Comments (7)
For this first version, yes. It's something we would like to add to the solution in a future version, but wanted to get customer feedback about what sort of clean-up workflow they would like (or expect) to have in place for the following reasons:
- The solution currently automates the "northern" connections to VPCs, but does not automate the "southern" connections to customer networks. We are confident that newly created connections will not break additional customer configuration (because incremental "northern" connections are wrapped in their own VRF). However, we wanted to be careful about removing configurations because it's possible that a combination of adding/removing both automated and custom configuration could have unforeseen consequences.
- We were not sure what workflow customers would expect for deprovisioning. We thought of the approach you mentioned (e.g. remove the tag or change the tag value to "false"). But would customers prefer to simply delete the VGW rather than specially tag it before deletion?
- This solution is designed to support multiple accounts, which adds complexity to deprovisioning logic and decisions.
As a simple approach, a spoke VGW could be deleted, which will essentially leave the CSR with unused VRF connections. For some deployments, the extra configuration will be negligible, or could be cleaned up manually if desired.
How would you like clean-up to be triggered? Is simply removing (or modifying) the VGW tag sufficient?
from aws-transit-vpc.
Hi Steve,
Thanks for getting back to me.
I'd imagine clean up being triggered on tag removal, tag value change, or vgw removal would be fine.
from aws-transit-vpc.
Agreed on tag removal or value change.
from aws-transit-vpc.
ditto.... I would also like to see the clean-up triggered on the VGW tag removal.
from aws-transit-vpc.
I created a fork for testing clean-up as well as the ability to configure spoke preferred paths (for active/standby path creation rather than active/active). Clean up will occur if the transit VPC tag does not exist, or if it has any other value rather than the configured value (by default it is transitvpc:spoke = true). Removing the tag or setting the value to "false", , or anything other than "true" will result in the VPN connections for that VGW getting deleted and the tunnel configuration removed from the CSRs.
https://github.com/stevemorad/aws-transit-vpc
After I get some testing feedback, I'll merge the changes back into this repo.
from aws-transit-vpc.
wow @stevemorad thank you very much! Long live the amazon customer obsession.
I'll give this a blast during the week and let you know how I get on.
from aws-transit-vpc.
Updated code has been committed that now provide cleaning up spoke VPCs if the spoke tag does not equal the expected tag value. Also, we added the ability to specify a preferred path if you want to configure the CSRs in an active/standby configuration rather than active/active for each spoke.
from aws-transit-vpc.
Related Issues (20)
- zip not installed by default in some linux distributions HOT 2
- Does transit-vpc-cisco-configurator execute "enable" on login? HOT 2
- We updated the new Transit VPC Baked AMIs with encrypted and tunnels went down HOT 1
- Error running the build-s3-dist.sh HOT 5
- Timeout to transitvpc S3 bucket from Configurator Fn HOT 1
- BGP ASN Conflict HOT 15
- transit-vpc-push-cisco-config.zip packaged on OS X fails to run in Lambda HOT 2
- username update HOT 1
- Support for multiple spoke accounts HOT 1
- Member must satisfy regular expression pattern: ^[0-9A-Za-z\.\-_]*(?<!\.) HOT 3
- nat-transparency HOT 1
- Point to updated templates HOT 2
- VPN Gateways Not Being Created HOT 1
- template file transit-vpc-primary-account-marketplace.template doesn't exist HOT 1
- Deployment stuck as Lambda ERRORS HOT 7
- NAT
- KMS key rotation HOT 2
- Python 3 support? HOT 1
- API: ec2:RunInstances Not authorized for images: [ami-<image>] HOT 2
- deployment fails - module import error HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-transit-vpc.