Issue with subnet association TGW

hafan · February 7, 2020, 10:00am

Hi,

I am facing issue with transit gateway association. I tried everything, but really don’t understand why isn’t working. I need to create TGW association with private subnet.

Thank you

My variables:

variable “AWS_REGION” {
default = “eu-central-1”
}

variable “public-subnet-mapping” {
description = “Lists the public subnets to be created in their respective AZ.”

default = [
{
name = “SB_VPC_CZECH-APPSTREAM-ICS-DMZ-PUB_A”
az = “eu-central-1a”
cidr = “192.168.112.0/25”
},
{
name = “SB_VPC_CZECH-APPSTREAM-ICS-DMZ-PUB_B”
az = “eu-central-1b”
cidr = “192.168.112.128/25”
},
{
name = “SB_VPC_CZECH-APPSTREAM-ICS-DMZ-PUB_C”
az = “eu-central-1c”
cidr = “192.168.113.0/25”
},
]
}

variable “private-subnet-mapping” {
description = “Lists the private subnets to be created in their respective AZ.”

default = [
{
name = “SB_VPC_CZECH-APPSTREAM-ICS-DMZ-INT_A”
az = “eu-central-1a”
cidr = “192.168.113.128/25”
},
{
name = “SB_VPC_CZECH-APPSTREAM-ICS-DMZ-INT_B”
az = “eu-central-1b”
cidr = “192.168.114.0/25”
},
{
name = “SB_VPC_CZECH-APPSTREAM-ICS-DMZ-INT_C”
az = “eu-central-1c”
cidr = “192.168.114.128/25”
},
{
name = “SB_VPC_CZECH-APPSTREAM-ICS-DMZ-EXT_A”
az = “eu-central-1a”
cidr = “192.168.115.0/25”
},
{
name = “SB_VPC_CZECH-APPSTREAM-ICS-DMZ-EXT_B”
az = “eu-central-1b”
cidr = “192.168.115.128/25”
},
{
name = “SB_VPC_CZECH-APPSTREAM-ICS-DMZ-EXT_C”
az = “eu-central-1c”
cidr = “192.168.116.0/25”
},
]
}

in my code everything work instead resource "aws_ec2_transit_gateway_vpc_attachment"

resource “aws_vpc” “VPC_CZECH-ICS” {
cidr_block = “192.168.112.0/21”
enable_dns_support = “true” #gives you an internal domain name
enable_dns_hostnames = “true” #gives you an internal host name
enable_classiclink = “false”
instance_tenancy = “default”

tags = {
    Name = "VPC_CZECH-ICS"
}

}

/*
Public Subnet block
*/

resource “aws_subnet” “public” {
count = length(var.public-subnet-mapping)

cidr_block = lookup(var.public-subnet-mapping[count.index], “cidr”)
vpc_id = aws_vpc.VPC_CZECH-ICS.id
availability_zone = lookup(var.public-subnet-mapping[count.index], “az”)

tags = {
Name = lookup(var.public-subnet-mapping[count.index], “name”)
}
}

resource “aws_route_table” “RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PUB” {
vpc_id = aws_vpc.VPC_CZECH-ICS.id

route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.IGW_VPC_CZECH-ICS.id
}
tags = {
  Name = "RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PUB"
}

}

resource “aws_route_table_association” “RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PUB” {
count = length(var.public-subnet-mapping)
subnet_id = element(aws_subnet.public.*.id,count.index)
route_table_id = aws_route_table.RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PUB.id
}

/*
NAT Gateway
*/

resource “aws_internet_gateway” “IGW_VPC_CZECH-ICS” {
vpc_id = aws_vpc.VPC_CZECH-ICS.id

tags = {
  Name = "IGW_VPC_CZECH-ICS"
}

}

/*
Private Subnet block
*/

resource “aws_subnet” “private” {
count = length(var.private-subnet-mapping)

cidr_block = lookup(var.private-subnet-mapping[count.index], “cidr”)
vpc_id = aws_vpc.VPC_CZECH-ICS.id
availability_zone = lookup(var.private-subnet-mapping[count.index], “az”)

tags = {
Name = lookup(var.private-subnet-mapping[count.index], “name”)
}
}

resource “aws_route_table” “RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PRI” {
vpc_id = aws_vpc.VPC_CZECH-ICS.id

tags = {
  Name = "RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PRI"
}

}

resource “aws_route_table_association” “RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PRI” {
count = length(var.private-subnet-mapping)
subnet_id = element(aws_subnet.private.*.id,count.index)
route_table_id = aws_route_table.RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PRI.id
}

/*
Transit gateway attachment
*/

resource “aws_ec2_transit_gateway_vpc_attachment” “TGW-ICS” {
count = 3
vpc_id = aws_vpc.VPC_CZECH-ICS.id
subnet_ids = aws_subnet.private[count.index]
transit_gateway_id = “tgw-0bc59e0c54ae8a943”

