Menu
I have the following network ELB networking resources config, in order to route outbound traffic through a single elastic ip.
I get the following error:
"AWS::EC2::Route PublicRoute CREATE_FAILED: route table rtb-zzzeb and network gateway igw-xxx belong to different networks"
What does this mean exactly in the context of my below configuration? Is there an issue with my resource labelled "PublicRoute"?
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: "10.0.0.0/24"
Public1aSBN:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: "10.0.0.128/27"
AvailabilityZone: "eu-west-2a"
Public1cSBN:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: "10.0.0.160/27"
AvailabilityZone: "eu-west-2c"
Public1bSBN:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: "10.0.0.192/27"
AvailabilityZone: "eu-west-2b"
InternetGateway:
Type: "AWS::EC2::InternetGateway"
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
EIPNatGateway:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
NAT:
DependsOn: EIPNatGateway
Type: AWS::EC2::NatGateway
Properties:
AllocationId:
Fn::GetAtt:
- EIPNatGateway
- AllocationId
SubnetId: !Ref Public1aSBN
RouteTablePublic:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Public1aSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref Public1aSBN
RouteTableId: !Ref RouteTablePublic
Public1cSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref Public1cSBN
RouteTableId: !Ref RouteTablePublic
Public1bSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref Public1bSBN
RouteTableId: !Ref RouteTablePublic
PublicRoute:
Type: AWS::EC2::Route
DependsOn: InternetGateway
Properties:
RouteTableId: !Ref RouteTablePublic
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
TargetSG:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
InboundRule:
Type: AWS::EC2::SecurityGroupIngress
DependsOn: TargetSG
Properties:
IpProtocol: -1
FromPort: '0'
ToPort: '65535'
CidrIp: "0.0.0.0/0"
GroupId:
Fn::GetAtt:
- TargetSG
- GroupId
557
On the Routes tab, choose Edit routes, Add route, and add the following routes as necessary. Choose Save changes when you're done. For IPv4 traffic, specify 0.0. 0.0/0 in the Destination box, and select the internet gateway ID in the Target list.
Subnet route table—A route table that's associated with a subnet. Local route—A default route for communication within the VPC. Propagation—Route propagation allows a virtual private gateway to automatically propagate routes to the route tables.
Within a VPC, route tables are assigned to individual subnets. With only 1 route table created in a VPC, all of the subnets would be assigned to that route table. You can create multiple route tables in a VPC, or you can leave the 1 default route table.
To enable route propagation using the consoleOpen the Amazon VPC console at https://console.aws.amazon.com/vpc/ . In the navigation pane, choose Route tables, and then select the route table. Choose Actions, Edit route propagation. Select the Enable check box next to the virtual private gateway, and then choose Save.
According to the docs,
Some resources in a VPC require a gateway (either an Internet or VPN gateway). If your AWS CloudFormation template defines a VPC, a gateway, and a gateway attachment, any resources that require the gateway are dependent on the gateway attachment.
This means you have to add your AttachGateway to the DependsOn attribute of your PublicRoute resource:
PublicRoute:
Type: AWS::EC2::Route
DependsOn:
- InternetGateway
- AttachGateway
Properties:
RouteTableId: !Ref RouteTablePublic
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
This ensures that your resources are built in the proper order so your route won't be created until the gateway has been attached to the vpc
69
You will get this error if the route table and Internet gateway are in different VPCs.
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
