[Enhancement]: aws_ec2_network_insights_path update to support path destinations same as aws console

[robwdux]

Description

destination - (Required) ID or ARN of the resource which is the source of the path. Can be an Instance, Internet Gateway, Network Interface, Transit Gateway, VPC Endpoint, VPC Peering Connection or VPN Gateway. If the resource is in another account, you must specify an ARN.

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_network_insights_path

Update to add current options available through AWS Console.

Testing internet access is not quite possible especially when using AWS Network Firewall, you are forced to configure GWLB endpoint and do not capture a full network path with intermediates as can be done in AWS Console.

Affected Resource(s) and/or Data Source(s)

aws_ec2_network_insights_path

Potential Terraform Configuration

resource "aws_ec2_network_insights_path" "internet_access" {
  source           = aws_network_interface.ra_pvt_subnet.id
  destination_ip   = "1.1.1.1"
  destination_port = 443
  protocol         = "tcp"
}

References

No response

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[robwdux]

API seems to be the issue here.

The API does not require destination however Terraform does. Maybe resolution is to make it optional so one could simply specify destination_ip and destination_port in lieu of a destination as resource id / arn.

https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInsightsPath.html

[abhinavgrover15]

In latest version, still all the destination options are not provided. Is there any ETA on this.

[github-actions]

Warning

This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[github-actions]

This functionality has been released in v5.55.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[michal-kosinski]

After defining those parameters in the aws_ec2_network_insights_path resource:

sources
destination_ip
destination_port
protocol

an error appears:

Error: creating EC2 Network Insights Path: operation error EC2: CreateNetworkInsightsPath, https response error StatusCode: 400, RequestID: c3096b6d-5547-4629-bd38-741f0da76c85, api error MissingParameter: The request must include either the Destination parameter or the FilterAtSource.DestinationAddress parameter. Add the required parameter and retry the request.

anyone got a similar error? Does anything else need to be changed? Seems that FilterAtSource.DestinationAddress parameter cannot be added within aws_ec2_network_insights_path resource.

[JonathanPartain]

@michal-kosinski I am getting the same error as well.

[michal-kosinski]

@JonathanPartain thanks for the confirmation, reported as #38132

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.