search

cloudposse / terraform-aws-vpn-connection

Terraform module to provision a site-to-site VPN connection between a VPC and an on-premises network
https://cloudposse.com/accelerate
Apache License 2.0
60 stars 54 forks source link

Can't use this module 2 times for different VPN on 1 VPC #22

Open AsoTora opened 2 years ago

AsoTora commented 2 years ago

Describe the Bug

When using this module for 2d VPN connection on the VPC in my AWS infra I'm getting errors due to the new VPN Gateway trying to be created.

Error: error attaching EC2 VPN Gateway (vgw-***) to VPC (vpc-***): InvalidVpcState: VPC vpc-*** is currently attached to the Virtual Private Gateway.

Expected Behavior

It seems logical for me to be able to configure VPG that is used instead of creating a new one (especially when official VPC module has enable_vpn_gateway feature).

Steps to Reproduce

Steps to reproduce the behaviour:

  1. Run module for 1 VPN
  2. Run module with different parameters for 2 VPN, but reuse VPC id

Code snippets

module "vpn-connection-1" {
  source  = "cloudposse/vpn-connection/aws"
  version = "0.7.1"

  vpc_id                                    = module.vpc.vpc_id

  customer_gateway_ip_address               = "185.**.**.**"
  route_table_ids                           = []
  vpn_connection_static_routes_only         = "true"
  vpn_connection_static_routes_destinations = []

}

module "vpn-connection-2" {
  source  = "cloudposse/vpn-connection/aws"
  version = "0.7.1"

  vpc_id                                    = module.vpc.vpc_id

  customer_gateway_ip_address               = "74.**.**.**"
  route_table_ids                           = []
  vpn_connection_static_routes_only         = "true"
  vpn_connection_static_routes_destinations = []

  # phase 1
  vpn_connection_tunnel1_ike_versions                 = ["ikev2"]
  vpn_connection_tunnel1_phase1_dh_group_numbers      = ["21"]
  vpn_connection_tunnel1_phase1_encryption_algorithms = ["AES256"]
  vpn_connection_tunnel1_phase1_integrity_algorithms  = ["SHA256"]

  # phase2
  vpn_connection_tunnel2_ike_versions                 = ["ikev2"]
  vpn_connection_tunnel1_phase2_dh_group_numbers      = ["21"]
  vpn_connection_tunnel1_phase2_encryption_algorithms = ["AES256"]
  vpn_connection_tunnel1_phase2_integrity_algorithms  = ["SHA256"]

}

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

rsabha commented 2 years ago

@AsoTora What did you do here? Got the same problem.

ggorge-etiqa commented 1 year ago

@rsabha You can try to use https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpn_gateway#attached_vpc_id

data "aws_vpn_gateway" "default" {
  attached_vpc_id = var.vpc_id
}

resource "aws_vpn_gateway" "default" {
  # If there is no vpn_gw attached we create a new one
  count = data.aws_vpn_gateway.default.id == null ? 1 : 0

  vpc_id          = var.vpc_id
  amazon_side_asn = var.vpn_gateway_amazon_side_asn
  tags = {
    Name = "${var.vpn_name_prefix}-vpn-gw"
  }
}
oc-christopher-billett commented 1 year ago

Did this end up in the code?

Gowiem commented 6 months ago

@oc-christopher-billett doesn't look like it. @ggorge-etiqa or @AsoTora -- we'd be happy to accept a PR for this. Please put one up if you're interested 👍