Hi all. I’m creating an AWS VPC Peering connection...
# general
Hi all. I’m creating an AWS VPC Peering connection between two AWS accounts but a weird behaviour is happening. I have the account A as the requester and B as the accepter. When I create the peering connection in A I can’t have auto accept because they are different accounts (maybe I can’t do an IAM Role for this, but it is not desired). When I create the VPC Peering Connection (the requester) it goes into a “pending accept” state (what is expected) causing Pulumi to fail. When I run it again it runs successfully. Should it consider the “pending accept” as a valid state or am I missing something?
The accepter can be auto-accept.
Yes, but the issue happens in the requester. The accepter is already using auto-accept.
I've recently used pulumi to create vpc peering between differen accounts, this works for me without any issues:
export function createPeering( name: string, vpc: awsx.ec2.Vpc, provider: pulumi.ProviderResource, peerVpc: aws.ec2.Vpc, peerProvider: pulumi.ProviderResource, ) { const opts = { provider } const peerOpts = { provider: peerProvider } const peerOwnerId = pulumi.output(aws.getCallerIdentity(peerOpts)).accountId const peerRegion = pulumi.output(aws.getRegion({}, peerOpts)).name const peeringRequester = new aws.ec2.VpcPeeringConnection(
, { autoAccept: false, peerOwnerId, peerRegion, peerVpcId: peerVpc.id, vpcId: vpc.id, }, opts, ) const peeringAccepter = new aws.ec2.VpcPeeringConnectionAccepter(
, { autoAccept: true, vpcPeeringConnectionId: peeringRequester.id, }, peerOpts, ) const peeringRoute = new aws.ec2.Route(
, { destinationCidrBlock: vpc.vpc.cidrBlock, routeTableId: peerVpc.mainRouteTableId, vpcPeeringConnectionId: peeringAccepter.id, }, peerOpts, ) vpc.publicSubnets.forEach((subnet) => subnet.createRoute( 'toHub', { destinationCidrBlock: peerVpc.cidrBlock, vpcPeeringConnectionId: peeringRequester.id, }, opts, ), ) return { peeringAccepter, peeringRoute, } }
in my specific case it was easier for me to use awsx vpc as the requester and plain aws vpc as accepter, but this function could be easily adjusted