Aviatrix Terraform Provider - resource 'aviatrix_spoke_transit_attachment'

Question

Hello Aviatrix Community,  
 I am experimenting with the Terraform provider. I cannot seem to get the aviatrix_spoke_transit_attachment to work. I keep getting the error below, and it appears to be a catch 22? It is requiring that activemesh be disabled, but activemesh doesn't appear to be capable of being disabled when provisioning a transit or spoke via those Terraform resources. I've attempted to explicitly set the activemesh to disabled, but it turns on anyways & taints that TF resource.   
 With that said, I can attach my terraform-generated gateways in the Controller GUI (version 6.6) without issue, and I can replicate those URL Encoded actions via Python Requests without issue.  
 Does anyone know any workarounds or simply point out what I am doing wrong?  
  
 ╷
 │ Error: couldn't disable Active Mode for Aviatrix Transit Gateway: rest API disable_gateway_activemesh Post failed: Valid action required: disable_gateway_activemesh
 │
 │   with aviatrix_transit_gateway.AWS-US-E2-TRNST-GW,
 │ on main.tf line 72, in resource "aviatrix_transit_gateway" "AWS-US-E2-TRNST-GW": 
 │   72: resource "aviatrix_transit_gateway" "AWS-US-E2-TRNST-GW" {
 │
 ╵
 ╷
 │ Error: couldn't disable Active Mode for Aviatrix Spoke Gateway: rest API disable_gateway_activemesh Post failed: Valid action required: disable_gateway_activemesh
 │
 │   with aviatrix_spoke_gateway.AWS-US-E2-SHR-SVCS-SPOKE-GW,
 │ on main.tf line 88, in resource "aviatrix_spoke_gateway" "AWS-US-E2-SHR-SVCS-SPOKE-GW": 
 │   88: resource "aviatrix_spoke_gateway" "AWS-US-E2-SHR-SVCS-SPOKE-GW" {
 │
 ╵
 ╷
 │ Error: couldn't disable Active Mode for Aviatrix Spoke Gateway: rest API disable_gateway_activemesh Post failed: Valid action required: disable_gateway_activemesh
 │
 │   with aviatrix_spoke_gateway.AWS-US-W2-BU1-MONO-SPOKE-GW,
 │ on main.tf line 105, in resource "aviatrix_spoke_gateway" "AWS-US-W2-BU1-MONO-SPOKE-GW": 
 │  105: resource "aviatrix_spoke_gateway" "AWS-US-W2-BU1-MONO-SPOKE-GW" {
 │
 ╵  
 C:Terraform>
 
--------------------------------------------------------------------------------------------------------------------

