New Datasource: aws_ec2_transit_gateway_attachments (plural)

[mkielar]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

AWS provides the DescribeTransitGatewayAttachments API Call, which returns all existing Transit Gateway Attachments, regardless of their type. This datasource could replace existing aws_ec2_transit_gateway_vpc_attachments introduced in #11880, and be implemented instead of #25744 and #25743, as it's, simply speaking, more generic and handles all use cases.

New or Affected Resource(s)

• aws_ec2_transit_gateway_attachments

Potential Terraform Configuration

data "aws_ec2_transit_gateway_attachments" "attachments" {
  filter {
    name = "state"
    values = [
      "available"
    ]
  }
  filter {
    name = "transit-gateway-id"
    values = [
      var.tgw_id
    ]
  }
}

The new datasource would then expose all attributes as described in TransitGatewayAttachment, including the resourceType which is the discriminator for VPC / VPN / Peering / etc. attachments.

References

• AWS API: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayPeeringAttachments.html
• AWS Return Type: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TransitGatewayAttachment.html
• Other plural datasources:
  • Support multiple aws_ec2_transit_gateway_vpc_attachment #11880
  • New datasource: aws_ec2_transit_gateway_vpn_attachments (plural) #25744
  • New datasource: aws_ec2_transit_gateway_peering_attachments (plural) #25743

[crawforde]

This is critically needed, as AWS does not offer the same filter options on some of its other describe endpoints. For example, I am not able to look up a peering attachment by the ID of the requesting transit gateway resource when I use the endpoint that describes peering attachments, but I can look up attachments by this filter using the more generic API endpoint. This is necessary for certain cross-account, cross-region peering scenarios, which I currently am unable to automate with terraform. Having this endpoint available would create viable workarounds for issues like this one: #24677

[bodgit]

Just came looking for this as it turns out all of the current Transit Gateway attachment data sources are all singular and error if there's no results (or more than one).

My use case is having a Transit Gateway associated with a Direct Connect Gateway in another account using an association proposal. When that is accepted in the peer account, the attachment automatically appears in this account so I need to be able to do something like:

resource "aws_dx_gateway_association_proposal" "example" {
  dx_gateway_id               = var.dx_gateway_id
  dx_gateway_owner_account_id = var.dx_gateway_owner_account_id
  associated_gateway_id       = module.tgw.ec2_transit_gateway_id
}

# Association should then be accepted in the peer account which will create the attachment in this account

data "aws_ec2_transit_gateway_attachments" "example" {
  filter {
    name   = "transit-gateway-id"
    values = [module.tgw.ec2_transit_gateway_id]
  }

  filter {
    name   = "resource-type"
    values = ["direct-connect-gateway"]
  }

  filter {
    name   = "resource-id"
    values = [var.dx_gateway_id]
  }

  filter {
    name   = "state"
    values = ["available"]
  }
}

# Create association/propagation resources using the attachment IDs...

resource "aws_ec2_transit_gateway_route_table_association" "example" {
  for_each = data.aws_ec2_transit_gateway_attachments.example...
  ...
}

resource "aws_ec2_transit_gateway_route_table_propagation" "dxg" {
  for_each = data.aws_ec2_transit_gateway_attachments.example...
  ...
}

Using the existing data source(s), until the association is accepted Terraform errors in this account as there's no matching attachment present. Current workaround is to gate the route table association/propagation resources with a count on an attachment ID variable but I'd like to use a data source.

[github-actions]

This functionality has been released in v4.62.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.