EC2 CustomerGateway Bug

[stack72]

When i have an existing EC2 Customer Gateway as follows:

The AWS Console doesn't let me create another with the same parameters:

But the SDK does allow me to do this:

[DEBUG] Creating customer gateway
[DEBUG] [aws-sdk-go] DEBUG: Request ec2/CreateCustomerGateway Details:
---[ REQUEST POST-SIGN ]-----------------------------
POST / HTTP/1.1
Host: ec2.us-west-2.amazonaws.com
User-Agent: terraform/0.7.5-dev aws-sdk-go/1.4.11 (go1.7.1; darwin; amd64)
Content-Length: 93
Authorization: AWS4-HMAC-SHA256 Credential=REDACTED/20160926/us-west-2/ec2/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=cdc735b4995c0a745895bd20cbabdb158d99db28d88fba7f29d3973ff6fecdcc
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20160926T140112Z
Accept-Encoding: gzip

Action=CreateCustomerGateway&BgpAsn=65000&IpAddress=192.1.1.1&Type=ipsec.1&Version=2016-04-01
-----------------------------------------------------
[DEBUG] [aws-sdk-go] DEBUG: Response ec2/CreateCustomerGateway Details:
---[ RESPONSE ]--------------------------------------
HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Content-Type: text/xml;charset=UTF-8
Date: Mon, 26 Sep 2016 14:01:13 GMT
Server: AmazonEC2
Vary: Accept-Encoding

1c7
<?xml version="1.0" encoding="UTF-8"?>
<CreateCustomerGatewayResponse xmlns="http://ec2.amazonaws.com/doc/2016-04-01/">
    <requestId>36280252-c994-4ee5-afe4-14b42c74b4ea</requestId>
    <customerGateway>
        <customerGatewayId>cgw-cd528bd3</customerGatewayId>
        <state>available</state>
        <type>ipsec.1</type>
        <ipAddress>192.1.1.1</ipAddress>
        <bgpAsn>65000</bgpAsn>
    </customerGateway>
</CreateCustomerGatewayResponse>
0


-----------------------------------------------------
[INFO] Customer gateway ID: cgw-cd528bd3

As you can see, the CustomerGatewayID is the same as the one already in the screenshot above

Paul

[xibz]

Hello @stack72, I'll reach out to the service team and let them know. Thank you for reaching out to us with this find.

[jasdel]

Thanks for contacting us @stack72 We've forward this information on to the EC2 service team. In addition the console website has a "Feedback" button in the bottom left hand corner of the page. Submitting your feedback here will send your feedback to the EC2 and console teams.

Since this issue seems to be a limitation of the console website and not the SDK I'm going to go ahead and close this issue.

[stack72]

So is his something will be acted on, something I need to raise elsewhere or just ignore? This feels a pretty serious bug as infrastructure can be easily modified without any intention to. Closing it without any idea of what happens next seems to be an odd choice

[xibz]

Hello @stack72, sorry for the delayed response and thank you for being patient. It looks like the service team had just gotten back to us. According to them, the docs states:

"Important You cannot create more than one customer gateway with the same VPN type, IP address, and BGP ASN parameter values. If you run an identical request more than one time, the first request creates the customer gateway, and subsequent requests return information about the existing customer gateway. The subsequent requests do not create new customer gateway resources.".

Further, the console uses some validation of input to guide customers in choosing correct values. Lastly, the service team states that this the behavior is safe to use and is idempotent.

If you have any additional questions @stack72, please let us know!