# Configure Aviatrix provider source and version
 terraform {
   required_providers {
     aviatrix = {
       source = "AviatrixSystems/aviatrix"
       version = "2.20.1"
     }
   }
 }  
 # Configure Aviatrix provider
 provider "aviatrix" {
   controller_ip           = var.controller_ip
   username                = "admin"
   password                = "P@ssw0rd"
   skip_version_validation = true
 }  
 # Onboard AWS Account
 resource "aviatrix_account" "aws_account" {
   account_name       = var.aws_acct_num
   cloud_type         = 1
   aws_iam            = false
   aws_account_number = var.aws_acct_num
   aws_access_key     = var.aws_key_id
   aws_secret_key     = var.aws_key_value
 }  
 # Create US-East-2 Transit VPC
 resource "aviatrix_vpc" "AWS-US-E2-TRNST-VPC" {
   cloud_type           = 1
   account_name         = var.aws_acct_num
   region               = "us-east-2"
   name                 = "AWS-US-E2-TRNST-VPC"
   cidr                 = "30.1.0.0/20"
   aviatrix_transit_vpc = true
   aviatrix_firenet_vpc = false
   depends_on           = [
       aviatrix_account.aws_account,
   ]
 }  
 # Create US-East-2 Shared Services VPC
 resource "aviatrix_vpc" "AWS-US-E2-SHR-SVCS-VPC" {
   cloud_type           = 1
   account_name         = var.aws_acct_num
   region               = "us-east-2"
   name                 = "AWS-US-E2-SHR-SVCS-VPC"
   cidr                 = "30.0.1.0/24"
   aviatrix_transit_vpc = false
   aviatrix_firenet_vpc = false
   depends_on           = [
       aviatrix_account.aws_account,
   ]
 }  
 # Create US-WEST-2 BU1 VPC
 resource "aviatrix_vpc" "AWS-US-W2-BU1-MONO-VPC" {
   cloud_type           = 1
   account_name         = var.aws_acct_num
   region               = "us-west-2"
   name                 = "AWS-US-W2-BU1-MONO-VPC"
   cidr                 = "30.0.2.0/24"
   aviatrix_transit_vpc = false
   aviatrix_firenet_vpc = false
   depends_on           = [
       aviatrix_account.aws_account,
   ]
 }  
 # Create an Aviatrix AWS Transit Network Gateway
 resource "aviatrix_transit_gateway" "AWS-US-E2-TRNST-GW" {
   cloud_type               = 1
   account_name             = var.aws_acct_num
   gw_name                  = "AWS-US-E2-TRNST-GW"
   vpc_id                   = aviatrix_vpc.AWS-US-E2-TRNST-VPC.vpc_id
   vpc_reg                  = "us-east-2"
   gw_size                  = "t2.micro"
   subnet                   = aviatrix_vpc.AWS-US-E2-TRNST-VPC.public_subnets[0].cidr
   tags                     = {
     name = "aviatrix"
   }
   enable_hybrid_connection = false
   connected_transit        = true
   enable_active_mesh       = false
 }  
 # Create an Aviatrix AWS SS Spoke Gateway
 resource "aviatrix_spoke_gateway" "AWS-US-E2-SHR-SVCS-SPOKE-GW" {
   cloud_type                        = 1
   account_name                      = var.aws_acct_num
   gw_name                           = "AWS-US-E2-SHR-SVCS-SPOKE-GW"
   vpc_id                            = aviatrix_vpc.AWS-US-E2-SHR-SVCS-VPC.vpc_id
   vpc_reg                           = "us-east-2"
   gw_size                           = "t2.micro"
   subnet                            = aviatrix_vpc.AWS-US-E2-SHR-SVCS-VPC.public_subnets[0].cidr
   single_ip_snat                    = false
   manage_transit_gateway_attachment = false
   allocate_new_eip                  = true
   enable_active_mesh                = false
   tags                              = {
     name = "aviatrix"
   }
 }  
 # Create an Aviatrix AWS BU1 Spoke Gateway
 resource "aviatrix_spoke_gateway" "AWS-US-W2-BU1-MONO-SPOKE-GW" {
   cloud_type                        = 1
   account_name                      = var.aws_acct_num
   gw_name                           = "AWS-US-W2-BU1-MONO-SPOKE-GW"
   vpc_id                            = aviatrix_vpc.AWS-US-W2-BU1-MONO-VPC.vpc_id
   vpc_reg                           = "us-west-2"
   gw_size                           = "t2.micro"
   subnet                            = aviatrix_vpc.AWS-US-W2-BU1-MONO-VPC.public_subnets[0].cidr
   single_ip_snat                    = false
   manage_transit_gateway_attachment = false
   allocate_new_eip                  = true
   enable_active_mesh                = false
   tags                              = {
     name = "aviatrix"
   }
 }  
 # Create an Aviatrix Spoke Transit Attachment
 resource "aviatrix_spoke_transit_attachment" "SS-SPOKE_TRNST_ATTACHMENT" {
   spoke_gw_name   = aviatrix_spoke_gateway.AWS-US-E2-SHR-SVCS-SPOKE-GW.gw_name
   transit_gw_name = aviatrix_transit_gateway.AWS-US-E2-TRNST-GW.gw_name
 }
 resource "aviatrix_spoke_transit_attachment" "BU1-SPOKE_TRNST_ATTACHMENT" {
   spoke_gw_name   = aviatrix_spoke_gateway.AWS-US-W2-BU1-MONO-SPOKE-GW.gw_name
   transit_gw_name = aviatrix_transit_gateway.AWS-US-E2-TRNST-GW.gw_name
 }

Dennis_Hagens · Accepted Answer

Hi Trevor, good to see you're working with our Terraform provider.

Couple of notes on active mesh. You're going to want to set enable_active_mesh to true, as having it disabled is a legacy capability. In addition, per controller version 6.6 and provider version 2.21.x, configuring active mesh is no longer supported and needs to be removed from your Terraform code. In 2.20.x, the provider will throw a warning if it's configured, to let you know to remove it on updating.

Also, please be aware that we have off the shelve modules, to simplify adoption of deployment through Terraform. You can choose to use them, or leverage them for code examples.

https://registry.terraform.io/modules/terraform-aviatrix-modules/mc-transit/aviatrix/latest

https://registry.terraform.io/modules/terraform-aviatrix-modules/mc-spoke/aviatrix/latest

Please let me know if you have any further questions.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded