I'm trying to create VPC Peering between two VPCs in two different accounts. One is managed by me and another one by others and I don't have access to it. I'm using the next snippet of Terraform script.
resource "aws_vpc_peering_connection" "a" {
peer_owner_id = var.a.aws_account_id
peer_vpc_id = var.a.vpc_id
vpc_id = aws_vpc.main.id
peer_region = "eu-west-1"
requester {
allow_remote_vpc_dns_resolution = false
}
}
Next, it is going to be manually accepted by those who manage that account.
The problem is whether Peering is accepted or not Terraform wants to replace that Peering connection:
# module.vpc.aws_vpc_peering_connection.a is tainted, so must be replaced
-/+ resource "aws_vpc_peering_connection" "a" {
~ accept_status = "active" -> (known after apply)
~ id = "pcx-00000000000000000" -> (known after apply)
# (5 unchanged attributes hidden)
+ accepter {
+ allow_classic_link_to_remote_vpc = (known after apply)
+ allow_remote_vpc_dns_resolution = (known after apply)
+ allow_vpc_to_remote_classic_link = (known after apply)
}
# (1 unchanged block hidden)
}
I have already tried to prevent the replacement by using lifecycle
lifecycle {
ignore_changes = all
}
But it doesn't help...
Try to untaint the resource e.g.
terraform untaint aws_vpc_peering_connection.a