Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS CloudFormation: how do I refer to the default/main route table (that is created when a VPC is created) in a cloudformation template?

Tags:

amazon-web-services

amazon-cloudformation

I have a CloudFormation template that creates a custom VPC. The template creates the following resources - a VPC, an Internet Gateway, attaches the IGW to the VPC, and creates a Public Subnet. I want to add a route (destination 0.0.0.0/0, target IGW) to the Route Table that gets created as part of the VPC.

I have read through the cloudformation documentation for routes, route tables to figure out how to do this, but to no avail.

I can use the Fn::Ref function to refer to resources or parameters that are explicitly created as part of the template, but how do I refer to resources that get created inherently with the VPC?

Any insights on how to re-use the existing route table, NACL and Security Group are much appreciated.

Thanks,

like image 907
N.Chet Avatar asked Nov 26 '18 02:11

N.Chet

People also ask

Which route table is the main route table for that VPC?

Main route table—The route table that automatically comes with your VPC. It controls the routing for all subnets that are not explicitly associated with any other route table.

How do I refer to a resource in another AWS CloudFormation stack during template creation?

Note: To reference a resource in another AWS CloudFormation stack, you must create cross-stack references. To create a cross-stack reference, use the export field to flag the value of a resource output for export.

What is default route table in AWS?

Custom route table is empty, by default and you add routes as needed. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same subnet route table. Every route table contains a local route for communication within the VPC.

What is route table in AWS VPC?

your VPC has an implicit router, and you use route tables to control where network traffic is directed. Each subnet in your VPC must be associated with a route table, which controls the routing for the subnet (subnet route table). You can explicitly associate a subnet with a particular route table.

Video Answer

2 Answers

Good job so far - you have your internet gateway, route table, and a public subnet. Now you need to create the route and attach the route table to the subnet if you haven't already done so. If you're using YAML it might look something like this:

 InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: !Ref EnvironmentName

  InternetGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref InternetGateway
      VpcId: !Ref VPC

  PublicSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [ 0, !GetAZs '' ]
      CidrBlock: !Ref PublicSubnet1CIDR
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: !Sub ${EnvironmentName} Public Subnet (AZ1)

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: !Sub ${EnvironmentName} Public Routes

  DefaultPublicRoute:
    Type: AWS::EC2::Route
    DependsOn: InternetGatewayAttachment
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  PublicSubnet1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref PublicSubnet1
like image 78
Ben Whaley Avatar answered Oct 17 '22 08:10

Ben Whaley
  1. Don't use the default route table (see https://serverfault.com/questions/588904/aws-vpc-default-route-table-in-cloudformation)
  2. You can get default security group as per https://serverfault.com/questions/544439/aws-cloudformation-vpc-default-security-group
  3. And finally you can also get the DefaultNetworkAcl in the same as DefaultSecurityGroup above. See also https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc.html)
like image 20
Paco Avatar answered Oct 17 '22 09:10

Paco
Sign in to Comment

Related questions

AWS S3 GET request fallback to a different virtual folder
s3.getSignedUrl ResponseContentDisposition parameter not working
Connect ElastiCache to Elastic Beanstalk Instance
Ubuntu: Could not enable service cfn-hup
How do AWS Lambda instances scale?
Is it possible to combine AWS CodeBuild and CodePipeline to build described CI workflow?
AWS: Mount S3 Bucket to an EC2 instance. (Later FTP Tunneling)
How to change phone_number format upon creation of a AWS Cognito User Pool?
How to get size of all files in an S3 bucket with versioning?
How to create a SECRET_HASH for AWS Cognito using boto3?
Add a role to an AWS Cognito Identity Pool via Cloudformation
AWS SAM Local vs Localstack
Tell CloudFront to only cache 200 response codes
need help to install php 7.2 yum packages on aws ec2
VPN clients to resolve private DNS hostnames in AWS [closed]
Migrating Firebase users to AWS Cognito
Message":"User: anonymous is not authorized to perform: iam:PassRole
How to return directly from the request mapper?
what is difference between Kinesis Streams and Kinesis Firehose?
How to launch ec2 instance with custom root volume ebs size (more than 8GB) using AWS Cli

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!