Allow aws_dx_gateway_association and aws_dx_private_virtual_interface to reference Transit Gateway

[heycasey]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Transit Gateway now allows support for Direct Connect via a Direct Connect Gateway. The aws_dx_gateway_association should be updated to allow a transit_gateway_id argument. In addition, the aws_dx_private_virtual_interface should be updated to allow a Transit virtual interface type, or a new aws_dx_transit_virtual_interface resource can be introduced.

New or Affected Resource(s)

• aws_dx_gateway_association
• aws_dx_private_virtual interface (or create a new awx_dx_transit_virtual_interface)

Potential Terraform Configuration

resource "aws_dx_gateway_association" "example" {
  dx_gateway_id  = "${aws_dx_gateway.example.id}"
  transit_gateway_id = "${aws_ec2_transit_gateway.example.id}"
}

[ewbankkit]

AWS blog post.
Requires:

• Update module aws/aws-sdk-go to v1.19.23 #8482

[ewbankkit]

I would suggest awx_dx_transit_virtual_interface as we already have separate aws_dx_private_virtual_interface and aws_dx_public_virtual_interface resources.
We'll also need the corresponding awx_dx_hosted_transit_virtual_interface and awx_dx_hosted_transit_virtual_interface_accepter resources.

Changes to aws_dx_gateway_association should build on #8320 and #8455.

[ewbankkit]

I'm going to split the work into separate PRs to keep the change sets smaller:

• New awx_dx_transit_virtual_interface resource
• New awx_dx_hosted_transit_virtual_interface and awx_dx_hosted_transit_virtual_interface_accepter resources. In one PR as it makes testing easier
• Updates to aws_dx_gateway_association and aws_dx_gateway_association_proposal resources

[ewbankkit]

Related:

• r/aws_vpn_connection: Allow migration from VGW to TGW without recreating resource #8500

[heycasey]

Associating a DX Gateway with a Transit Gateway automatically creates the Transit Gateway Attachment for the DX Gateway. This differs from connecting a VPC to a Transit Gateway where you would use the aws_ec2_transit_gateway_vpc_attachment resource to create a Transit Gateway Attachment.

Will there be a way to get the ID of this auto-created Transit Gateway Attachment when using the aws_dx_gateway_association resource?

[heycasey]

I'm going to split the work into separate PRs to keep the change sets smaller:

• New awx_dx_transit_virtual_interface resource
• New awx_dx_hosted_transit_virtual_interface and awx_dx_hosted_transit_virtual_interface_accepter resources. In one PR as it makes testing easier
• Updates to aws_dx_gateway_association resource
• Updates to aws_dx_gateway_association_proposal and aws_dx_cross_account_gateway_association resources will be incorporated into [WIP] Second half of support for Gateway Association Proposals #8455

@ewbankkit I wanted to point out that I made a typo in a previous post of awx instead of aws and it got copied/pasted to a previous post. However, looks like your PRs have the correct spelling.

[ewbankkit]

@heycasey RE #8490 (comment) - I'll investigate. It doesn't look like the EC2 API TransitGatewayAttachment has been updated with a Direct Connect Gateway resourceType yet.

[ewbankkit]

@heycasey If I associate a DX Gateway with a transit gateway the transit gateway association is created with resource type direct-connect-gateway:

$ aws --region us-west-2 ec2 describe-transit-gateway-attachments
{
    "TransitGatewayAttachments": [
        {
            "ResourceOwnerId": "000000000000", 
            "TransitGatewayAttachmentId": "tgw-attach-00000000000000000", 
            "ResourceType": "direct-connect-gateway", 
            "ResourceId": "00000000-0000-0000-0000-000000000000", 
            "Tags": [], 
            "CreationTime": "2019-05-09T15:31:38.000Z", 
            "State": "available", 
            "TransitGatewayId": "tgw-00000000000000000", 
            "TransitGatewayOwnerId": "000000000000", 
            "Association": {
                "State": "associated", 
                "TransitGatewayRouteTableId": "tgw-rtb-00000000000000000"
            }
        }
    ]
}

It looks like we'll need a new aws_ec2_transit_gateway_dx_gateway_attachment data source.
I'll create an issue for that: #8590.

[ewbankkit]

@heycasey I think I'll also add the transit gateway attachment ID as a Computed attribute on the DX Gateway association as I will need to obtain it at some point in order to ensure that the attachment is deleted when the association is deleted. Otherwise we'll get errors like

aws_dx_gateway_association.test: Destruction complete after 8m0s
aws_ec2_transit_gateway.test: Destroying... (ID: tgw-00000000000000000)

Error: Error applying plan:

1 error(s) occurred:

* aws_ec2_transit_gateway.test (destroy): 1 error(s) occurred:

* aws_ec2_transit_gateway.test: error deleting EC2 Transit Gateway: IncorrectState: tgw-00000000000000000 has non-deleted DirectConnect Gateway Attachments: tgw-attach-00000000000000000.
	status code: 400, request id: 00000000-0000-0000-0000-000000000000

plus the acceptance tests will fail with the same error.

[spasam]

Hi there, is there anything holding back the PRs? Looks like @heycasey addressed the comments! Thanks

[bflad]

Two new resources aws_dx_hosted_transit_virtual_interface and aws_dx_hosted_transit_virtual_interface_accepter have been merged and will release with version 2.40.0 of the Terraform AWS Provider, next week. Many thanks to @ewbankkit for the implementation work and @devonbleak for testing assistance.

@heycasey / @ewbankkit does anything else need to be completed for this issue?

[bflad]

I believe we have covered most, if not all, of the required functionality of this issue with the upcoming 2.40.0 release of the Terraform AWS Provider. Please use new feature request issues for anything still outstanding. 👍

[ghost]

This has been released in version 2.40.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!