}

the error which I got:

aws_vpc.VPC_CZECH-ICS: Refreshing state… [id=vpc-041f0f9915dfc8c75]

aws_internet_gateway.IGW_VPC_CZECH-ICS: Refreshing state… [id=igw-0ee081dae8b777428]

aws_route_table.RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PRI: Refreshing state… [id=rtb-0bdc5cfdb20260032]

aws_subnet.public[1]: Refreshing state… [id=subnet-08bfcaa7a6a07785d]

aws_subnet.public[2]: Refreshing state… [id=subnet-0b252cd45cd909235]

aws_subnet.public[0]: Refreshing state… [id=subnet-0061248e1d2a80d30]

aws_subnet.private[0]: Refreshing state… [id=subnet-057347b1f4179a93f]

aws_subnet.private[5]: Refreshing state… [id=subnet-056ad631837c27847]

aws_subnet.private[4]: Refreshing state… [id=subnet-0e2d09ba6b7d0bd3d]

aws_subnet.private[3]: Refreshing state… [id=subnet-018f3b3458d4e4a7b]

aws_subnet.private[2]: Refreshing state… [id=subnet-067768a900607f1f4]

aws_subnet.private[1]: Refreshing state… [id=subnet-09d9d0a9eff86fd22]

aws_route_table.RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PUB: Refreshing state… [id=rtb-0f72ad3241e796de7]

aws_route_table_association.RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PRI[5]: Refreshing state… [id=rtbassoc-085227cd115d0b081]

aws_route_table_association.RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PRI[0]: Refreshing state… [id=rtbassoc-031b5a6392cb494a1]

aws_route_table_association.RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PRI[1]: Refreshing state… [id=rtbassoc-02915627e2cd18f45]

aws_route_table_association.RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PRI[4]: Refreshing state… [id=rtbassoc-0a5a950569925aba2]

aws_route_table_association.RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PRI[2]: Refreshing state… [id=rtbassoc-0f1374463fdbc4472]

aws_route_table_association.RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PRI[3]: Refreshing state… [id=rtbassoc-0cf10e7ab83538a67]

aws_route_table_association.RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PUB[2]: Refreshing state… [id=rtbassoc-004cb4bdd7d8ea9fa]

aws_route_table_association.RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PUB[1]: Refreshing state… [id=rtbassoc-0dc66fa1b8d87fd82]

aws_route_table_association.RTB_VPC_CZECH-APPSTREAM-ICS-DMZ_PUB[0]: Refreshing state… [id=rtbassoc-076968be0daaae356]

Error: Invalid index

on vpc_ics_prod.tf line 102, in resource “aws_ec2_transit_gateway_vpc_attachment” “TGW-ICS”:

102: subnet_ids = aws_subnet.private[count.index]

|----------------

| aws_subnet.private is empty tuple

| count.index is 0

The given key does not identify an element in this collection value.

Error: Invalid index

on vpc_ics_prod.tf line 102, in resource “aws_ec2_transit_gateway_vpc_attachment” “TGW-ICS”:

102: subnet_ids = aws_subnet.private[count.index]

|----------------

| aws_subnet.private is empty tuple

| count.index is 2

The given key does not identify an element in this collection value.

Error: Invalid index

on vpc_ics_prod.tf line 102, in resource “aws_ec2_transit_gateway_vpc_attachment” “TGW-ICS”:

102: subnet_ids = aws_subnet.private[count.index]

|----------------

| aws_subnet.private is empty tuple

| count.index is 1

The given key does not identify an element in this collection value.

bentterp · February 8, 2020, 4:41am

This is a good place to read for this issue, I think

I’d say that

subnet_id = element(aws_subnet.public.*.id,count.index)

should be

subnet_id = element(aws_subnet.public[*].id,count.index)

dsantanu · February 8, 2020, 11:46pm

I think public.*.id and public[*].id both should work (atleast that is the case for me) but I noticed in the resource “aws_ec2_transit_gateway_vpc_attachment” “TGW-ICS” you haven’t provided a list to subnet_ids. So, if I’m not mistaken, the line should be:

subnet_ids = [aws_subnet.private[count.index].id]

if you really want that way. I’d have thought you actually need something like this instead:

subnet_ids = [aws_subnet.private[*].id]

hafan · February 10, 2020, 8:23am

I tried it. But i got the same error. I am really frustrated, because I am pretty sure that everything is correct.

resource "aws_ec2_transit_gateway_vpc_attachment" "TGW-ICS" {
count = 3
vpc_id = aws_vpc.VPC_CZECH-ICS.id
subnet_ids         = element(aws_subnet.public[*].id,count.index)
transit_gateway_id = "tgw-0bc59e0c54ae8a943"

}

michaladam@Michals-MacBook-Pro AWS Terraform % terraform apply