The CloudFormation Resource Provider Package For Transit Gateway.
See CONTRIBUTING for more information.
This project is licensed under the Apache-2.0 License.
The CloudFormation Resource Provider Package For AWS Transit Gateway
Home Page: https://aws.amazon.com/transit-gateway/
License: Apache License 2.0
The CloudFormation Resource Provider Package For Transit Gateway.
See CONTRIBUTING for more information.
This project is licensed under the Apache-2.0 License.
In order to create AWS::NetworkManager::TransitGatewayRouteTableAttachment
, a TransitGatewayPolicyTable
is needed but currently there's no way to create it through cloudformation. Is it possible for the support to be added?
Additionally it possible to propagate routes between TGW and CoreNetwork without using AWS::NetworkManager::TransitGatewayRouteTableAttachment? I wasn't adding static route to the
TransitGatewayRouteTable` for the CN peering since it is dynamic.
The changeset preview shows the resource replacement as "false" when we are updating the tags for TransitGatewayAttachment via CFN in us-west-2 region. This is an incorrect information as the resource tag update require replacement as per the docs https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayattachment.html.
Apart from this false info on the changesetset preview, I would like add that CFN should not replace the TransitGatewayAttachment on the tag updates as this leads to error because CFN will create the new resource which will fail as you can only have one attachment between the same VPC and transit gateway pair. As of now as per the doc all property update for TransitGatewayAttachment require replacement which will lead to the below error. The open issue for this is - #124
Resource handler returned message: "tgw-xxxx has non-deleted Transit Gateway Attachments with same VPC ID. (Service: Ec2, Status Code: 400, Request ID: xxxx, Extended Request ID: null)" (RequestToken: xxx, HandlerErrorCode: GeneralServiceException)
Current implementation of TransitGatewayAttachment triggers resource replacement for all(?) changes. Even simple things such as applying new tags to Cloudformation stack will cause TGW attachment to be replaced. Problem with replacement is, it will always fail because how Cloudformation replacement logic works. Cloudformation will first create the new resource and then remove the old one. This makes sense to be able to roll-back if new resource can not be created, but will make replacement of TGW attachment impossible as there can not be multiple attachment from single TGW to VPC. Most (all?) of attachment attributes can be reconfigured via API (or cli/console) without recreating the attachment, so it should be possible for Cloudformation provider too?
AWS::EC2::TransitGateway
has option to set AssociationDefaultRouteTableId
and PropagationDefaultRouteTableId
. This would be necessary especially when you want to have default association table be different than propagation table.
To create AWS::EC2::TransitGatewayRouteTable
you must have AWS::EC2::TransitGateway
. And when you create AWS::EC2::TransitGateway
you would have to know the route table ID. At the moment there seems to be no way of defining association and propagation tables in Cloudformation?
I have a CloudFormation stack that needs to be updated. Particularly, we're migrating from VPNGateway
to a TransitGateway
and we face a particular challenge. In the Change Set to generate we have removed the references to the VPN Gateway
and its related resources. This will tell CF that all the resources should be planned to be deleted. So far no problem with that.
Now we want to add the TransitGatewayAttachment
as a new resource in the same stack. The problem is that some routes cannot be added until the auto-propagation of the old resource (VPNGatewayRoutePropagation
) has been completely removed. For that effect, we would need that the TransitGatewayAttachment
waits for the VPNGatewayRoutePropagationto
be removed, but we no longer have its reference in the code.
Ideally this should be a one-step operation because we want to minimize downtime as much as we can. I've already thought about a workflow like the following, but that would be a plan B for the moment:
VPN Gateway
missing (deleting the resource).TransitGatewayAttachment
.The problem here is that the two-step operation will generate a higher downtime.
Is there any way to define that dependency using DependsOn, WaitCondition, etc.?
Hi AWS CloudFormation Team,
Although you have this TransitGatewayConnect developed, but it doesn't seem AWS CFN supports this resource.
I was trying to create one but I got the error message: Unrecognized resource types: [AWS::EC2::TransitGatewayConnect].
I am testing this on us-east-2 region, I have no problem creating this Connect type attachment manually on AWS GUI console.
I also checked the CloudFormation designer, and I found out TransitGatewayConnect is not in the resource list on designer.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "TransitGatewayConnect Test",
"Resources": {
"TGWConnectAttachment": {
"Type" : "AWS::EC2::TransitGatewayConnect",
"Properties": {
"TransportTransitGatewayAttachmentId": "tgw-attach-0ff383f319a48210b",
"Tags": [
{
"Key": "Name",
"Value": "test_tgw_connect_att"
}
]
}
}
}
}
Could you please check and fix the issue.
Thanks!
Don Yao
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.