Terraform-provider-aws: Add support of dns resolution on inter-region vpc peering

Created on 5 Dec 2018  ·  19Comments  ·  Source: hashicorp/terraform-provider-aws

Hi
a few weeks ago AWS announced the support of dns resolution across multi-region vpc peering.
I tried to use it but I got the following error 

Error modifying VPC Peering Connection Options: OperationNotPermitted: Modifying VPC peering connection options AllowEgressFromLocalClassicLinkToRemoteVpc, AllowEgressFromLocalVpcToRemoteClassicLink is not supported for cross-region VPC peering connections

It seems that when we set allow_remote_vpc_dns_resolution option , the provider try to set the 3 available options which 2 of them are not supported.

Terraform Version

terraform version : 0.11.10

Affected Resource(s)

  • aws_vpc_peering_connection
  • aws_vpc_peering_connection_accepter
  • aws_vpc_peering_connection_options

Terraform Configuration Files

Here is my code 

resource "aws_vpc_peering_connection_options" "options_requester" {
  vpc_peering_connection_id = "${aws_vpc_peering_connection.to_main_region.id}"

  requester {
    allow_remote_vpc_dns_resolution = true
  }
}

Expected Behavior

Just change the dns resolution option

Actual Behavior

Try to set all three options.

Steps to Reproduce

Create an inter-region peering with dns resolution

bug servicec2
Source
picture tdegiacinto
👍35

Most helpful comment

Support for this has been merged and will release with version 2.31.0 of the Terraform AWS Provider, next Thursday. Thanks to @ewbankkit for the implementation work.

picture bflad on 27 Sep 2019
🎉21

All 19 comments

See also here.

ewbankkit picture ewbankkit on 6 Dec 2018

This is the announcement.

ewbankkit picture ewbankkit on 6 Dec 2018

Oh nice. We can close this issue.

tdegiacinto picture tdegiacinto on 6 Dec 2018

@tdegiacinto Actually could you please reopen. The referenced PR did not address the cross-region case correctly and it would be nice to have a fresh issue to keep track. Thanks.

ewbankkit picture ewbankkit on 6 Dec 2018

same issue here, getting the following error for enabling cross region DNS resolution:

Error: Error applying plan:

2 error(s) occurred:

* aws_vpc_peering_connection_options.requester: 1 error(s) occurred:

* aws_vpc_peering_connection_options.requester: Error modifying VPC Peering Connection Options: OperationNotPermitted: Modifying VPC peering connection options AllowEgressFromLocalClassicLinkToRemoteVpc, AllowEgressFromLocalVpcToRemoteClassicLink is not supported for cross-region VPC peering connections
        status code: 400, request id: 2e6f012a-a2cf-45e0-a2ab-1d209f038f16
* aws_vpc_peering_connection_options.destintation: 1 error(s) occurred:

* aws_vpc_peering_connection_options.destintation: Error modifying VPC Peering Connection Options: OperationNotPermitted: Modifying VPC peering connection options AllowEgressFromLocalClassicLinkToRemoteVpc, AllowEgressFromLocalVpcToRemoteClassicLink is not supported for cross-region VPC peering connections
        status code: 400, request id: 706cf983-37e3-484e-93a8-3f67af4e0cbf

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

the connection options is inspired from the example docs here :

resource "aws_vpc_peering_connection_options" "requester" {
  vpc_peering_connection_id = "${aws_vpc_peering_connection.peer.id}"

  requester {
    allow_remote_vpc_dns_resolution = true
  }
}

resource "aws_vpc_peering_connection_options" "destintation" {
  provider                  = "aws.accepter"
  vpc_peering_connection_id = "${aws_vpc_peering_connection.peer.id}"

  accepter {
    allow_remote_vpc_dns_resolution = true
  }
}

Any estimated time of resolution for this one @ewbankkit ?

imdhruva picture imdhruva on 9 May 2019

I need to rebase the PR to fix merge conflicts.

ewbankkit picture ewbankkit on 9 May 2019

We're facing this too. Hopefully the PR gets merged soon.

jalaziz picture jalaziz on 14 May 2019

I can confirm this PR fixes the problem

tristan-weil picture tristan-weil on 16 May 2019

is this merged or still open?

tprakash17 picture tprakash17 on 10 Jun 2019

This hasn't been merged yet, and the problem still exists.

zelch picture zelch on 11 Jun 2019

@tprakash17 @zelch Please add a 👍 reaction to this issue if you haven't done so already.

ewbankkit picture ewbankkit on 11 Jun 2019

this is a blocker for me. any updates on this?

nickvelo picture nickvelo on 19 Jun 2019

Any update?

bgrabows1 picture bgrabows1 on 12 Jul 2019

Sharing my temporary/dirty workaround for this issue till this issue gets released:

resource "aws_vpc_peering_connection_accepter" "current-to-us-east-1" {
  vpc_peering_connection_id = aws_vpc_peering_connection.current-to-us-east-1[0].id
  auto_accept               = true

  tags     = var.default_tags
  provisioner "local-exec" {
    command = "aws --profile ${var.aws_profile} --region ${var.main_vpc_details["region"]} ec2 modify-vpc-peering-connection-options --vpc-peering-connection-id ${aws_vpc_peering_connection.current-to-us-east-1[0].id} --accepter-peering-connection-options AllowDnsResolutionFromRemoteVpc=true"
  }
  provisioner "local-exec" {
    command = "aws --profile ${var.aws_profile} --region ${var.vpc_details["region"]} ec2 modify-vpc-peering-connection-options --vpc-peering-connection-id ${aws_vpc_peering_connection.current-to-us-east-1[0].id} --requester-peering-connection-options AllowDnsResolutionFromRemoteVpc=true"
  }
  provider = aws.us_east
}

Not ideal since it requires the CLI to be present and configured, but keeps every step of the provisioning process in terraform.

francis-edejer picture francis-edejer on 22 Aug 2019

Is there any news on this? It's a blocker for us too, we're wondering what needs to be done to get this fix released.

completenovice picture completenovice on 28 Aug 2019

@completenovice, you can track progress here: https://github.com/terraform-providers/terraform-provider-aws/pull/7627. It looks pretty close to done.

walkafwalka picture walkafwalka on 28 Aug 2019
👍1

Support for this has been merged and will release with version 2.31.0 of the Terraform AWS Provider, next Thursday. Thanks to @ewbankkit for the implementation work.

bflad picture bflad on 27 Sep 2019
🎉21

This has been released in version 2.31.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

hashibot[bot] picture hashibot[bot] on 3 Oct 2019

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] picture hashibot[bot] on 1 Nov 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

joelittlejohn picture joelittlejohn  ·  3Comments
hashibot picture hashibot  ·  3Comments
ghost picture ghost  ·  3Comments
reedloden picture reedloden  ·  3Comments
modax picture modax  ·  3Comments