Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Cloudformation error: route table X and network gateway Y belong to different networks

Tags:

amazon-web-services

amazon-cloudformation

I have the following network ELB networking resources config, in order to route outbound traffic through a single elastic ip.

I get the following error:

"AWS::EC2::Route PublicRoute CREATE_FAILED: route table rtb-zzzeb and network gateway igw-xxx belong to different networks"

What does this mean exactly in the context of my below configuration? Is there an issue with my resource labelled "PublicRoute"?

Resources:
  VPC:
      Type: AWS::EC2::VPC
      Properties:
        CidrBlock: "10.0.0.0/24"
  Public1aSBN:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: "10.0.0.128/27"
      AvailabilityZone: "eu-west-2a"
  Public1cSBN:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: "10.0.0.160/27"
      AvailabilityZone: "eu-west-2c"
  Public1bSBN:
      Type: AWS::EC2::Subnet
      Properties:
        VpcId: !Ref VPC
        CidrBlock: "10.0.0.192/27"
        AvailabilityZone: "eu-west-2b"
  InternetGateway:
    Type: "AWS::EC2::InternetGateway"
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway
  EIPNatGateway:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc
  NAT:
    DependsOn: EIPNatGateway
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId:
        Fn::GetAtt:
        - EIPNatGateway
        - AllocationId
      SubnetId: !Ref Public1aSBN
  RouteTablePublic:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
  Public1aSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref Public1aSBN
      RouteTableId: !Ref RouteTablePublic
  Public1cSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref Public1cSBN
      RouteTableId: !Ref RouteTablePublic
  Public1bSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref Public1bSBN
      RouteTableId: !Ref RouteTablePublic
  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: InternetGateway
    Properties:
      RouteTableId: !Ref RouteTablePublic
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
  TargetSG:
    Type: AWS::EC2::SecurityGroup
    Properties:
      VpcId: !Ref VPC
  InboundRule:
    Type: AWS::EC2::SecurityGroupIngress
    DependsOn: TargetSG
    Properties:
      IpProtocol: -1
      FromPort: '0'
      ToPort: '65535'
      CidrIp: "0.0.0.0/0"
      GroupId:
        Fn::GetAtt:
          - TargetSG
          - GroupId
like image 557
Derp derp Avatar asked Feb 19 '18 11:02

Derp derp

People also ask

How do you add an Internet gateway to a route table?

On the Routes tab, choose Edit routes, Add route, and add the following routes as necessary. Choose Save changes when you're done. For IPv4 traffic, specify 0.0. 0.0/0 in the Destination box, and select the internet gateway ID in the Target list.

Which route table used for communication between instances within VPC?

Subnet route table—A route table that's associated with a subnet. Local route—A default route for communication within the VPC. Propagation—Route propagation allows a virtual private gateway to automatically propagate routes to the route tables.

Can a VPC have multiple route tables?

Within a VPC, route tables are assigned to individual subnets. With only 1 route table created in a VPC, all of the subnets would be assigned to that route table. You can create multiple route tables in a VPC, or you can leave the 1 default route table.

How do I enable route propagation in AWS?

To enable route propagation using the consoleOpen the Amazon VPC console at https://console.aws.amazon.com/vpc/ . In the navigation pane, choose Route tables, and then select the route table. Choose Actions, Edit route propagation. Select the Enable check box next to the virtual private gateway, and then choose Save.

2 Answers

According to the docs,

Some resources in a VPC require a gateway (either an Internet or VPN gateway). If your AWS CloudFormation template defines a VPC, a gateway, and a gateway attachment, any resources that require the gateway are dependent on the gateway attachment.

This means you have to add your AttachGateway to the DependsOn attribute of your PublicRoute resource:

PublicRoute:
  Type: AWS::EC2::Route
  DependsOn: 
    - InternetGateway
    - AttachGateway
  Properties:
    RouteTableId: !Ref RouteTablePublic
    DestinationCidrBlock: 0.0.0.0/0
    GatewayId: !Ref InternetGateway

This ensures that your resources are built in the proper order so your route won't be created until the gateway has been attached to the vpc

like image 69
LLai Avatar answered Oct 10 '22 07:10

LLai

You will get this error if the route table and Internet gateway are in different VPCs.

like image 1
tschumann Avatar answered Oct 10 '22 06:10

tschumann
Sign in to Comment

Related questions

serverless update check failed error
Aws lambda retry behavior when triggered by cloudwatch event
Automatically set ListenerRule Priority in CloudFormation template
Including an exit code 1 event in CloudWatch using Terraform for ECS
Static web hosting on AWS S3 giving me "403 permission denied"
Athena DateDiff
Configure SQS Dead letter Queue to raise a cloud watch alarm on receiving a message
AWS S3 Redirection rules not letting me saving it
Why base64 encode an API authorization key?
Access Denied when uploading files to Amazon using Paperclip and IAM policies
Mounting a dataset from AWS
AWS CodeDeploy executes before Auto Scaling userdata scripts finishes
AWS account vs Amazon consumer account
How do I safely run a Node.js server on port 80 with Amazon Elastic Beanstalk?
AWS Lambda access to RDS outside VPC
How to save Amazon Redshift output to local CSV through SQL Workbench?
How do I use Gmail SMTP with port 587 on AWS EC2?
Aws glue triggers are not working
CodeDeploy can't find my AWS Lambda Function
Websocket closing after 60 seconds of being idle while connection node server using AWS ELB

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!