DEVHIDE
Login Or Sign up

I have trouble auto accepting a Transit Gateway Peering using Terraform

653 Views Asked by At

I wrote a script that peers two Transit gateways within the same region. A peering is created however, it is refusing to accept the requests.

resource "aws_ec2_transit_gateway_peering_attachment" "TGW_A_B_Peering_Attachment_Request" {
  peer_account_id         = aws_ec2_transit_gateway.Transit_GW_A.owner_id
  peer_transit_gateway_id = aws_ec2_transit_gateway.Transit_GW_B.id
  transit_gateway_id      = aws_ec2_transit_gateway.Transit_GW_A.id
  peer_region             = var.region_2

  tags = {
    Name = "TGW A and B Peering Request"
  }
}

resource "aws_ec2_transit_gateway_peering_attachment_accepter" "TGW_A_B_Peering_Attachment_Accept" {
  transit_gateway_attachment_id = aws_ec2_transit_gateway_peering_attachment.TGW_A_B_Peering_Attachment_Request.id

  tags = {
    Name = "TGW A and B Peering Accept"
  }
}

│ Error: accepting EC2 Transit Gateway Peering Attachment (tgw-attach-01aa81f3b119adda2): InvalidParameterValue: Cannot accept tgw-attach-01aa81f3b119adda2 as the source of the peering request.

I think I must be missing something, but I can't tell.

terraform-provider-aws transit-gateway
Original Q&A
2

There are 2 best solutions below

0
charles uneze On BEST ANSWER

So, it turns out that the aws_ec2_transit_gateway_peering_attachment resource creates two peerings in the AWS console; Requester and Accepter. To use the Accepter peering, a data resource must be created which filters for the second Accepter peering.

data "aws_ec2_transit_gateway_peering_attachment" "TGW_A_B_Peering_Attachment" {
  depends_on = [ aws_ec2_transit_gateway_peering_attachment.TGW_A_B_Peering_Attachment_Request ]

  filter {
    name = "state"
    values = [ "pendingAcceptance" ]
  }

  # Only the second accepter/peer transit gateway is called from the peering attachment.
  filter {
    name = "transit-gateway-id"
    values = [ aws_ec2_transit_gateway_peering_attachment.TGW_A_B_Peering_Attachment_Request.peer_transit_gateway_id ]
  }
}

The above filters and depends_on is the only combination that works. The resource is flawed, so this data source must be used.

Lastly, I will call the data source into the accepted resource.

resource "aws_ec2_transit_gateway_peering_attachment_accepter" "TGW_A_B_Peering_Attachment_Accept" {
  transit_gateway_attachment_id = data.aws_ec2_transit_gateway_peering_attachment.TGW_A_B_Peering_Attachment.id

  tags = {
    Name = "TGW A and B Peering Accept"
  }
}
0
Ronnie G On

The proposed solution worked for me but I use a pipeline to deploy my resources so the subsequent deploy fail. I added an available condition so this passes on subsequent deploys. Keep in mind additional filtering like tags may be needed if there are multiple peering attachments being created for the TGW.

data "aws_ec2_transit_gateway_peering_attachment" "TGW_A_B_Peering_Attachment" {
  depends_on = [ aws_ec2_transit_gateway_peering_attachment.TGW_A_B_Peering_Attachment_Request ]

  filter {
    name = "state"
    values = [ "pendingAcceptance" , "available" ]
  }

  # Only the second accepter/peer transit gateway is called from the peering attachment.
  filter {
    name = "transit-gateway-id"
    values = [ aws_ec2_transit_gateway_peering_attachment.TGW_A_B_Peering_Attachment_Request.peer_transit_gateway_id ]
  }
}

Related Questions in TERRAFORM-PROVIDER-AWS

Related Questions in TRANSIT-GATEWAY

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.