Direct Connect gateway multi-account support #8100
Comments
ewbankkit
added
the
enhancement
|
Requires AWS SDK v1.19.4: #8108
|
|
Looks like the functionality that needs to be added is VGW Association Proposal creation and acceptance. The creation also allows specifying which prefixes to advertise, and the prefixes cannot be modified after the Proposal is accepted. https://docs.aws.amazon.com/directconnect/latest/UserGuide/multi-account-associate-vgw.html |
|
The |
bflad
added
the
service/directconnect
|
Starting implementation of the following new resources to handle the cross-account pieces. 👍
|
Reference: #8100 Output from acceptance testing: ``` --- PASS: TestAccAwsDxGateway_basic (32.10s) ```
Reference: #8100 Output from acceptance testing: ``` --- PASS: TestAccDataSourceAwsDxGateway_Basic (36.63s) ```
Reference: #8100 Output from acceptance testing: ``` --- PASS: TestAccAwsDxGatewayAssociationProposal_disappears (56.84s) --- PASS: TestAccAwsDxGatewayAssociationProposal_basic (58.66s) --- PASS: TestAccAwsDxGatewayAssociationProposal_AllowedPrefixes (76.24s) ```
…ay_association_proposal resource Reference: #8100
|
First half of support submitted: #8320 The second half will likely be based off #8199 (either accepting new |
|
The first half of this support has been merged with the below:
@ewbankkit has offered development support for the second half of this (accepting proposals) later this week (#8320 (comment)). Thanks, @ewbankkit! 😄 Please do reach out if you have any questions or do not have time to complete this. |
|
OK, now I've started to implement the acceptance half of this and once the proposal is accepted a Direct Connect Gateway Association is created. |
|
So @ewbankkit per your last comment what would the workflow for this look like? An |
|
@noah-mercado I've changed my mind again 😄, third time lucky. I'm now leaning towards a new resource The workflow would be (based on this diagram): Account ZCreate Account ACreate Account ZCreate |
|
@ewbankkit Awesome :) . I definitely like that implementation a lot better. The async pattern of |
|
Proposed documentation: Resource: aws_dx_cross_account_gateway_associationAssociates a Direct Connect Gateway with a VGW in another AWS Account. For single account associations, see the To create a cross-account association, create an Example Usageprovider "aws" {
# Creator's credentials.
}
provider "aws" {
alias = "accepter"
# Accepter's credentials.
}
# Creator's side of the proposal.
data "aws_caller_identity" "creator" {}
resource "aws_vpc" "example" {
cidr_block = "10.255.255.0/28"
}
resource "aws_vpn_gateway" "example" {
vpc_id = "${aws_vpc.example.id}"
}
resource "aws_dx_gateway_association_proposal" "example" {
dx_gateway_id = "${aws_dx_gateway.example.id}"
dx_gateway_owner_account_id = "${aws_dx_gateway.example.owner_account_id}"
vpn_gateway_id = "${aws_vpn_gateway.example.id}"
}
# Accepter's side of the proposal.
resource "aws_dx_gateway" "example" {
provider = "aws.accepter"
name = "example"
amazon_side_asn = "64512"
}
resource "aws_dx_cross_account_gateway_association" "example" {
provider = "aws.accepter"
proposal_id = "${aws_dx_gateway_association_proposal.example.id}"
dx_gateway_id = "${aws_dx_gateway.example.id}"
vpn_gateway_owner_account_id = "${data.aws_caller_identity.creator.account_id}"
}Argument ReferenceThe following arguments are supported:
Attributes ReferenceIn addition to all arguments above, the following attributes are exported:
|
|
After a (hopefully) final round of mind-changing after starting the work to support transit gateways in the Example Usageprovider "aws" {
# Creator's credentials.
}
provider "aws" {
alias = "accepter"
# Accepter's credentials.
}
# Creator's side of the proposal.
data "aws_caller_identity" "creator" {}
resource "aws_vpc" "example" {
cidr_block = "10.255.255.0/28"
}
resource "aws_vpn_gateway" "example" {
vpc_id = "${aws_vpc.example.id}"
}
resource "aws_dx_gateway_association_proposal" "example" {
dx_gateway_id = "${aws_dx_gateway.example.id}"
dx_gateway_owner_account_id = "${aws_dx_gateway.example.owner_account_id}"
associated_gateway_id = "${aws_vpn_gateway.example.id}"
}
# Accepter's side of the proposal.
resource "aws_dx_gateway" "example" {
provider = "aws.accepter"
name = "example"
amazon_side_asn = "64512"
}
resource "aws_dx_gateway_association" "example" {
provider = "aws.accepter"
proposal_id = "${aws_dx_gateway_association_proposal.example.id}"
dx_gateway_id = "${aws_dx_gateway.example.id}"
associated_gateway_owner_account_id = "${data.aws_caller_identity.creator.account_id}"
} |
|
The second half of this support (accepting proposals) has been released in version 2.12.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Community Note
Direct Connect gateway multi-account support announced.
The text was updated successfully, but these errors were encountered: