In order to create AWS::NetworkManager::TransitGatewayRouteTableAttachment, a TransitGatewayPolicyTable is needed but currently there's no way to create it through cloudformation. Is it possible for the support to be added?

Additionally it possible to propagate routes between TGW and CoreNetwork without using AWS::NetworkManager::TransitGatewayRouteTableAttachment? I wasn't adding static route to the TransitGatewayRouteTable` for the CN peering since it is dynamic.

The changeset preview shows the resource replacement as "false" when we are updating the tags for TransitGatewayAttachment via CFN in us-west-2 region. This is an incorrect information as the resource tag update require replacement as per the docs https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayattachment.html.

Apart from this false info on the changesetset preview, I would like add that CFN should not replace the TransitGatewayAttachment on the tag updates as this leads to error because CFN will create the new resource which will fail as you can only have one attachment between the same VPC and transit gateway pair. As of now as per the doc all property update for TransitGatewayAttachment require replacement which will lead to the below error. The open issue for this is - #124

Resource handler returned message: "tgw-xxxx has non-deleted Transit Gateway Attachments with same VPC ID. (Service: Ec2, Status Code: 400, Request ID: xxxx, Extended Request ID: null)" (RequestToken: xxx, HandlerErrorCode: GeneralServiceException)

Current implementation of TransitGatewayAttachment triggers resource replacement for all(?) changes. Even simple things such as applying new tags to Cloudformation stack will cause TGW attachment to be replaced. Problem with replacement is, it will always fail because how Cloudformation replacement logic works. Cloudformation will first create the new resource and then remove the old one. This makes sense to be able to roll-back if new resource can not be created, but will make replacement of TGW attachment impossible as there can not be multiple attachment from single TGW to VPC. Most (all?) of attachment attributes can be reconfigured via API (or cli/console) without recreating the attachment, so it should be possible for Cloudformation provider too?

AWS::EC2::TransitGateway has option to set AssociationDefaultRouteTableId and PropagationDefaultRouteTableId. This would be necessary especially when you want to have default association table be different than propagation table.

To create AWS::EC2::TransitGatewayRouteTable you must have AWS::EC2::TransitGateway. And when you create AWS::EC2::TransitGateway you would have to know the route table ID. At the moment there seems to be no way of defining association and propagation tables in Cloudformation?

I have a CloudFormation stack that needs to be updated. Particularly, we're migrating from VPNGateway to a TransitGateway and we face a particular challenge. In the Change Set to generate we have removed the references to the VPN Gateway and its related resources. This will tell CF that all the resources should be planned to be deleted. So far no problem with that.

Now we want to add the TransitGatewayAttachment as a new resource in the same stack. The problem is that some routes cannot be added until the auto-propagation of the old resource (VPNGatewayRoutePropagation) has been completely removed. For that effect, we would need that the TransitGatewayAttachment waits for the VPNGatewayRoutePropagationto be removed, but we no longer have its reference in the code.

Ideally this should be a one-step operation because we want to minimize downtime as much as we can. I've already thought about a workflow like the following, but that would be a plan B for the moment:

1. Deploying CF with VPN Gateway missing (deleting the resource).
2. Manually confirming the deletion.
3. Deploying new CF with TransitGatewayAttachment.

The problem here is that the two-step operation will generate a higher downtime.

Is there any way to define that dependency using DependsOn, WaitCondition, etc.?

Hi AWS CloudFormation Team,

Although you have this TransitGatewayConnect developed, but it doesn't seem AWS CFN supports this resource.
I was trying to create one but I got the error message: Unrecognized resource types: [AWS::EC2::TransitGatewayConnect].
I am testing this on us-east-2 region, I have no problem creating this Connect type attachment manually on AWS GUI console.
I also checked the CloudFormation designer, and I found out TransitGatewayConnect is not in the resource list on designer.

my simple test CFN script

{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "TransitGatewayConnect Test",
"Resources": {
"TGWConnectAttachment": {
"Type" : "AWS::EC2::TransitGatewayConnect",
"Properties": {
"TransportTransitGatewayAttachmentId": "tgw-attach-0ff383f319a48210b",
"Tags": [
{
"Key": "Name",
"Value": "test_tgw_connect_att"
}
]
}
}
}
}

CFN designer has no "TransitGatewayConnect" resource

Could you please check and fix the issue.

Thanks!
Don Yao