Resource: awsDxGatewayAssociation
Associates a Direct Connect Gateway with a VGW or transit gateway.
To create a cross-account association, create an awsDxGatewayAssociationProposal
resource in the AWS account that owns the VGW or transit gateway and then accept the proposal in the AWS account that owns the Direct Connect Gateway by creating an awsDxGatewayAssociation
resource with the proposalId
and associatedGatewayOwnerAccountId
attributes set.
Example Usage
VPN Gateway Association
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsDxGatewayExample = new aws.dxGateway.DxGateway(this, "example", {
amazonSideAsn: "64512",
name: "example",
});
const awsVpcExample = new aws.vpc.Vpc(this, "example_1", {
cidrBlock: "10.255.255.0/28",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcExample.overrideLogicalId("example");
const awsVpnGatewayExample = new aws.vpnGateway.VpnGateway(this, "example_2", {
vpcId: awsVpcExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpnGatewayExample.overrideLogicalId("example");
const awsDxGatewayAssociationExample =
new aws.dxGatewayAssociation.DxGatewayAssociation(this, "example_3", {
associatedGatewayId: awsVpnGatewayExample.id,
dxGatewayId: awsDxGatewayExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsDxGatewayAssociationExample.overrideLogicalId("example");
Transit Gateway Association
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsDxGatewayExample = new aws.dxGateway.DxGateway(this, "example", {
amazonSideAsn: "64512",
name: "example",
});
const awsEc2TransitGatewayExample = new aws.ec2TransitGateway.Ec2TransitGateway(
this,
"example_1",
{}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsEc2TransitGatewayExample.overrideLogicalId("example");
const awsDxGatewayAssociationExample =
new aws.dxGatewayAssociation.DxGatewayAssociation(this, "example_2", {
allowedPrefixes: ["10.255.255.0/30", "10.255.255.8/30"],
associatedGatewayId: awsEc2TransitGatewayExample.id,
dxGatewayId: awsDxGatewayExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsDxGatewayAssociationExample.overrideLogicalId("example");
Allowed Prefixes
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsDxGatewayExample = new aws.dxGateway.DxGateway(this, "example", {
amazonSideAsn: "64512",
name: "example",
});
const awsVpcExample = new aws.vpc.Vpc(this, "example_1", {
cidrBlock: "10.255.255.0/28",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpcExample.overrideLogicalId("example");
const awsVpnGatewayExample = new aws.vpnGateway.VpnGateway(this, "example_2", {
vpcId: awsVpcExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpnGatewayExample.overrideLogicalId("example");
const awsDxGatewayAssociationExample =
new aws.dxGatewayAssociation.DxGatewayAssociation(this, "example_3", {
allowedPrefixes: ["210.52.109.0/24", "175.45.176.0/22"],
associatedGatewayId: awsVpnGatewayExample.id,
dxGatewayId: awsDxGatewayExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsDxGatewayAssociationExample.overrideLogicalId("example");
A full example of how to create a VPN Gateway in one AWS account, create a Direct Connect Gateway in a second AWS account, and associate the VPN Gateway with the Direct Connect Gateway via the awsDxGatewayAssociationProposal
and awsDxGatewayAssociation
resources can be found in the /examples/dxGatewayCrossAccountVgwAssociation
directory within the Github Repository.
Argument Reference
\~> NOTE: dxGatewayId
and associatedGatewayId
must be specified for single account Direct Connect gateway associations.
The following arguments are supported:
dxGatewayId
- (Required) The ID of the Direct Connect gateway.associatedGatewayId
- (Optional) The ID of the VGW or transit gateway with which to associate the Direct Connect gateway. Used for single account Direct Connect gateway associations.associatedGatewayOwnerAccountId
- (Optional) The ID of the AWS account that owns the VGW or transit gateway with which to associate the Direct Connect gateway. Used for cross-account Direct Connect gateway associations.proposalId
- (Optional) The ID of the Direct Connect gateway association proposal. Used for cross-account Direct Connect gateway associations.allowedPrefixes
- (Optional) VPC prefixes (CIDRs) to advertise to the Direct Connect gateway. Defaults to the CIDR block of the VPC associated with the Virtual Gateway. To enable drift detection, must be configured.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The ID of the Direct Connect gateway association resource.associatedGatewayType
- The type of the associated gateway,transitGateway
orvirtualPrivateGateway
.dxGatewayAssociationId
- The ID of the Direct Connect gateway association.dxGatewayOwnerAccountId
- The ID of the AWS account that owns the Direct Connect gateway.
Timeouts
create
- (Default30M
)update
- (Default30M
)delete
- (Default30M
)
Import
Direct Connect gateway associations can be imported using dxGatewayId
together with associatedGatewayId
, e.g.,