fix(core): Fix creating TGW Static Routes (#735)

* Fixing TGW Static Route

* Fixing tgw routes

Author: naveenkoppula

src/deployments/cdk/src/deployments/transit-gateway/step-3.ts

@@ -26,9 +26,6 @@ export async function step3(props: TransitGatewayStep3Props) {
   const tgwPeeringAttachmentOutputs = TransitGatewayPeeringAttachmentOutputFinder.findAll({
     outputs,
   });
-  if (tgwPeeringAttachmentOutputs.length === 0) {
-    return;
-  }
 
   const accountConfigs = config.getAccountConfigs();
   for (const [accountKey, accountConfig] of accountConfigs) {
@@ -44,6 +41,7 @@ export async function step3(props: TransitGatewayStep3Props) {
         name: tgwConfig.name,
       });
       if (!transitGateway) {
+        console.warn(`TGW not found "${accountKey}/${tgwConfig.name}"`);
         continue;
       }
 
@@ -57,9 +55,6 @@ export async function step3(props: TransitGatewayStep3Props) {
         const tgwPeer = output.tgws.find(tgw => tgw.name === tgwConfig.name && tgw.region === tgwConfig.region);
         return !!tgwPeer;
       });
-      if (!tgwPeeringAttachment) {
-        continue;
-      }
 
       if (!tgwConfig['tgw-routes']) {
         continue;
@@ -71,15 +66,19 @@ export async function step3(props: TransitGatewayStep3Props) {
         }
 
         for (const route of tgwRoute.routes) {
-          if (route['target-tgw'] || route['blackhole-route']) {
-            CreateRoute(
-              accountStack,
-              route.destination,
-              tgwRoute.name,
-              tgwPeeringAttachment.tgwAttachmentId,
+          if (route['target-tgw']) {
+            if (!tgwPeeringAttachment) {
+              console.warn(`No Peering Attachment found for "${tgwConfig.name}"`);
+              continue;
+            }
+            CreateRoute({
+              scope: accountStack,
+              cidr: route.destination,
+              routeName: tgwRoute.name,
               transitGateway,
-              route['blackhole-route'],
-            );
+              attachmentId: tgwPeeringAttachment.tgwAttachmentId,
+              blackhole: route['blackhole-route'],
+            });
           } else if (route['target-vpc']) {
             const vpcOutput = VpcOutputFinder.tryFindOneByAccountAndRegionAndName({
               outputs,
@@ -92,14 +91,14 @@ export async function step3(props: TransitGatewayStep3Props) {
               continue;
             }
             const tgwAttachmentIds = vpcOutput.tgwAttachments.map(t => t.id);
-            CreateRoutes(
-              accountStack,
-              route.destination,
-              tgwRoute.name,
-              tgwAttachmentIds,
+            CreateRoutes({
+              scope: accountStack,
+              cidr: route.destination,
+              routeName: tgwRoute.name,
               transitGateway,
-              route['blackhole-route'],
-            );
+              attachmentIds: tgwAttachmentIds,
+              blackhole: route['blackhole-route'],
+            });
           } else if (route['target-vpn']) {
             const vpnAttachments = TgwVpnAttachmentsOutputFinder.tryFindOneByName({
               outputs,
@@ -117,14 +116,22 @@ export async function step3(props: TransitGatewayStep3Props) {
             if (!tgwAttachmentId) {
               continue;
             }
-            CreateRoutes(
-              accountStack,
-              route.destination,
-              tgwRoute.name,
-              [tgwAttachmentId],
+            CreateRoutes({
+              scope: accountStack,
+              cidr: route.destination,
+              routeName: tgwRoute.name,
               transitGateway,
-              route['blackhole-route'],
-            );
+              attachmentIds: [tgwAttachmentId],
+              blackhole: route['blackhole-route'],
+            });
+          } else if (route['blackhole-route']) {
+            CreateRoute({
+              scope: accountStack,
+              cidr: route.destination,
+              routeName: tgwRoute.name,
+              transitGateway,
+              blackhole: route['blackhole-route'],
+            });
           }
         }
       }
@@ -134,6 +141,13 @@ export async function step3(props: TransitGatewayStep3Props) {
         continue;
       }
 
