search

cloudposse / terraform-aws-transit-gateway

Terraform module to provision AWS Transit Gateway, AWS Resource Access Manager (AWS RAM) Resource, and share the Transit Gateway with the Organization or another AWS Account.
https://cloudposse.com/accelerate
Apache License 2.0
53 stars 47 forks source link

Ability to specify amazon_side_asn for aws_ec2_transit_gateway.default resource #27

Open BFarand opened 2 years ago

BFarand commented 2 years ago

Have a question? Please checkout our Slack Community or visit our Slack Archive.

Slack Community

Describe the Feature

Currently, the aws_ec2_transit_gateway.default resource does not allow specifying the amazon_side_asn argument, opting to always use the default for the resource (64512). This requested feature is to allow the argument to be specified via a variable to the module.

Expected Behavior

The user of the module would be able to supply a 'amazon_side_asn' variable to the module, causing the given value to be used as the amazon_side_asn argument to the aws_ec2_transit_gateway.default resource.

If the user does not provide the variable, it will default to the current default (64512), preserving the current behaviour of the module.

Use Case

We are planning on using this module as part of the tgw/hub component in the https://github.com/cloudposse/terraform-aws-components repository.

The short-term issue that we are encountering is that we already have a transit gateway that we want to import; however, it has an ASN that deviates from the default value. This is causing terraform to attempt to destroy and recreate it, which we want to avoid if possible. This requires the ability to specify the ASN to the component, and therefore the ability to supply it to this module.

A possible long-term issue is that AWS's best practice guide from transit gateways (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-best-design-practices.html) recommends using unique ASNs in the case where multiple transit gateways are used in the same deployment. This is not something we are currently planning; however, it could come up in the future.

Describe Ideal Solution

-- Copy of Expected Behaviour --

The user of the module would be able to supply a 'amazon_side_asn' variable to the module, causing the given value to be used as the amazon_side_asn argument to the aws_ec2_transit_gateway.default resource.

If the user does not provide the variable, it will default to the current default (64512), preserving the current behaviour of the module.

Alternatives Considered

For our specific use case, we have considered allowing our transit gateway to be destroyed and recreated. This would solve the short-term issue (albeit with some additional work required on our side), but the possible long-term issue would remain unsolved.

Additional Context

N/A

BFarand commented 2 years ago

I have opened a PR (#29) to implement this feature if it is something that you are interested in making part of the module.

We are currently using a forked version of this module (referred to in the PR) in which the change made appears to be working as expected.

Pela2silveira commented 2 years ago

Hello. I support this issue. It is any possibility for you to merge it. I think that is a minor change what @BFarand has proposed.

Thank you in advance and congratulation for all the work you are doing with your modules!