Porting Transit Gateway module example to cdktf

pri · September 14, 2020, 10:13pm

I’m running into errors while porting the reference example from Terraform Transit Gateway module using cdktf.

cdktf.json

{
  "language": "python",
  "app": "pipenv run python main.py",
  "terraformProviders": ["aws@~> 2.0"],
  "terraformModules": [ 
    "terraform-aws-modules/vpc/aws",
    "terraform-aws-modules/transit-gateway/aws"
  ],
  "codeMakerOutput": "imports"
}

app.py:

    #!/usr/bin/env python
    from constructs import Construct
    from cdktf import App, TerraformStack, Token, TerraformOutput
    from imports.aws import SnsTopic, AwsProvider, DataAwsCallerIdentity
    from imports.terraform_aws_modules.vpc.aws import Vpc
    from imports.terraform_aws_modules.transit_gatway.aws import TransitGateway


    class MyStack(TerraformStack):
        def __init__(self, scope: Construct, ns: str):
            super().__init__(scope, ns)

        AwsProvider(self, 'Aws', region='us-west-2')

        vpc1 = Vpc(self, 'AriVpc2',
            name = 'ari-vpc1',
            cidr = '10.10.0.0/16',
            azs = ['us-west-2a', 'us-west-2b', 'us-west-2c'],
            private_subnets = ['10.10.1.0/24', '10.10.2.0/24', '10.10.3.0/24'],
            public_subnets = ['10.10.101.0/24', '10.10.102.0/24', '10.10.103.0/24'],
            enable_nat_gateway = True)

        vpc2 = Vpc(self, 'AriVpc2',
            name = 'ari-vpc2',
            cidr = '10.20.0.0/16',
            azs = ['us-west-2a', 'us-west-2b', 'us-west-2c'],
            private_subnets = ['10.20.1.0/24', '10.20.2.0/24', '10.20.3.0/24'])    

        TransitGateway(self, 'AriTGW',
            name = 'ari-tgw',
            amazon_side_asn = '64632',
            enable_auto_accept_shared_attachements = True,
            vpc_attachments = {{
                vpc1: {
                        vpc_id: vpc1.id,
                        subnet_ids: vpc1.cloudformation_endpoint_subnet_ids,
                        dns_support: True,
                        ipv6_support: True,
                        transit_gateway_default_route_table_association: False,
                        transit_gateway_default_route_table_propagation: False,   
                        tgw_routes: [
                            {
                                destination_cidr_block: "30.0.0.0/16"
                            },
                            {
                                blackhole: True,
                                destination_cidr_block: "0.0.0.0/0"
                            }   
                        ]
                    },
               vpc2: {
                        vpc_id: vpc2.id,
                        subnet_ids: vpc2.cloudformation_endpoint_subnet_ids,
                        tgw_routes: [
                            {
                             destination_cidr_block: "50.0.0.0/16"
                            },
                            {
                                blackhole: True,
                                destination_cidr_block: "10.10.10.10/32"
                            }
                        ]
                    }
            }})


        TerraformOutput(self, 'create_user_arn',
            value=DataAwsCallerIdentity(self, 'current').arn)


    app = App()
    MyStack(app, "python-aws")

    app.synth()

Error:

$ cdktf get

(I can see transit_gateway/aws is imported in 'imports')

$ cdktf synth
      
⠋ synthesizing ...
Traceback (most recent call last):
File "main.py", line 6, in <module>
from imports.terraform_aws_modules.transit_gatway.aws 
import TransitGateway
⠸ synthesizing ...
non-zero exit code 1

What am I missing?

jsteinich · September 15, 2020, 4:31am

To start with, gateway is misspelled on the import.
Also need to change the construct id on vpc1.
I think some issues with vpc_attachments as well.

pri · September 15, 2020, 5:34am

Thanks for the typo fix How do you set the vpc ids? Terraform uses
‘data’ variables, I think.

jsteinich · September 15, 2020, 12:51pm

When using the vpc module, you’ll want to access vpc_id_output. If you have an existing vpc, you can use DataAwsVpc as a data source.

pri · September 15, 2020, 2:45pm

Where do you access vpc_id_output? Where should I import DataAwsVpc from?

jsteinich · September 15, 2020, 9:47pm

In the code you posted, it would be vpc1.vpc_id_output.
DataAwsVpc is in imports.aws

pri · September 17, 2020, 1:00am

I get the following not so helpful error now with fixes you suggested. I’m looking for a simple example to create two vpcs and create a transit gateway between them.

