[Bug]: Failed to import an AWS TGW with 32-bit ASN

[vitormazali]

Terraform Core Version

1.5.4

AWS Provider Version

5.40.0

Affected Resource(s)

aws_ec2_transit_gateway

Expected Behavior

Terraform should have recognize a 32-bit ASN number configured in the AWS TGW resource.

Actual Behavior

Tried to import an AWS TGW created manually to Terraform state using import resource block. The TGW has a 32-bit ASN configured:

resource "aws_ec2_transit_gateway" "example_name" {
    amazon_side_asn = "4288888251"
    auto_accept_shared_attachments = "disable"
    default_route_table_association = "disable"
    default_route_table_propagation = "disable"
    multicast_support = "disable"
}

import {
  to = aws_ec2_transit_gateway.example_name
  id = "tgw-123456789"
}

Got this error:

Error: Attribute must be a whole number, got 4.288888251e+09

  with aws_ec2_transit_gateway.tgw-network-ww-prod-use2,
  on tgw_file_name.tf line 47, in resource "aws_ec2_transit_gateway" "example_name":
  47:     amazon_side_asn = "4288888251"

I removed the ASN in the resource configuration block and realized that the 32-bit ASN number was converted to some negative integer number:

  # aws_ec2_transit_gateway.example_name will be updated in-place
  # (imported from "tgw-123456789")
  ~ resource "aws_ec2_transit_gateway" "example_name" {
      ~ amazon_side_asn                 = -6079045 -> 64512
        arn                             = "<ARN>"
        auto_accept_shared_attachments  = "disable"
        default_route_table_association = "disable"
        default_route_table_propagation = "disable"
        dns_support                     = "enable"
        id                              = "tgw-123456789"
        multicast_support               = "disable"
        owner_id                        = "<ACCOUNT ID>"
        vpn_ecmp_support                = "enable"
    }

I changed the resource block to match this "amazon_side_asn" = -6079045 and it the import worked fine. In the AWS console, it's still showing as the ASN 4288888251.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_ec2_transit_gateway" "example_name" {
    amazon_side_asn = "4288888251"
    auto_accept_shared_attachments = "disable"
    default_route_table_association = "disable"
    default_route_table_propagation = "disable"
    multicast_support = "disable"
}

import {
  to = aws_ec2_transit_gateway.example_name
  id = "tgw-123456789"
}

Steps to Reproduce

Use import block to have a manually created AWS TGW in the Terraform state.
Make sure the AWS TGW has a 32-bit ASN number configured.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[acwwat]

Using the latest Terraform AWS Provider, I can on longer reproduce the problem. Using the sample config provided above, I've tested it as follows:

1. Run terraform apply to create the TGW. Check the state file and make sure that the ASN is correct:

  "resources": [
    {
      "mode": "managed",
      "type": "aws_ec2_transit_gateway",
      "name": "example_name",
      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "amazon_side_asn": 4288888251,
            "arn": "arn:aws:ec2:us-west-2:<redacted>:transit-gateway/tgw-005a9f2862e4e4008",
            "association_default_route_table_id": "",
            "auto_accept_shared_attachments": "disable",
            "default_route_table_association": "disable",
            "default_route_table_propagation": "disable",
            "description": "",
            "dns_support": "enable",
            "id": "tgw-005a9f2862e4e4008",
            "multicast_support": "disable",
            "owner_id": "<redacted>",
            "propagation_default_route_table_id": "",
            "region": "us-west-2",
            "security_group_referencing_support": "disable",
            "tags": {},
            "tags_all": {},
            "timeouts": null,
            "transit_gateway_cidr_blocks": [],
            "vpn_ecmp_support": "enable"
          },
          "sensitive_attributes": [],
          "identity_schema_version": 0,
          "private": "<redacted>"
        }
      ]

2. Run terraform apply again and make sure there is no change.
3. Run terraform state rm to remove the resource from state.
4. Add the import block in using the ID of the TGW create above. Then run terraform apply to import the resource. The plan output shows the correct ASN:

aws_ec2_transit_gateway.example_name: Preparing import... [id=tgw-005a9f2862e4e4008]
aws_ec2_transit_gateway.example_name: Refreshing state... [id=tgw-005a9f2862e4e4008]

Terraform will perform the following actions:

  # aws_ec2_transit_gateway.example_name will be imported
    resource "aws_ec2_transit_gateway" "example_name" {
        amazon_side_asn                    = 4288888251
        arn                                = "arn:aws:ec2:us-west-2:<redacted>:transit-gateway/tgw-005a9f2862e4e4008"
        association_default_route_table_id = null
        auto_accept_shared_attachments     = "disable"
        default_route_table_association    = "disable"
        default_route_table_propagation    = "disable"
        description                        = null
        dns_support                        = "enable"
        id                                 = "tgw-005a9f2862e4e4008"
        multicast_support                  = "disable"
        owner_id                           = "<redacted>"
        propagation_default_route_table_id = null
        region                             = "us-west-2"
        security_group_referencing_support = "disable"
        tags                               = {}
        tags_all                           = {}
        transit_gateway_cidr_blocks        = []
        vpn_ecmp_support                   = "enable"
    }

Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.

5. Run terraform apply again and make sure there is no change.