terraform-provider-aws: error associating EC2 Transit Gateway Route Table () association MissingParameter: Missing required parameter in request: TransitGatewayRouteTableId.
Community Note
- Please vote on this issue by adding a đź‘Ť reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave “+1” or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
Terraform v0.12.25
- provider.aws v2.62.0
Affected Resource(s)
aws_ec2_transit_gateway aws_ec2_transit_gateway_vpc_attachment aws_ec2_transit_gateway_route_table aws_ec2_transit_gateway_route_table_association aws_ec2_transit_gateway_route_table_propagation
Terraform Configuration Files
#create transit gateway resource “aws_ec2_transit_gateway” “tgw” { description = “tgw sec_vpc con el resto de vpc” auto_accept_shared_attachments = “disable” default_route_table_association = “disable” default_route_table_propagation = “disable” dns_support = “enable” tags = { Name = “TGW” } }
route tables for vpc sec
resource “aws_ec2_transit_gateway_route_table” “sec” { transit_gateway_id = aws_ec2_transit_gateway.tgw.id tags = { Name = “tgw-routetable-sec” } } #route tables for vpc spoke resource “aws_ec2_transit_gateway_route_table” “spoke” { transit_gateway_id = aws_ec2_transit_gateway.tgw.id tags = { Name = “tgw-routetable-spoke” } }
resource “aws_ec2_transit_gateway_route_table_association” “sec” { transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.tgw-att-sec-fw.id transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.sec.id } resource “aws_ec2_transit_gateway_route_table_association” “spoke” { transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.tgw-att-spoke-vpc.id transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.spoke.id }
#propagation for vpc sec resource “aws_ec2_transit_gateway_route_table_propagation” “sec” { transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.tgw-att-sec-fw.id transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.sec.id }
#propagation for vpc spoke resource “aws_ec2_transit_gateway_route_table_propagation” “spoke” { transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.tgw-att-spoke-vpc.id transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.spoke.id }
#create attachment-TGW against vpc sec where are both firewalls
resource “aws_ec2_transit_gateway_vpc_attachment” “tgw-att-sec-fw” { vpc_id = aws_vpc.sec-vpc.id transit_gateway_id = aws_ec2_transit_gateway.tgw.id subnet_ids = [“${aws_subnet.private-fw-a.id}”,“${aws_subnet.private-fw-b.id}”] tags = { Name = “sec-vpc-attachment” } } #create attachment-TGW against vpc spoke resource “aws_ec2_transit_gateway_vpc_attachment” “tgw-att-spoke-vpc” { vpc_id = aws_vpc.spoke-vpc.id transit_gateway_id = aws_ec2_transit_gateway.tgw.id subnet_ids = [“${aws_subnet.spoke-private-eu-west-1a.id}”,“${aws_subnet.spoke-private-eu-west-1b.id}”] tags = { Name = “spoke-vpc-attachment” } }
Debug Output
aws_ec2_transit_gateway.tgw: Still creating… [20s elapsed] aws_ec2_transit_gateway.tgw: Creation complete after 29s [id=tgw-0da9fc5cbcacd209f] aws_ec2_transit_gateway_vpc_attachment.tgw-att-sec-fw: Creating… aws_ec2_transit_gateway_route_table.sec: Creating… aws_route_table.RT-sec-private: Creating… aws_ec2_transit_gateway_vpc_attachment.tgw-att-spoke-vpc: Creating… aws_ec2_transit_gateway_route_table.spoke: Creating… aws_route_table.RT-spoke-private: Creating… aws_route_table.RT-spoke-private: Creation complete after 5s [id=rtb-0c75eac891a00bc97] aws_route_table_association.RT-spoke-private-1: Creating… aws_route_table_association.RT-spoke-private-2: Creating… aws_route_table.RT-sec-private: Creation complete after 5s [id=rtb-0fa3f0fa9f5cbb628] aws_route_table_association.private-RT-to-private-fwb: Creating… aws_route_table_association.private-RT-to-private-fwa: Creating… aws_route_table_association.RT-spoke-private-1: Creation complete after 0s [id=rtbassoc-088f420d556aff315] aws_route_table_association.RT-spoke-private-2: Creation complete after 0s [id=rtbassoc-0af2dc2d7d7a550b6] aws_route_table_association.private-RT-to-private-fwb: Creation complete after 1s [id=rtbassoc-0ba4618eafbeaa106] aws_route_table_association.private-RT-to-private-fwa: Creation complete after 1s [id=rtbassoc-09b7b10e3f3513c28] aws_ec2_transit_gateway_vpc_attachment.tgw-att-sec-fw: Still creating… [10s elapsed] aws_ec2_transit_gateway_vpc_attachment.tgw-att-spoke-vpc: Still creating… [10s elapsed] aws_ec2_transit_gateway_route_table.sec: Still creating… [10s elapsed] aws_ec2_transit_gateway_route_table.spoke: Still creating… [10s elapsed] aws_ec2_transit_gateway_route_table.sec: Creation complete after 18s [id=tgw-rtb-018763c896b996c5f] aws_ec2_transit_gateway_route_table.spoke: Creation complete after 18s [id=tgw-rtb-0b3af9d21519828ce] aws_ec2_transit_gateway_vpc_attachment.tgw-att-sec-fw: Still creating… [20s elapsed] aws_ec2_transit_gateway_vpc_attachment.tgw-att-spoke-vpc: Still creating… [20s elapsed] aws_ec2_transit_gateway_vpc_attachment.tgw-att-spoke-vpc: Still creating… [30s elapsed] aws_ec2_transit_gateway_vpc_attachment.tgw-att-sec-fw: Still creating… [30s elapsed] aws_ec2_transit_gateway_vpc_attachment.tgw-att-spoke-vpc: Still creating… [40s elapsed] aws_ec2_transit_gateway_vpc_attachment.tgw-att-sec-fw: Still creating… [40s elapsed] aws_ec2_transit_gateway_vpc_attachment.tgw-att-sec-fw: Still creating… [50s elapsed] aws_ec2_transit_gateway_vpc_attachment.tgw-att-spoke-vpc: Still creating… [50s elapsed] aws_ec2_transit_gateway_vpc_attachment.tgw-att-sec-fw: Still creating… [1m0s elapsed] aws_ec2_transit_gateway_vpc_attachment.tgw-att-spoke-vpc: Still creating… [1m0s elapsed]
Error: error updating EC2 Transit Gateway Attachment (tgw-attach-04643cc2db9804f8e) Route Table () association: error associating EC2 Transit Gateway Route Table () association (tgw-attach-04643cc2db9804f8e): MissingParameter: Missing required parameter in request: TransitGatewayRouteTableId. status code: 400, request id: d3dd5ecc-0cc3-46ff-91c5-a57ed82d451e
on tgw.tf line 54, in resource “aws_ec2_transit_gateway_vpc_attachment” “tgw-att-sec-fw”: 54: resource “aws_ec2_transit_gateway_vpc_attachment” “tgw-att-sec-fw” {
Error: error updating EC2 Transit Gateway Attachment (tgw-attach-05517f0cda4c2eaa7) Route Table () association: error associating EC2 Transit Gateway Route Table () association (tgw-attach-05517f0cda4c2eaa7): MissingParameter: Missing required parameter in request: TransitGatewayRouteTableId. status code: 400, request id: 3dd083bc-0b6c-42b1-b25f-163c8494e0ab
on tgw.tf line 63, in resource “aws_ec2_transit_gateway_vpc_attachment” “tgw-att-spoke-vpc”: 63: resource “aws_ec2_transit_gateway_vpc_attachment” “tgw-att-spoke-vpc” {
Expected Behavior
EC2 Transit Gateway VPC Attachment should be created without error.
Actual Behavior
It fails, it is build correctly all the infraestructure: a. transit gw b. transit gw attachment without associate route table c.transit gw route tables it’s build without associations, propagations and routes (related with the error)
Steps to Reproduce
terraform apply
Important Factoids
References
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayVpcAttachments.html
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGatewayVpcAttachment.html
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateTransitGatewayRouteTable.html
About this issue
- Original URL
- State: open
- Created 4 years ago
- Reactions: 24
- Comments: 21 (6 by maintainers)
FYI: This will not work if the TGW is shared (RAM)
@dmartinezrubio For your Transit Gateway
disabling both default route table association and propagation means that no TGW default route table is created, so the VPC attachment
and
tgw-att-spoke-vpcshould havetransit_gateway_default_route_table_association = falseandtransit_gateway_default_route_table_propagation = false(the default for both these attributes istrue).Alternatively you can enable both
default_route_table_associationanddefault_route_table_propagationin the TGW.To add to this: If you keep the TGW configuration as:
So both parameters are on disable on the TGW resources, this is because otherwise if you create a VPC attachment it will automatically connect itself to the default route table and rout table propagation. This causes an issue that if you create a VPC attachment later down the line, the resource will fail, because Terraform cannot remove it from the default and apply the new route table at the same time.
Now if you deploy the TGW like above, you also have to deploy your VPC attachment like this:
Otherwise it will give you this error:
MissingParameter: Missing required parameter in request: TransitGatewayRouteTableId.This is telling the module that there is no default route table to attach too, so you need the above on disabled
But you are still not out of the woods: Because each time you plan your environment via terraform, the following will show up:
Works by adding:
Maybe first steps would be to improve the documentation around this, I can help on it if you guys would like!
We probably should change the code so that
transit_gateway_default_route_table_propagationandtransit_gateway_default_route_table_associationhave no effect if the transit gateway has no equivalent default route table.