[Bug]: Incorrect Behavior - Private and Transit VIFs

[ByteTheSystem]

Terraform Core Version

1.3.6

AWS Provider Version

4.48

Affected Resource(s)

Resource: aws_dx_private_virtual_interface Resource: aws_dx_transit_virtual_interface

Expected Behavior

When creating an AWS Direct Connect Private VIF or Transit VIF, there is normally the option to specify the AWS Account ID for the owner of the Private VIF or Transit VIF. If an external AWS Account ID is specified, there is no longer the requirement to provide the Direct Connect Gateway ID. Which allows cross account ownership of Private and Transit VIFs.

Actual Behavior

The Terraform AWS provider resource for Private VIFs and Transit VIFs requires a Direct Connect Gateway ID without the ability to specify an external AWS Account ID as the owner of the Private VIF or Transit VIF. As a result, only the account owner of the Direct Connect connection and the Direct Connect Gateway can create a Private VIF or Transit VIF.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_dx_private_virtual_interface" "foo" {
  connection_id = "dxcon-zzzzzzzz"

  name           = "vif-foo"
  vlan           = 4094
  address_family = "ipv4"
  bgp_asn        = 65352
}

resource "aws_dx_transit_virtual_interface" "example" {
  connection_id = aws_dx_connection.example.id

  dx_gateway_id  = aws_dx_gateway.example.id
  name           = "tf-transit-vif-example"
  vlan           = 4094
  address_family = "ipv4"
  bgp_asn        = 65352
}

Steps to Reproduce

With an existing Direct Connect connection, use Terraform to attempt to launch a Transit VIF or Private VIF with the Dx Gateway owned by another account. Compare to the the actual behavior if attempted in the AWS Console.

Debug Output

No response

Panic Output

aws_dx_private_virtual_interface.private-vif: Creating...
╷
│ Error: One of ['vpn_gateway_id', 'dx_gateway_id'] must be set to create a Direct Connect private virtual interface
│ 
│   with aws_dx_private_virtual_interface.private-vif,
│   on private-vif.tf line 2, in resource "aws_dx_private_virtual_interface" "private-vif":
│    2: resource "aws_dx_private_virtual_interface" "private-vif" {
│ 
╵

│ Error: Missing required argument
│ 
│   on transit-vif.tf line 10, in resource "aws_dx_transit_virtual_interface" "transit-vif":
│    10: resource "aws_dx_transit_virtual_interface" "transit-vif" {
│ 
│ The argument "dx_gateway_id" is required, but no definition was found.

Important Factoids

No response

References

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dx_transit_virtual_interface

https://docs.aws.amazon.com/directconnect/latest/APIReference/API_VirtualInterface.html#DX-Type-VirtualInterface-ownerAccount

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[irl-segfault]

still an issue :/

[tommywo]

FYI: We were able to use dx_hosted_transit_virtual_interface for such usecase