terraform-provider-awstransit-gateway

I have trouble auto accepting a Transit Gateway Peering using Terraform

I wrote a script that peers two Transit gateways within the same region. A peering is created however, it is refusing to accept the requests.

resource "aws_ec2_transit_gateway_peering_attachment" "TGW_A_B_Peering_Attachment_Request" {
  peer_account_id         = aws_ec2_transit_gateway.Transit_GW_A.owner_id
  peer_transit_gateway_id = aws_ec2_transit_gateway.Transit_GW_B.id
  transit_gateway_id      = aws_ec2_transit_gateway.Transit_GW_A.id
  peer_region             = var.region_2

  tags = {
    Name = "TGW A and B Peering Request"
  }
}

resource "aws_ec2_transit_gateway_peering_attachment_accepter" "TGW_A_B_Peering_Attachment_Accept" {
  transit_gateway_attachment_id = aws_ec2_transit_gateway_peering_attachment.TGW_A_B_Peering_Attachment_Request.id

  tags = {
    Name = "TGW A and B Peering Accept"
  }
}

ā”‚ Error: accepting EC2 Transit Gateway Peering Attachment (tgw-attach-01aa81f3b119adda2): InvalidParameterValue: Cannot accept tgw-attach-01aa81f3b119adda2 as the source of the peering request.

I think I must be missing something, but I can't tell.

Solution

  • So, it turns out that the aws_ec2_transit_gateway_peering_attachment resource creates two peerings in the AWS console; Requester and Accepter. To use the Accepter peering, a data resource must be created which filters for the second Accepter peering.

    data "aws_ec2_transit_gateway_peering_attachment" "TGW_A_B_Peering_Attachment" {
  depends_on = [ aws_ec2_transit_gateway_peering_attachment.TGW_A_B_Peering_Attachment_Request ]

  filter {
    name = "state"
    values = [ "pendingAcceptance" ]
  }

  # Only the second accepter/peer transit gateway is called from the peering attachment.
  filter {
    name = "transit-gateway-id"
    values = [ aws_ec2_transit_gateway_peering_attachment.TGW_A_B_Peering_Attachment_Request.peer_transit_gateway_id ]
  }
}

    The above filters and depends_on is the only combination that works. The resource is flawed, so this data source must be used.

    Lastly, I will call the data source into the accepted resource.

    resource "aws_ec2_transit_gateway_peering_attachment_accepter" "TGW_A_B_Peering_Attachment_Accept" {
  transit_gateway_attachment_id = data.aws_ec2_transit_gateway_peering_attachment.TGW_A_B_Peering_Attachment.id

  tags = {
    Name = "TGW A and B Peering Accept"
  }
}