Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DuplicateTransitGatewayAttachment: has non-deleted Transit Gateway Attachments with same VPC ID. #10852

Open
ryanmckeague opened this issue Nov 12, 2019 · 4 comments
Open

DuplicateTransitGatewayAttachment: has non-deleted Transit Gateway Attachments with same VPC ID. #10852

ryanmckeague opened this issue Nov 12, 2019 · 4 comments
Labels
service/ec2 Issues and PRs that pertain to the ec2 service.

Comments

@ryanmckeague
Copy link

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

0.11.11

Affected Resource(s)

aws_ec2_transit_gateway_vpc_attachment

Terraform Configuration Files

VPC module in use: https://github.com/terraform-aws-modules/terraform-aws-vpc

module "vpc" {
  source = "/terraform-aws-vpc"

  #version = "1.72.0"

  name                 = "dalet-${var.env}"
  cidr                 = "10.0.0.0/16"
  azs                  = ["us-east-1a", "us-east-1b"]
  private_subnets      = ["10.0.1.0/24"]
  database_subnets     = ["10.0.2.0/24", "10.0.3.0/24"]                 #NOTE: 2x or more subnets are required
  intra_subnets        = ["10.0.4.0/24", "10.0.5.0/24"]
  enable_nat_gateway   = false
  enable_dns_hostnames = true
  enable_dns_support   = true

  enable_s3_endpoint   = true



  enable_monitoring_endpoint              = true
  monitoring_endpoint_private_dns_enabled = false
  monitoring_endpoint_security_group_ids  = ["${data.aws_security_group.default.id}"]
  enable_logs_endpoint                    = true
  logs_endpoint_private_dns_enabled       = false
  logs_endpoint_security_group_ids        = ["${data.aws_security_group.default.id}"]
  enable_events_endpoint                  = true
  events_endpoint_private_dns_enabled     = false
  events_endpoint_security_group_ids      = ["${data.aws_security_group.default.id}"]

  enable_cloudtrail_endpoint              = true
  cloudtrail_endpoint_private_dns_enabled = false
  cloudtrail_endpoint_security_group_ids  = ["${data.aws_security_group.default.id}"]

  enable_ssm_endpoint              = true
  ssm_endpoint_private_dns_enabled = false
  ssm_endpoint_security_group_ids  = ["${data.aws_security_group.default.id}"]

  enable_ssmmessages_endpoint              = true
  ssmmessages_endpoint_private_dns_enabled = false
  ssmmessages_endpoint_security_group_ids  = ["${data.aws_security_group.default.id}"]

}
data "aws_ec2_transit_gateway" "tgw_us_east_1" {
  id = "tgw-#############"
}
resource "aws_ec2_transit_gateway_vpc_attachment" "intra_az1_tgw_attachment" {
  count               = "${length(module.vpc.azs)}"
  subnet_ids         = ["${module.vpc.intra_subnets[count.index]}"]
  transit_gateway_id = "${data.aws_ec2_transit_gateway.tgw_us_east_1.id}"
  vpc_id             = "${module.vpc.vpc_id}"
}

Debug Output

Panic Output

Expected Behavior

2x Transit Gateway attachments should have been made. 1x to each subnet ID (each in a different AZ) defined in intra_subnets.

Actual Behavior

Error due to VPC ID being the same for each Transit Gateway attachment. VPC ID should be the same as the attachments are being made to 2x separate AZs within the same VPC.

Steps to Reproduce

  1. terraform apply

Important Factoids

Running TF v0.11.11 as that is a requirement for the version running in TFE that will be deployed to.

References

  • #0000
@ghost ghost added the service/ec2 Issues and PRs that pertain to the ec2 service. label Nov 12, 2019
@jason-mclaughlin-sp
Copy link

If I understand what you're attempting to do(create two transit gateway attachments on a single VPC to the same transit gateway), that's not supported in AWS. While a VPC can have up to 5 transit gateway attachments, you can only have one attachment between the same VPC and transit gateway pair.

@devopseze
Copy link

An error occurred (DuplicateTransitGatewayAttachment) when calling the CreateTransitGatewayVpcAttachment operation: tgw-08ab8b4becc0f50e4 has non-deleted Transit Gateway Attachments with same VPC ID.
Please looking where the issue is going from.

@sergey-safarov
Copy link

When you attach a VPC to a transit gateway, you must specify one subnet from each Availability Zone to be used by the transit gateway to route traffic. Specifying one subnet from an Availability Zone enables traffic to reach resources in every subnet in that Availability Zone.

https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpc-attachments.html

@udxiaoxin
Copy link

udxiaoxin commented Jul 18, 2022
edited

There is a same issue in my terraform code, the terraform try to create a new TGW gateway attachment which already exists in our AWS account. We try to import the duplicated attachment, then terraform try to delete and recreate the attachment.

I have try to manually changed the attributes of existing attachment to match it. They are exactly the same

The aws provider version is 3.73.0.

Any thoughts?

@ewbankkit ewbankkit mentioned this issue Jul 25, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
service/ec2 Issues and PRs that pertain to the ec2 service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sergey-safarov @udxiaoxin @ryanmckeague @devopseze @jason-mclaughlin-sp