Can't associate VPCs in second account with non-default route table about terraform-aws-transit-gateway HOT 9 CLOSED

Hey @2stacks, did you ever figure out this issue? Im bumping into the exact same problem.

As you mentioned, the VPC attachment needs to be created in Account B but the association/propagation or routes need to be created in Account A. The module tries to create all resources in Account B and fails.

Any help would be appreciated.

from terraform-aws-transit-gateway.

from terraform-aws-transit-gateway.

Thanks for your quick reply. Id be mainly interested in the part you used to get the association / propagation working for attachments created in other accounts, if thats included in your code.

If you wouldn't mind sharing your TGW code, I might be able to figure out / pull the parts I need.

from terraform-aws-transit-gateway.

Quite a few people are reporting this issue (including myself) @antonbabenko @tfhartmann can you take a look here? Any help would be appreciated.

from terraform-aws-transit-gateway.

Was there supposed to be a link? I plan to upload what I have for comment/collaboration. It's fairly opinionated so it may not make a good module but perhaps it can be used to improve the existing TGW module.

from terraform-aws-transit-gateway.

To close the loop here. I ended rewriting allot of the code as well. The way to get around creating the resources in the wrong account is by adding an addition config block to you TGW module section.

Section for TGW account:

module "transit_gateway" {
source = "../../"

#Takes care of sharing the TGW resource to other accounts using AWS RAM.
ram_resource_share_enabled = true
ram_principal = var.customer_account_numbers
allow_external_principals = true

providers = {
aws = aws.network
}

tags_name = "xxxxx"
description = "xxxxx"
tags_environment = "prod"

#Creates TGW in Networking account
create_transit_gateway = true
create_transit_gateway_route_table = true
default_route_table_association = "enable"
default_route_table_propagation = "disable"
create_transit_gateway_route_table_association = false
create_transit_gateway_route_table_propagation = true
existing_transit_gateway_route_table_id = module.transit_gateway.transit_gateway_shared_route_table_id
create_transit_gateway_route_table_association_and_propagation = false

#Create route table association and propagation for Customer VPC attachments
config = {

#  vpc-123456 = {                              <-- Please use VPC-ID for name.
#  vpc_id                            = null             <-- Can be set to null, as we arent create an attachment.
#  subnet_ids                        = null             <-- Can be set to null, as we arent create an attachment.
#  transit_gateway_vpc_attachment_id = module.account1234567890.transit_gateway_vpc_attachment_ids["vpc-123456"]   <-- Reuse attachment ID create by the Customer account module.
#},

#Module for attachment in customer account:

module "account1234567890" {
source = "../../"

providers = {
aws = aws.account1234567890
}

ram_resource_share_enabled = true
ram_principal = null
ram_resource_share_arn = module.transit_gateway.ram_resource_share_id
existing_transit_gateway_id = module.transit_gateway.transit_gateway_id
existing_transit_gateway_route_table_id = module.transit_gateway.transit_gateway_shared_route_table_id
create_transit_gateway = false
create_transit_gateway_route_table = false
create_transit_gateway_vpc_attachment = true
create_transit_gateway_route_table_association = false
create_transit_gateway_route_table_propagation = false
create_transit_gateway_route_table_association_and_propagation = false

config = {
vpc-123456 = {
vpc_id = "vpc-123456"
subnet_ids = ["subnet-11111111","subnet-2222222","subnet-3333333"]
transit_gateway_vpc_attachment_id = null # <-- this wont be used in module for customers.
accountnumber = "123456" # <--- Im using this for RAM sharing
}
}
}

Hope this helps!

from terraform-aws-transit-gateway.

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

from terraform-aws-transit-gateway.

This issue was automatically closed because of stale in 10 days

from terraform-aws-transit-gateway.

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

from terraform-aws-transit-gateway.