Skip to content

[Enhancement] Add support for Site-to-Site VPN Concentrator #45175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ewbankkit merged 21 commits into from
Nov 24, 2025
Merged

[Enhancement] Add support for Site-to-Site VPN Concentrator #45175

ewbankkit merged 21 commits into from
Nov 24, 2025

Conversation

@ddericco
Copy link
Contributor

@ddericco ddericco commented Nov 20, 2025
edited
Loading

Rollback Plan

If a change needs to be reverted, we will publish an updated version of the library.

Changes to Security Controls

n/a

Description

Adds support for VPN Concentrator in AWS Site-to-Site VPN.

  • New resource aws_vpn_concentrator
  • Add attribute vpn_concentrator_id to resource aws_vpn_connection

Notes:

  • The API lists transitGatewayId as optional, but not including it results in an API error “MissingParameter: The request must contain the parameter transitGatewayId”. Additionally, the documentation points out this is only supported on TGW today. I’m checking to see if this needs to be fixed in the API docs.
  • On create, the aws_vpn_concentrator resource creates a separate TGW attachment resource. It’s possible to delete the aws_vpn_concentrator resource before it moves from “Pending” to “Available”, which then decouples it from the TGW attachment still in “Pending”. This was noticeable in testing where the aws_vpn_concentrator resource was deleted, but not the TGW attachment. As a result, the TGW could not be deleted and would be considered a dangling resource. To address this, the Delete waiter function checks both the VPN concentrator resource state and the TGW attachment state and ensures both are deleted before considering the resource “deleted”. If there’s a better/more preferred way to manage this, let me know.

Relations

Closes #45158

References

Output from Acceptance Testing

% make testacc TESTS='TestAccEC2VPNConcentrator_*' PKG=ec2 ACCTEST_PARALLELISM=4
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
make: Running acceptance tests on branch: 🌿 f-aws_vpn_concentrator 🌿...
TF_ACC=1 go1.24.10 test ./internal/service/ec2/... -v -count 1 -parallel 4 -run='TestAccEC2VPNConcentrator_*'  -timeout 360m -vet=off
2025/11/20 20:29:27 Creating Terraform AWS Provider (SDKv2-style)...
2025/11/20 20:29:27 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccEC2VPNConcentrator_basic
=== PAUSE TestAccEC2VPNConcentrator_basic
=== RUN   TestAccEC2VPNConcentrator_tags
=== PAUSE TestAccEC2VPNConcentrator_tags
=== CONT  TestAccEC2VPNConcentrator_basic
=== CONT  TestAccEC2VPNConcentrator_tags
--- PASS: TestAccEC2VPNConcentrator_tags (485.96s)
--- PASS: TestAccEC2VPNConcentrator_basic (523.49s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/ec2  523.640s

% make testacc TESTS='TestAccSiteVPNConnection_vpnConcentratorID' PKG=ec2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
make: Running acceptance tests on branch: 🌿 f-aws_vpn_concentrator 🌿...
TF_ACC=1 go1.24.10 test ./internal/service/ec2/... -v -count 1 -parallel 20 -run='TestAccSiteVPNConnection_vpnConcentratorID'  -timeout 360m -vet=off
2025/11/20 20:41:31 Creating Terraform AWS Provider (SDKv2-style)...
2025/11/20 20:41:31 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccSiteVPNConnection_vpnConcentratorID
=== PAUSE TestAccSiteVPNConnection_vpnConcentratorID
=== CONT  TestAccSiteVPNConnection_vpnConcentratorID
--- PASS: TestAccSiteVPNConnection_vpnConcentratorID (1307.44s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/ec2  1307.589s

