(aws-ec2): Feature request: please create a method to lookup a Transit Gateway given a filter.

[mmarseglia]

Description

Please create a method to lookup a Transit Gateway given a filter.

Use Case

I have a network architecture using a shared services network account. That network account has a Transit Gateway shared via Resource Access Manager.

I'm deploying an app into another account that uses the shared Transit Gateway. I want to create a VPC attachment to the Transit Gateway. I need the Transit Gateway ID to create the attachment.

There is no way to obtain the Transit Gateway ID with the CDK, I would have to use the SDK. https://stackoverflow.com/questions/69456504/how-do-i-obtain-the-properties-of-an-existing-transit-gateway-with-the-cdk/69473852#69473852

Proposed Solution

const tgw = new CfnTransitGatway.lookup(this, 'TGW', {
  tags: [{
    name: "foo",
    value: "bar"
    }],
});

const tgwId = tgw.attrId;

Other information

No response

Acknowledge

• I may be able to implement this feature request
• This feature might incur a breaking change

[mrpackethead]

There are many things like this, where there is no "lookup" for the ID... I have exactly the same scenerio as you with TransitGateways/Attachements. The Transit Gateway is shared to other accounts using RAM. One of the challenges with that, is that the tags dont' get shared across with the shared resource.. I make calls to the api for this.

Under the covers, when CDK does 'lookups' its using sdk calls to get your information. There is no crime being committed if you do this yourself either. However pay attention to thinking about if these kind of lookups should be deterministic, and if you should cache the lookup result ( much like other lookups do ).

[alisade]

+1, the current solution is to do a custom resource with a describe-transit-gateways API call https://docs.aws.amazon.com/cdk/api/latest/docs/custom-resources-readme.html#custom-resources-for-aws-apis

or as a Cfn Export to get the Id of the transit gateway

  private getTGWId() {
    const TGWCustomResource = new customResource.AwsCustomResource(
      this,
      "TGWId",
      {
        onUpdate: {
          service: "EC2",
          action: "describeTransitGateways",
          parameters: {
            MaxResults: 1,
          },
          physicalResourceId:
            customResource.PhysicalResourceId.of("ImportedTGW"),
        },
        policy: customResource.AwsCustomResourcePolicy.fromSdkCalls({
          resources: customResource.AwsCustomResourcePolicy.ANY_RESOURCE,
        }),
      }
    );
    return TGWCustomResource.getResponseField(
      "TransitGateways.0.TransitGatewayId"
    );
  }

[njlynch]

Thanks for the feature request @mmarseglia , and for the implementation, @alisade!

I am unassigning and marking this issue as p2, which means that we are unable to work on this immediately. We use +1s to help prioritize our work, and are happy to revaluate this issue based on community feedback. You can reach out to the cdk.dev community on Slack to solicit support for reprioritization.

Please also see aws/aws-cdk-rfcs#139, which is a general RFC proposal for a more generic and re-usable way to have lookups for resources in the CDK.

[tdalbo92]

I would get a lot of usefulness from this proposed functionality. I'm currently trying to manage multiple VPC creations and attachments across multiple accounts, and without the ability to lookup the Transit Gateway, I have to use different stacks completely to do this. It would be so much better from a developer experience standpoint to have a single stack to manage all of these attachments and Transit Gateway creation.

Although the Custom Resource solution would work, it feels like a stopgap rather than a comprehensive, well architected solution.