From a7a3519d2e51d06cacfdfc519e1b12f3e2d8497e Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Mon, 24 Oct 2022 12:23:11 -0400
Subject: [PATCH] add hack to ignore tunnel options

---
 vpn-transit-gateway/main.tf | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/vpn-transit-gateway/main.tf b/vpn-transit-gateway/main.tf
index 88d782d..7e237bc 100644
--- a/vpn-transit-gateway/main.tf
+++ b/vpn-transit-gateway/main.tf
@@ -178,6 +178,27 @@ resource "aws_vpn_connection" "vpn" {
     }
   }
 
+  # this is here because if you change the tunnel (trigger a reset) through the console, it will populate
+  # it with all the values possible.  This ignores it. It is not a good practice.
+  lifecycle {
+    ignore_changes = [
+      tunnel1_ike_versions,
+      tunnel1_phase1_dh_group_numbers,
+      tunnel1_phase1_encryption_algorithms,
+      tunnel1_phase1_integrity_algorithms,
+      tunnel1_phase2_dh_group_numbers,
+      tunnel1_phase2_encryption_algorithms,
+      tunnel1_phase2_integrity_algorithms,
+      tunnel2_ike_versions,
+      tunnel2_phase1_dh_group_numbers,
+      tunnel2_phase1_encryption_algorithms,
+      tunnel2_phase1_integrity_algorithms,
+      tunnel2_phase2_dh_group_numbers,
+      tunnel2_phase2_encryption_algorithms,
+      tunnel2_phase2_integrity_algorithms,
+    ]
+  }
+
   tags = merge(
     local.base_tags,
     var.tags,