Bug when creating a VPC attachment into the TGW shared from different account

[dr-oceanng]

Description

Hi There!

I trying to create a TGW in an account and shared it with another account, let's call them "Account A" and "Account B" respectively.

Both "aws_ec2_transit_gateway_route_table_association.this" and "aws_ec2_transit_gateway_route_table_propagation.this" were failed to create in "Account B" module.

Error: Invalid index

  on .terraform/modules/shared_tgw/main.tf line 93, in resource "aws_ec2_transit_gateway_route_table_association" "this":
  93:   transit_gateway_route_table_id = coalesce(lookup(each.value, "transit_gateway_route_table_id", null), var.transit_gateway_route_table_id, aws_ec2_transit_gateway_route_table.this[0].id)
    |----------------
    | aws_ec2_transit_gateway_route_table.this is empty tuple

The given key does not identify an element in this collection value.


Error: Invalid index

  on .terraform/modules/shared_tgw/main.tf line 101, in resource "`aws_ec2_transit_gateway_route_table_propagation`" "this":
 101:   transit_gateway_route_table_id = coalesce(lookup(each.value, "transit_gateway_route_table_id", null), var.transit_gateway_route_table_id, aws_ec2_transit_gateway_route_table.this[0].id)
    |----------------
    | aws_ec2_transit_gateway_route_table.this is empty tuple

The given key does not identify an element in this collection value.

It seems like bugs in these lines:

• https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/blob/master/main.tf#L93
• https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/blob/master/main.tf#L101

The "Account B" module is trying to provision with create_tgw = false, hence "aws_ec2_transit_gateway_route_table.this" will not be created. I guess the lines above failed because it trying to references aws_ec2_transit_gateway_route_table.this[0].id which is a null object, hence getting Invalid index error.

Versions

• Terraform: v0.12.31
• Provider(s): v3.40.0
• Module: 2.1.0

Reproduction

Steps to reproduce the behavior:

• Create a module that will create TGW and enable sharing
• Create another module that not create TGW, but referencing the Shared TGW and TGW Routing table populate by the first module.

Code Snippet to Reproduce

Account A

module "tgw" {
  source  = "terraform-aws-modules/transit-gateway/aws"
  version = "2.1.0"

  name            = "internal-it-tgw"
  description     = "Account A"
  share_tgw       = true
  create_tgw      = true
  ram_principals  = var.ram_shared_tgw_principals

  ram_allow_external_principals         = true
  enable_auto_accept_shared_attachments = true

  providers = {
    aws = aws.account-a
  }
}

Account B (shared)

module "shared_tgw" {
  source  = "terraform-aws-modules/transit-gateway/aws"
  version = "2.1.0"

  name        = "shared-tgw"
  share_tgw   = true
  create_tgw  = false

  ram_resource_share_arn         = module.tgw.ram_resource_share_id
  transit_gateway_route_table_id = module.tgw.ec2_transit_gateway_route_table_id

  vpc_attachments = {
    vpc = {
      vpc_id      = var.aws_vpc_id
      subnet_ids  = var.aws_subnets_ids
      tgw_id      = module.tgw.ec2_transit_gateway_id
      dns_support = true

      transit_gateway_default_route_table_association = false
      transit_gateway_default_route_table_propagation = false

      tgw_routes = [
        {
            destination_cidr_block = var.cidr_block
        },
        {
            blackhole              = true
            destination_cidr_block = "0.0.0.0/0"
        }
      ]
    }
  }


  providers = {
    aws = aws.account-b
  }
}

Expected behavior

Able to associate the routing table to Account B VPC attachment.

Actual behavior

Failed due to the suspected bug mentioned above.

Terminal Output Screenshot(s)

Refer to the output above.

[frdvo]

Same thing here

Terraform: v1.0.0
Provider(s): v3.44.0

[lgallard]

Same issue here:

Terraform: v0.14.11
Provider(s): v3.46.0
Module: v2.4.0

[DanOfir]

same issue:

Terraform: v1.0.2
Provider: v3.49.0
Module: v2.5.0

[tmiroslav]

Same issue here.

Terraform: v0.14.11
Provider: v3.59.0
Module: v2.5.0

Any resent resolution? I see PR opened.

[github-actions]

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

[github-actions]

This issue was automatically closed because of stale in 10 days

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.