feat: expose amazon_side_asn variable#67
Merged
Veronika Gnilitska (gberenice) merged 1 commit intoMay 27, 2026
Merged
Conversation
Adds optional `amazon_side_asn` variable (default 64512, AWS default) plumbed through to the `aws_ec2_transit_gateway` resource. Required for use cases where multiple Transit Gateways must coexist with distinct private ASNs: * TGW-to-TGW peering (same or cross-region) — peering rejected when both sides share an ASN. * Direct Connect Gateway associations — each TGW associated with a DXGW must have a unique ASN. * BGP-based Site-to-Site VPN where multiple TGWs terminate against the same on-premises customer gateway. The variable defaults to 64512 (AWS provider default) so existing deployments are unaffected. Note that `amazon_side_asn` is ForceNew on the underlying resource — changing it destroys and recreates the TGW. Refs: * https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway#amazon_side_asn * https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TransitGatewayRequestOptions.html
PePe Amengual (jamengual)
requested review from
Jeremy White (dudymas) and
yangci (oycyc)
Contributor
Author
|
/terratest |
Veronika Gnilitska (gberenice)
merged commit 09e0f67
into
cloudposse:main
32 checks passed
Contributor
|
These changes were released in v0.13.1. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
what
Adds optional
amazon_side_asnvariable to the module (default64512, matching the AWS provider default) and plumbs it through to theaws_ec2_transit_gatewayresource.resource "aws_ec2_transit_gateway" "default" { ... + amazon_side_asn = var.amazon_side_asn auto_accept_shared_attachments = var.auto_accept_shared_attachments ... }why
The module currently does not expose
amazon_side_asn, so all Transit Gateways created by it share the AWS default ASN64512. This is a problem in several real-world deployments:In our SALUS landing zone we run two Transit Gateways (prod + non-prod) in the same account; without distinct ASNs we cannot move to BGP VPNs or DX in the future without destroying and recreating both TGWs (because `amazon_side_asn` is `ForceNew` on the underlying resource).
references
test