#!/usr/bin/env python
from constructs import Construct
from cdktf import App, TerraformStack, Token, TerraformOutput
from imports.aws import SnsTopic, AwsProvider, DataAwsCallerIdentity
from imports.terraform_aws_modules.vpc.aws import Vpc
from imports.terraform_aws_modules.transit_gateway.aws import TransitGateway


class MyStack(TerraformStack):
    def __init__(self, scope: Construct, ns: str):
        super().__init__(scope, ns)

        AwsProvider(self, 'Aws', region='us-west-2')

        vpc1 = Vpc(self, 'AriVpc1',
            name = 'ari-vpc1',
            cidr = '10.10.0.0/16',
            azs = ['us-west-2a', 'us-west-2b', 'us-west-2c'],
            private_subnets = ['10.10.1.0/24', '10.10.2.0/24', '10.10.3.0/24'],
            public_subnets = ['10.10.101.0/24', '10.10.102.0/24', '10.10.103.0/24'],
            enable_nat_gateway = True)

        vpc2 = Vpc(self, 'AriVpc2',
            name = 'ari-vpc2',
            cidr = '10.20.0.0/16',
            azs = ['us-west-2a', 'us-west-2b', 'us-west-2c'],
            private_subnets = ['10.20.1.0/24', '10.20.2.0/24', '10.20.3.0/24'])    

        TransitGateway(self, 'AriTGW',
            name = 'ari-tgw',
            amazon_side_asn = '64632',
            enable_auto_accept_shared_attachements = True,
            vpc_attachments = [{
                'vpc1': {
                        'vpc_id': vpc1.vpc_id_output,
                        'subnet_ids': vpc1.cloudformation_endpoint_subnet_ids,
                        'dns_support': True,
                        'ipv6_support': True,
                        'transit_gateway_default_route_table_association': False,
                        'transit_gateway_default_route_table_propagation': False,   
                        'tgw_routes': [
                            {
                                'destination_cidr_block': "30.0.0.0/16"
                            },
                            {
                                'blackhole': True,
                                'destination_cidr_block': "0.0.0.0/0"
                            }   
                        ]
                    },
               'vpc2': {
                        'vpc_id': vpc2.vpc_id_output,
                        'subnet_ids': vpc2.cloudformation_endpoint_subnet_ids,
                        'tgw_routes': [
                            {
                             'destination_cidr_block': "50.0.0.0/16"
                            },
                            {
                                'blackhole': True,
                                'destination_cidr_block': "10.10.10.10/32"
                            }
                        ]
                    }
            }])

        TerraformOutput(self, 'create_user_arn', value = DataAwsCallerIdentity(self, 'current').arn)


app = App()
MyStack(app, "python-aws")

app.synth()

Traceback (most recent call last):
  File "main.py", line 70, in <module>
    MyStack(app, "python-aws")
  File "/Users/.../lib/python3.8/site-packages/jsii/_runtime.py", line 69, in __call__
    inst = super().__call__(*args, **kwargs)
  File "main.py", line 29, in __init__
    TransitGateway(self, 'AribaTGW',
  File "/.../lib/python3.8/site-packages/jsii/_runtime.py", line 69, in __call__
    inst = super().__call__(*args, **kwargs)
⠙ synthesizing ...
non-zero exit code 1
(base)

Suggestions?

jsteinich · September 17, 2020, 2:06am

This gets closer:

#!/usr/bin/env python
from constructs import Construct
from cdktf import App, TerraformStack, Token, TerraformOutput
from imports.aws import SnsTopic, AwsProvider, DataAwsCallerIdentity
from imports.terraform_aws_modules.vpc.aws import Vpc
from imports.terraform_aws_modules.transit_gateway.aws import TransitGateway


class MyStack(TerraformStack):
    def __init__(self, scope: Construct, ns: str):
        super().__init__(scope, ns)

        AwsProvider(self, 'Aws', region='us-west-2')

        vpc1 = Vpc(self, 'AriVpc1',
            name = 'ari-vpc1',
            cidr = '10.10.0.0/16',
            azs = ['us-west-2a', 'us-west-2b', 'us-west-2c'],
            private_subnets = ['10.10.1.0/24', '10.10.2.0/24', '10.10.3.0/24'],
            public_subnets = ['10.10.101.0/24', '10.10.102.0/24', '10.10.103.0/24'],
            enable_nat_gateway = True)

        vpc2 = Vpc(self, 'AriVpc2',
            name = 'ari-vpc2',
            cidr = '10.20.0.0/16',
            azs = ['us-west-2a', 'us-west-2b', 'us-west-2c'],
            private_subnets = ['10.20.1.0/24', '10.20.2.0/24', '10.20.3.0/24'])    

        gateway = TransitGateway(self, 'AriTGW',
            name = 'ari-tgw',
            amazon_side_asn = '64632',
            enable_auto_accept_shared_attachments = True,
            vpc_attachments = {
                'vpc1': {
                        'vpc_id': vpc1.vpc_id_output,
                        'subnet_ids': vpc1.private_subnets_output,
                        'dns_support': True,
                        'ipv6_support': True,
                        'transit_gateway_default_route_table_association': False,
                        'transit_gateway_default_route_table_propagation': False,   
                        'tgw_routes': [
                            {
                                'destination_cidr_block': "30.0.0.0/16"
                            },
                            {
                                'blackhole': True,
                                'destination_cidr_block': "0.0.0.0/0"
                            }   
                        ]
                    },
               'vpc2': {
                        'vpc_id': vpc2.vpc_id_output,
                        'subnet_ids': vpc2.private_subnets_output,
                        'tgw_routes': [
                            {
                             'destination_cidr_block': "50.0.0.0/16"
                            },
                            {
                                'blackhole': True,
                                'destination_cidr_block': "10.10.10.10/32"
                            }
                        ]
                    }
            })

        TerraformOutput(self, 'create_user_arn', value = DataAwsCallerIdentity(self, 'current').arn)


app = App()
MyStack(app, "python-aws")

app.synth()

It then runs into a bug described in the module.

You could draw on what the module is doing and create the resources directly.

pri · September 17, 2020, 6:00am

Thanks a lot, appreciate your guidance. I do get a new error now on creation of TransitGateway, and would not have identified the root cause as the bug you referenced. How were you able to map this error to the existing bug?

File "main.py", line 29, in __init__
    TransitGateway(self, 'AriTGW',

jsteinich · September 17, 2020, 12:27pm

I don’t actually get an error at that point anymore. cdktf synth is successful for me. The error I see now comes when running cdktf diff.

As far as diagnosing other errors, I referred back to the module documentation and the generated typings in __init__.py files in the imports folder; making sure to fix any typos and to use valid outputs. I was just in a text editor, but a good IDE would have likely point out some of the issues.

Topic		Replies	Views
Error when i do cdktf synth for python Terraform	0	601	October 31, 2021
Example documentation for cdktf python is not pulling the correct libraries CDK for Terraform	4	1267	October 19, 2022
Deployment issue when implement CDK AWS Example using Python CDK for Terraform	1	568	March 17, 2023
Need Assistance w/ a CDKTF example CDK for Terraform	3	328	January 10, 2023
How can I pass values from Terraform modules to user data inputs in Terraform CDK? CDK for Terraform	13	1170	April 9, 2023

Porting Transit Gateway module example to cdktf

Related topics