@github-actions
Copy link
Contributor

github-actions bot commented Nov 20, 2025

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. generators Relates to code generators. service/vpnsite Issues and PRs that pertain to the vpnsite service. size/XL Managed by automation to categorize the size of a PR. partner Contribution from a partner. labels Nov 20, 2025
@ddericco ddericco marked this pull request as ready for review November 20, 2025 22:07
@ddericco ddericco requested a review from a team as a code owner November 20, 2025 22:07
@ewbankkit ewbankkit added new-resource Introduces a new resource. enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels Nov 22, 2025
@ewbankkit ewbankkit self-assigned this Nov 22, 2025
@github-actions github-actions bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Nov 22, 2025
@github-actions github-actions bot added the service/vpc Issues and PRs that pertain to the vpc service. label Nov 23, 2025
ewbankkit
ewbankkit previously approved these changes Nov 23, 2025
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccSiteVPNConcentrator_\|TestAccSiteVPNConnection_vpnConcentratorID\|TestAccSiteVPNConnection_basic' PKG=ec2 ACCTEST_PARALLELISM=3
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
make: Running acceptance tests on branch: 🌿 HEAD 🌿...
TF_ACC=1 go1.24.10 test ./internal/service/ec2/... -v -count 1 -parallel 3  -run=TestAccSiteVPNConcentrator_\|TestAccSiteVPNConnection_vpnConcentratorID\|TestAccSiteVPNConnection_basic -timeout 360m -vet=off
2025/11/23 16:53:38 Creating Terraform AWS Provider (SDKv2-style)...
2025/11/23 16:53:38 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccSiteVPNConcentrator_basic
=== PAUSE TestAccSiteVPNConcentrator_basic
=== RUN   TestAccSiteVPNConcentrator_disappears
=== PAUSE TestAccSiteVPNConcentrator_disappears
=== RUN   TestAccSiteVPNConcentrator_tags
=== PAUSE TestAccSiteVPNConcentrator_tags
=== RUN   TestAccSiteVPNConnection_basic
=== PAUSE TestAccSiteVPNConnection_basic
=== RUN   TestAccSiteVPNConnection_vpnConcentratorID
=== PAUSE TestAccSiteVPNConnection_vpnConcentratorID
=== CONT  TestAccSiteVPNConcentrator_basic
=== CONT  TestAccSiteVPNConnection_basic
=== CONT  TestAccSiteVPNConcentrator_tags
--- PASS: TestAccSiteVPNConnection_basic (244.19s)
=== CONT  TestAccSiteVPNConnection_vpnConcentratorID
--- PASS: TestAccSiteVPNConcentrator_tags (499.00s)
=== CONT  TestAccSiteVPNConcentrator_disappears
--- PASS: TestAccSiteVPNConcentrator_basic (499.96s)
--- PASS: TestAccSiteVPNConcentrator_disappears (467.22s)
--- PASS: TestAccSiteVPNConnection_vpnConcentratorID (764.15s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	1013.912s

jar-b
jar-b reviewed Nov 24, 2025
View reviewed changes
@ewbankkit
Copy link
Contributor

ewbankkit commented Nov 24, 2025 

% make testacc TESTARGS='-run=TestAccSiteVPNConnectionDataSource_' PKG=ec2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
make: Running acceptance tests on branch: 🌿 HEAD 🌿...
TF_ACC=1 go1.24.10 test ./internal/service/ec2/... -v -count 1 -parallel 20  -run=TestAccSiteVPNConnectionDataSource_ -timeout 360m -vet=off
2025/11/24 11:32:15 Creating Terraform AWS Provider (SDKv2-style)...
2025/11/24 11:32:15 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccSiteVPNConnectionDataSource_basic
=== PAUSE TestAccSiteVPNConnectionDataSource_basic
=== RUN   TestAccSiteVPNConnectionDataSource_byFilter
=== PAUSE TestAccSiteVPNConnectionDataSource_byFilter
=== RUN   TestAccSiteVPNConnectionDataSource_nonExistentId
=== PAUSE TestAccSiteVPNConnectionDataSource_nonExistentId
=== RUN   TestAccSiteVPNConnectionDataSource_noInput
=== PAUSE TestAccSiteVPNConnectionDataSource_noInput
=== CONT  TestAccSiteVPNConnectionDataSource_basic
=== CONT  TestAccSiteVPNConnectionDataSource_nonExistentId
=== CONT  TestAccSiteVPNConnectionDataSource_byFilter
=== CONT  TestAccSiteVPNConnectionDataSource_noInput
--- PASS: TestAccSiteVPNConnectionDataSource_noInput (1.74s)
--- PASS: TestAccSiteVPNConnectionDataSource_nonExistentId (2.68s)
--- PASS: TestAccSiteVPNConnectionDataSource_basic (259.70s)
--- PASS: TestAccSiteVPNConnectionDataSource_byFilter (290.45s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	297.267s

jar-b
jar-b approved these changes Nov 24, 2025
View reviewed changes
Copy link
Member

@jar-b jar-b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

@ewbankkit
Copy link
Contributor

ewbankkit commented Nov 24, 2025

@ddericco Thanks for the contribution 🎉 👏.

@ewbankkit ewbankkit merged commit 43d84e0 into hashicorp:main Nov 24, 2025
44 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Nov 24, 2025

Warning

This Issue has been closed, meaning that any additional comments are much easier for the maintainers to miss. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

@github-actions github-actions bot added this to the v6.23.0 milestone Nov 24, 2025
@github-actions github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Nov 26, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Nov 26, 2025

This functionality has been released in v6.23.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@ewbankkit ewbankkit mentioned this pull request Nov 26, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ewbankkit ewbankkit ewbankkit left review comments

@jar-b jar-b jar-b approved these changes

Assignees

@ewbankkit ewbankkit

Labels

documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. generators Relates to code generators. new-resource Introduces a new resource. partner Contribution from a partner. service/vpc Issues and PRs that pertain to the vpc service. service/vpnsite Issues and PRs that pertain to the vpnsite service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.

Projects

None yet

Milestone

v6.23.0

Development

Successfully merging this pull request may close these issues.

VPN Concentrator

3 participants

@ddericco @ewbankkit @jar-b