+      if (!tgwPeeringAttachment) {
+        console.warn(
+          `No Peering Attachment found for "${accountKey}/${tgwConfig.name}". Skipping Create associations fot tgw-attach`,
+        );
+        continue;
+      }
+
       CreateAssociations(
         accountStacks,
         tgwPeeringAttachment,
@@ -164,35 +178,58 @@ export async function step3(props: TransitGatewayStep3Props) {
   }
 }
 
-function CreateRoutes(
-  scope: cdk.Construct,
-  cidr: string,
-  routeName: string,
-  attachmentIds: string[],
-  transitGateway: TransitGatewayOutput,
-  blackhole?: boolean,
-) {
+function CreateRoutes(props: {
+  scope: cdk.Construct;
+  cidr: string;
+  routeName: string;
+  transitGateway: TransitGatewayOutput;
+  attachmentIds?: string[];
+  blackhole?: boolean;
+}) {
+  const { cidr, routeName, scope, transitGateway, attachmentIds, blackhole } = props;
   for (const attachmentId of attachmentIds || []) {
-    CreateRoute(scope, cidr, routeName, attachmentId, transitGateway, blackhole);
+    CreateRoute({
+      scope,
+      cidr,
+      routeName,
+      transitGateway,
+      attachmentId,
+      blackhole,
+    });
   }
 }
 
-function CreateRoute(
-  scope: cdk.Construct,
-  cidr: string,
-  routeName: string,
-  attachmentId: string,
-  transitGateway: TransitGatewayOutput,
-  blackhole?: boolean,
-) {
+function CreateRoute(props: {
+  scope: cdk.Construct;
+  cidr: string;
+  routeName: string;
+  transitGateway: TransitGatewayOutput;
+  attachmentId?: string;
+  blackhole?: boolean;
+}) {
+  const { cidr, routeName, scope, transitGateway, attachmentId, blackhole } = props;
   const routesMap = transitGateway.tgwRouteTableNameToIdMap;
   if (routeName === '{TGW_ALL}') {
     for (const key of Object.keys(routesMap)) {
-      CreateTransitGatewayRoute(scope, key, attachmentId, routesMap[key], cidr, blackhole);
+      CreateTransitGatewayRoute({
+        scope,
+        name: key,
+        routeId: routesMap[key],
+        cidrBlock: cidr,
+        blackhole,
+        attachmentId,
+      });
     }
   } else {
     const routeId = routesMap[routeName];
-    CreateTransitGatewayRoute(scope, routeName, attachmentId, routeId, cidr, blackhole);
+    CreateTransitGatewayRoute({
+      scope,
+      name: routeName,
+      routeId,
+      cidrBlock: cidr,
+      attachmentId,
+      blackhole,
+    });
   }
 }
 
@@ -221,14 +258,15 @@ function CreateAssociations(
   }
 }
 
-function CreateTransitGatewayRoute(
-  scope: cdk.Construct,
-  name: string,
-  attachmentId: string,
-  routeId: string,
-  cidrBlock: string,
-  blackhole?: boolean,
-) {
+function CreateTransitGatewayRoute(props: {
+  scope: cdk.Construct;
+  name: string;
+  routeId: string;
+  cidrBlock: string;
+  attachmentId?: string;
+  blackhole?: boolean;
+}) {
+  const { attachmentId, cidrBlock, name, routeId, scope, blackhole } = props;
   // TODO need to update the id by calculating the hash of the properties
   const id = `${name}${attachmentId}${routeId}${cidrBlock}${blackhole}`;
   if (!blackhole) {

src/lib/custom-resources/cdk-guardduty-admin-setup/runtime/src/index.ts

@@ -102,7 +102,7 @@ async function createMembers(memberAccounts: AccountDetail[], detectorId: string
     let currentAccounts: AccountDetail[] = paginate(memberAccounts, pageNumber, pageSize);
     while (currentAccounts.length > 0) {
       console.log(`Calling api "guardduty.createMembers()", ${currentAccounts}, ${detectorId}`);
-      await throttlingBackOff(() =>
+      const createMembersResp = await throttlingBackOff(() =>
         guardduty
           .createMembers({
             AccountDetails: currentAccounts,
@@ -111,6 +111,7 @@ async function createMembers(memberAccounts: AccountDetail[], detectorId: string
           .promise(),
       );
       currentAccounts = paginate(memberAccounts, ++pageNumber, pageSize);
+      console.log(`UnProcessedAccounts are : ${JSON.stringify(createMembersResp.UnprocessedAccounts)}`);
     }
   } catch (error) {
     console.error(