Skip to content

[Enhancement] Add support for Site-to-Site VPN Concentrator #45175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 17 commits into
base: main
Choose a base branch
from
Open

[Enhancement] Add support for Site-to-Site VPN Concentrator #45175

wants to merge 17 commits into from

Conversation

@ddericco
Copy link
Contributor

@ddericco ddericco commented Nov 20, 2025
edited
Loading

Rollback Plan

If a change needs to be reverted, we will publish an updated version of the library.

Changes to Security Controls

n/a

Description

Adds support for VPN Concentrator in AWS Site-to-Site VPN.

  • New resource aws_vpn_concentrator
  • Add attribute vpn_concentrator_id to resource aws_vpn_connection

Notes:

  • The API lists transitGatewayId as optional, but not including it results in an API error “MissingParameter: The request must contain the parameter transitGatewayId”. Additionally, the documentation points out this is only supported on TGW today. I’m checking to see if this needs to be fixed in the API docs.
  • On create, the aws_vpn_concentrator resource creates a separate TGW attachment resource. It’s possible to delete the aws_vpn_concentrator resource before it moves from “Pending” to “Available”, which then decouples it from the TGW attachment still in “Pending”. This was noticeable in testing where the aws_vpn_concentrator resource was deleted, but not the TGW attachment. As a result, the TGW could not be deleted and would be considered a dangling resource. To address this, the Delete waiter function checks both the VPN concentrator resource state and the TGW attachment state and ensures both are deleted before considering the resource “deleted”. If there’s a better/more preferred way to manage this, let me know.

Relations

Closes #45158

References

Output from Acceptance Testing

% make testacc TESTS='TestAccEC2VPNConcentrator_*' PKG=ec2 ACCTEST_PARALLELISM=4
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
make: Running acceptance tests on branch: 🌿 f-aws_vpn_concentrator 🌿...
TF_ACC=1 go1.24.10 test ./internal/service/ec2/... -v -count 1 -parallel 4 -run='TestAccEC2VPNConcentrator_*'  -timeout 360m -vet=off
2025/11/20 20:29:27 Creating Terraform AWS Provider (SDKv2-style)...
2025/11/20 20:29:27 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccEC2VPNConcentrator_basic
=== PAUSE TestAccEC2VPNConcentrator_basic
=== RUN   TestAccEC2VPNConcentrator_tags
=== PAUSE TestAccEC2VPNConcentrator_tags
=== CONT  TestAccEC2VPNConcentrator_basic
=== CONT  TestAccEC2VPNConcentrator_tags
--- PASS: TestAccEC2VPNConcentrator_tags (485.96s)
--- PASS: TestAccEC2VPNConcentrator_basic (523.49s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/ec2  523.640s

% make testacc TESTS='TestAccSiteVPNConnection_vpnConcentratorID' PKG=ec2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
make: Running acceptance tests on branch: 🌿 f-aws_vpn_concentrator 🌿...
TF_ACC=1 go1.24.10 test ./internal/service/ec2/... -v -count 1 -parallel 20 -run='TestAccSiteVPNConnection_vpnConcentratorID'  -timeout 360m -vet=off
2025/11/20 20:41:31 Creating Terraform AWS Provider (SDKv2-style)...
2025/11/20 20:41:31 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccSiteVPNConnection_vpnConcentratorID
=== PAUSE TestAccSiteVPNConnection_vpnConcentratorID
=== CONT  TestAccSiteVPNConnection_vpnConcentratorID
--- PASS: TestAccSiteVPNConnection_vpnConcentratorID (1307.44s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/ec2  1307.589s

@github-actions
Copy link
Contributor

github-actions bot commented Nov 20, 2025

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. generators Relates to code generators. service/vpnsite Issues and PRs that pertain to the vpnsite service. size/XL Managed by automation to categorize the size of a PR. partner Contribution from a partner. labels Nov 20, 2025
@ddericco ddericco marked this pull request as ready for review November 20, 2025 22:07
@ddericco ddericco requested a review from a team as a code owner November 20, 2025 22:07
@ewbankkit ewbankkit added new-resource Introduces a new resource. enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels Nov 22, 2025
@ewbankkit ewbankkit self-assigned this Nov 22, 2025
@github-actions github-actions bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Nov 22, 2025
@github-actions github-actions bot added the service/vpc Issues and PRs that pertain to the vpc service. label Nov 23, 2025
ewbankkit
ewbankkit approved these changes Nov 23, 2025
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccSiteVPNConcentrator_\|TestAccSiteVPNConnection_vpnConcentratorID\|TestAccSiteVPNConnection_basic' PKG=ec2 ACCTEST_PARALLELISM=3
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
make: Running acceptance tests on branch: 🌿 HEAD 🌿...
TF_ACC=1 go1.24.10 test ./internal/service/ec2/... -v -count 1 -parallel 3  -run=TestAccSiteVPNConcentrator_\|TestAccSiteVPNConnection_vpnConcentratorID\|TestAccSiteVPNConnection_basic -timeout 360m -vet=off
2025/11/23 16:53:38 Creating Terraform AWS Provider (SDKv2-style)...
2025/11/23 16:53:38 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccSiteVPNConcentrator_basic
=== PAUSE TestAccSiteVPNConcentrator_basic
=== RUN   TestAccSiteVPNConcentrator_disappears
=== PAUSE TestAccSiteVPNConcentrator_disappears
=== RUN   TestAccSiteVPNConcentrator_tags
=== PAUSE TestAccSiteVPNConcentrator_tags
=== RUN   TestAccSiteVPNConnection_basic
=== PAUSE TestAccSiteVPNConnection_basic
=== RUN   TestAccSiteVPNConnection_vpnConcentratorID
=== PAUSE TestAccSiteVPNConnection_vpnConcentratorID
=== CONT  TestAccSiteVPNConcentrator_basic
=== CONT  TestAccSiteVPNConnection_basic
=== CONT  TestAccSiteVPNConcentrator_tags
--- PASS: TestAccSiteVPNConnection_basic (244.19s)
=== CONT  TestAccSiteVPNConnection_vpnConcentratorID
--- PASS: TestAccSiteVPNConcentrator_tags (499.00s)
=== CONT  TestAccSiteVPNConcentrator_disappears
--- PASS: TestAccSiteVPNConcentrator_basic (499.96s)
--- PASS: TestAccSiteVPNConcentrator_disappears (467.22s)
--- PASS: TestAccSiteVPNConnection_vpnConcentratorID (764.15s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	1013.912s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

@ewbankkit ewbankkit

Labels

documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. generators Relates to code generators. new-resource Introduces a new resource. partner Contribution from a partner. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. service/vpc Issues and PRs that pertain to the vpc service. service/vpnsite Issues and PRs that pertain to the vpnsite service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

VPN Concentrator

2 participants

@ddericco @ewbankkit