config.yaml file parameters for creating transit gateway attachment routes do not allow for specifying the attachment (as can be done manually in the console). The only options for TransitGatewayRouteTableVpcEntryConfig are 'account' and 'vpcName'. We believe that when the network config file has 2 transit gateways, connected to the same 2 VPC's with two different attachments - then it fails to parse each attachment seperately. This causes the route table build to fail for the attachments.
https://awslabs.github.io/landing-zone-accelerator-on-aws/classes/_aws_accelerator_config.TransitGatewayRouteEntryConfig.html#attachment