I'm deploying a site to site VPN in AWS using terraform, and I have an error stating:
│ Error: creating EC2 VPN Connection Route (12.345.67.89/32:vpn-12345678910): InvalidVpnConnection.InvalidType: Static routes for vpn-12345678910 must be added through the Transit Gateway API. │ status code: 400, request id: 283f4f12-df47-33e9-2294-b7c2f1da15f3 │ │ with aws_vpn_connection_route.vpn_connection_route["12.345.67.89/32"], │ on main.tf line 189, in resource "aws_vpn_connection_route" "vpn_connection_route": │ 189: resource "aws_vpn_connection_route" "vpn_connection_route" { │
The relevant code is here (hopefully I didn't remove something needed):
resource "aws_customer_gateway" "customer_gateway" {
bgp_asn = var.customer_gateway_bgp_asn
ip_address = var.customer_gateway_ip
type = var.customer_gateway_type
}
resource "aws_ec2_transit_gateway" "transit_gateway" {
default_route_table_association = "enable"
default_route_table_propagation = "enable"
}
resource "aws_ec2_transit_gateway_route_table" "transit_gateway_route_table" {
transit_gateway_id = aws_ec2_transit_gateway.transit_gateway.id
}
resource "aws_vpn_connection" "vpn_connection" {
customer_gateway_id = aws_customer_gateway.customer_gateway.id
type = var.customer_gateway_type
transit_gateway_id = aws_ec2_transit_gateway.transit_gateway.id
}
resource "aws_vpn_connection_route" "vpn_connection_route" {
for_each = toset(var.vpn_routes)
destination_cidr_block = each.key
vpn_connection_id = aws_vpn_connection.vpn_connection.id
}
Nearly identical question here, but I don't understand where the static routes need to be added in the terraform.
As per the discussion from the comments, the error points in the direction that an equivalent TGW resource needs to be used to add the static routes, and that resource is aws_ec2_transit_gateway_route
. You can find more information about the error in the AWS docs.