Open igoratencompass opened 1 year ago
Voting for Prioritization
Volunteering to Work on This Issue
That issue aws provider v4.22 should resolve it, but it is not the case. When accepter side tgw-attachment created - it has no tags and no local peering tgw id fields to filter - limitation of AWS provider
We need a way to use proper filters to identify accepter side tgw attachment id, or better - accepter resource should allow to use local peering attachment ID. Now the workaround which worked for me - is to use filters
filter {
name = "transit-gateway-id"
values = [ aws_ec2_transit_gateway_peering_attachment.original_local_attachment.peer_transit_gateway_id ]
}
filter {
name = "state"
values = ["pendingAcceptance"]
}
But obviously after deployment - that data structure finds nothing and throws error.
Also it looks like the AWS API should return accepterTransitGatewayAttachmentId https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TransitGatewayPeeringAttachment.html But is not being used by terraform aws provider
@igoratencompass is this still an issue for you?
When I query the AWS API, I receive null
for AccepterTransitGatewayAttachmentId
:
aws ec2 describe-transit-gateway-peering-attachments \
--profile $AWS_PROFILE \
--region $AWS_REGION \
--query 'TransitGatewayPeeringAttachments[*].{AccepterTransitGatewayAttachmentId:AccepterTgwInfo.TransitGatewayAttachmentId, AccepterTgwId:AccepterTgwInfo.TransitGatewayId, AccepterRegion:AccepterTgwInfo.Region}' \
--output json | jq -r '.TransitGatewayPeeringAttachments[].AccepterTgwInfo.TransitGatewayAttachmentId'
null
null
Description
At the moment creating TGW peering attachment between two TGWs in the same region is not possible to achieve. There are some workarounds mentioned in #23828 and couple of other linked issues there but none of them works from one reason or another.
The crux of the problem being the lack of the Peering Attachment ID of the Acceptor in the attributes of the
ec2_transit_gateway_peering_attachment
resource. This makes then impossible to unambiguously discover it via theec2_transit_gateway_peering_attachment
data source due to limited filtering options provided by AWS API -- think many peering attachments already present or being created in parallel for the same Requesting TGW but different Acceptors in the region.Affected Resource(s) and/or Data Source(s)
ec2_transit_gateway_peering_attachment
Potential Terraform Configuration
The ec2_transit_gateway_peering_attachment resource should utilize the AWS API outputs as per the AWS CLI documentation where we can see
the Accepter TGW Attachment ID
AccepterTransitGatewayAttachmentId
is being returned to the caller amongst slew of other information about created resources.References
This has already been raised once before https://github.com/hashicorp/terraform-provider-aws/issues/23828 but was closed without any resolution. There is a comment left about possible fix in the provider version 4.22.0 that never got released by the looks of it https://github.com/hashicorp/terraform-provider-aws/blob/v4.22.0/CHANGELOG.md
Would you like to implement a fix?
None