Aws_networkmanager_vpc_attachment and routing_policy_label

Terraform Providers AWS
1

We create our VPCs in one repo using the aws_networkmanager_vpc_attachment resource. The AWS Account that the Cloud WAN core network is in allows attachments from our other accounts and puts the VPCs in the correct segment based on the TAGS that are passed into the aws_networkmanager_vpc_attachment resource.

This has worked fine until we wanted to also then use the routing_policy_label argument. When we add this argument we get an error saying ValidationException: Cannot put routing policy label without ownership of core network.

│ Error: creating Network Manager VPC (arn:aws:ec2:us-east-1:123456789111:vpc/vpc-XXXXXXXXXXXX) Attachment (core-network-XXXXXXXXXXXXXX): operation error NetworkManager: CreateVpcAttachment, https response error StatusCode: 400, RequestID: c1098e92-c006-4c61-8927-8a3365b13194, ValidationException: Cannot put routing policy label without ownership of core network.
│
│   with module.eks_vpc_non_production["us-east-1-hpc123"].aws_networkmanager_vpc_attachment.main[0],
│   on modules/eks_vpc_networking/attachments.tf line 27, in resource "aws_networkmanager_vpc_attachment" "main":
│   27: resource "aws_networkmanager_vpc_attachment" "main" {
│

If we try to create the aws_networkmanager_vpc_attachment with a provider that assumes a role in the Network account then we get a different error. ValidationException: Resource is not owned by caller.

│ Error: creating Network Manager VPC (arn:aws:ec2:us-east-1:123456789111:vpc/vpc-XXXXXXXXXXXX) Attachment (core-network-XXXXXXXXXXXXXX): operation error NetworkManager: CreateVpcAttachment, https response error StatusCode: 400, RequestID: 42b1b9b5-e715-4750-8bed-94922666938c, ValidationException: Resource is not owned by caller.
│
│   with module.eks_vpc_non_production["us-east-1-hpc123"].aws_networkmanager_vpc_attachment.main[0],
│   on modules/eks_vpc_networking/attachments.tf line 27, in resource "aws_networkmanager_vpc_attachment" "main":
│   27: resource "aws_networkmanager_vpc_attachment" "main" {
│

So I cannot figure out how we can use the aws_networkmanager_vpc_attachment resource if we cannot use it from the VPC account or the Network account. If anyone has any suggestions or workaround it would be helpful.