AWS::EC2::TransitGatewayAttachment - Attachment id should be exposed for VPN attachments. #308
Comments
luiseduardocolon
added
the
compute
|
It would be better if we can also add "Tag" for VPN attachment. |
|
It would be better in my opinion if we could add the vpn id as a property for attachment in AWS::EC2::TransitGatewayRoute : ie : VpnConnectionId would be Ref from AWS::EC2::VPNConnection . Also this property seems already supported by CF as an exception when you don't put Blackhole + TransitGatewayAttachmentId you get the following error :
tl;dr: add VpnConnectionId property to AWS::EC2::TransitGatewayRoute |
|
Any release plan for this please? |
|
Is this issue resolved? Looking at the CFN documentation, it appears as if the |
I think that's just for the EC2 Transit Gateway Attachment, not the EC2 VPN Gateway attachment. :/ |
|
Encountered this issue where had a strong use-case of using created vpn connection tgw attachment id on non default route table but looks like currently not possible, till this is being addressed I'm using custom resource to workaround the behavior. https://github.com/TheRealGoku/cfn-hacks-TGW-attachment-id |
|
If you are using the CDK, you cloud easily use a Custom Resource with AwsSdkCall https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_custom-resources.AwsCustomResource.html const sdkCall: customresource.AwsSdkCall = {
service: 'EC2',
action: 'describeTransitGatewayAttachments',
parameters: {
Filters: [{
'Name': 'resource-id',
'Values': [
vpnConnection.ref
]
}],
},
physicalResourceId: customresource.PhysicalResourceId.of(vpnConnection.ref),
}
const customResourceGetTgwAttId = new customresource.AwsCustomResource(this, 'custom-resource-get-tgw-att-id', {
onCreate: sdkCall,
onUpdate: sdkCall,
policy: customresource.AwsCustomResourcePolicy.fromSdkCalls({
resources: ['*'],
}),
})
const vpnTransitGatewayAttachmentId = customResourceGetTgwAttId.getResponseField('TransitGatewayAttachments.0.TransitGatewayAttachmentId') |
|
How would you @JPLemelin protect deployment from failing if there are no TransitGatewayAttachments returned for filters used in an custom resource aws sdk call? Calling "TransitGatewayAttachments.0" on empty response will result in CloudFormation exception. |
|
Any update on this? |
|
This is getting old and really breaks many real world use of TGW from CFN. |
|
I really wish something could be done about this soon, not being able to reference the VPN attachment ID from CFN is breaking automation workflow. but for now i gues a custom resource will have to do :-( |
|
This is marked as shipped, yet in the VPNConnection resource documentation it does not show a new attribute exposed. Anyone knows how did this finally get implemented? |
|
+1 to the above. Is there an update on this issue? Was this closed prematurely? Or has there been a hidden attribute added? |
|
+1 to both of the above, would be nice to see an update on this. |
|
status? |
|
Any Update on this? Would really like to be able to use a single CF template to add static routes to existing TGW Route table while creating/adding a new VPN to the transit gateway. seems like it would be simple to allow referencing the VPN Connection ID. |
|
This needs to be re-opened, but I can confirm that @JPLemelin's solution works as an interim solution. |
|
Can we have TGW Attachment ID for VPN as one of the return values for AWS::EC2::VPNConnection so that we can use either !Ref or !GetAtt while creating static route to existing Route table |
|
It's been a bit since there was a bump on this. I'll do the honors. FWIW, there was a (seemingly) recent release that extends the tunnel options available to users, so maybe there is hope yet? |
|
@createchange it looks like the attachment ID may be accessible now! 
|
|
@neilferreira That only works for VPC TGW-A, not VPN. You'll note that the CFN definition doesn't permit for creating VPN attachments. The original author (who, I must say, did a stellar job putting together this request), outlines the 3 options that make sense - none of which are implemented:
Personally, I would vote for 3. I don't want to have to patch in new resources. |
|
Ohh yes sorry. This only applies if you're using CDK, but I have been using @JPLemelin's workaround since 2021 and it has been working a treat in what I thought would be the interim. |
and others
1. Title
AWS::EC2::TransitGatewayAttachment - Attachment id should be exposed for VPN attachments.
2. Scope of request
e) other coverage-related issue with the resource/attribute/option
Currently VPC attachments are 'real' resources in Cloudformation, that can be referenced when creating a route. VPN attachments are shown in the console as an attachment but are not created using an AWS::EC2::TransitGatewayAttachment resource. VPN transit gateways attachments are created when a AWS::EC2::VPNConnection resource is created without been explicitly in the Cloudformation template.
This means that routes cannot be created to a VPN attachment because the TransitGatewayAttachmentId property is not know and cannot be referenced as there is no TransitGatewayAttachment.
Request is to expose this TransitGatewayAttachmentId property so that it can be referenced by other resources.
3. Expected behavior
Issue could be fixed by:
5. Helpful Links to speed up research and evaluation
This is the Terraform discussion, where they are discussing this kind of issue:
This is the Transit Gateway API action for describing the attachments.
6. Category (required) - Will help with tagging and be easier to find by other users to +1
Use the categories as displayed in the AWS Management Console (simplified):
Compute - EC2
7. Any additional context (optional)
The text was updated successfully, but these errors were encountered: