Conversation
Add transit_gateway_id variable to allow users to provide an existing Transit Gateway ID instead of always creating a new one. This enables managing RAM sharing and VPC attachments for Transit Gateways created via AWS Console or CLI. Key changes: - Add transit_gateway_id variable (default: null) - Add local.transit_gateway_id to determine which TGW to use - Update TGW resource to only create when transit_gateway_id is null - Enable RAM sharing for existing TGWs - Add data sources for region and account ID (needed for ARN construction) - Update outputs to maintain backwards compatibility Backwards compatibility: - Default behavior unchanged (creates new TGW when transit_gateway_id is null) - No breaking changes to existing configurations - Output type remains string for backwards compatibility Use cases: - Manage existing console-created Transit Gateways with Terraform - Import existing TGW infrastructure without recreation - Gradual migration to infrastructure-as-code
- Add usage example for managing existing Transit Gateway - Add transit_gateway_id to inputs table - Clarify use cases for new vs existing TGW
|
There was a problem hiding this comment.
Pull request overview
This PR adds support for managing existing Transit Gateways that were created outside of Terraform (via AWS Console or CLI), enabling gradual migration to infrastructure-as-code without requiring resource recreation.
Changes:
- Introduces optional
transit_gateway_idvariable to reference existing Transit Gateways - Updates resource count conditions to prevent creating new TGW when existing ID is provided
- Enables RAM sharing functionality for both new and existing Transit Gateways
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| _variables.tf | Adds new optional transit_gateway_id variable with null default |
| _locals.tf | Implements logic to select between provided, created, or data source TGW ID |
| transit-gateway.tf | Updates resource counts to skip creation when existing TGW ID provided |
| ram.tf | Extends RAM sharing to work with existing TGWs and constructs ARN manually when needed |
| _outputs.tf | Modifies output to return provided TGW ID when available |
| _data.tf | Adds data sources for current region and account identity |
| README.md | Documents new usage pattern for existing Transit Gateways |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| transit_gateway_id = ( | ||
| var.transit_gateway_id != null ? var.transit_gateway_id : | ||
| var.transit_gateway_enabled ? aws_ec2_transit_gateway.default[0].id : | ||
| data.aws_ec2_transit_gateway.default[0].id |
There was a problem hiding this comment.
When var.transit_gateway_id is null and var.transit_gateway_enabled is false, this references data.aws_ec2_transit_gateway.default[0].id, but the data source only has count = try(var.attachment, false) ? 1 : 0 in _data.tf. If var.attachment is false, the data source won't exist, causing an index out of bounds error.
| data.aws_ec2_transit_gateway.default[0].id | |
| var.attachment ? data.aws_ec2_transit_gateway.default[0].id : null |
| count = var.transit_gateway_enabled || var.transit_gateway_id != null ? 1 : 0 | ||
|
|
||
| resource_arn = aws_ec2_transit_gateway.default[0].arn | ||
| resource_arn = var.transit_gateway_id != null ? "arn:aws:ec2:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:transit-gateway/${var.transit_gateway_id}" : aws_ec2_transit_gateway.default[0].arn |
There was a problem hiding this comment.
The ARN construction is duplicated as a long inline string. Consider extracting this to a local variable for better readability and maintainability.
README.md
Outdated
| transit_gateway_id = "tgw-0123456789abcdef0" | ||
| transit_gateway_enabled = true # Keep true to enable RAM sharing |
There was a problem hiding this comment.
The comment suggests keeping transit_gateway_enabled = true is required for RAM sharing with existing TGWs, but based on the logic in ram.tf line 2, RAM sharing is enabled when either var.transit_gateway_enabled is true OR var.transit_gateway_id != null. This documentation could be misleading.
| transit_gateway_id = "tgw-0123456789abcdef0" | |
| transit_gateway_enabled = true # Keep true to enable RAM sharing | |
| transit_gateway_id = "tgw-0123456789abcdef0" | |
| # RAM sharing is enabled when either transit_gateway_enabled is true or transit_gateway_id is set (as in this example). | |
| transit_gateway_enabled = false |
| @@ -1,5 +1,5 @@ | |||
| resource "aws_ec2_transit_gateway" "default" { | |||
| count = var.transit_gateway_enabled ? 1 : 0 | |||
| count = var.transit_gateway_id == null && var.transit_gateway_enabled ? 1 : 0 | |||
There was a problem hiding this comment.
This condition is duplicated in multiple resources (lines 2 and 43). Consider extracting to a local variable like local.create_transit_gateway for consistency and easier maintenance.
RAM sharing is enabled when either transit_gateway_enabled is true OR transit_gateway_id is set. Updated comment to reflect this.
Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request. If it fixes a bug or resolves a feature request, be sure to link to that issue.
Description
Add support for managing existing Transit Gateways created via AWS Console or CLI.
Changes
transit_gateway_idvariable (optional, default:null)Use Cases
Backwards Compatibility
✅ Fully backwards compatible - default behavior unchanged
Types of changes
What types of changes does your code introduce to <repo_name>?
Put an
xin the boxes that applyChecklist
Put an
xin the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.Further comments
If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...