I am creating a whole stack using CloudFormation. I have noticed that even though I do have a routing rule for 0.0.0.0/0 to access an internet gateway in my cloud formation template, it is not being created.
VPC:
"vpc": {
  "Type": "AWS::EC2::VPC",
  "Properties": {
    "CidrBlock": "172.31.0.0/16",
    "InstanceTenancy": "default",
    "EnableDnsSupport": "true",
    "EnableDnsHostnames": "true",
    "Tags": [
      {
        "Key": "Environment",
        "Value": {
          "Ref": "Env"
        }
      }
    ]
  }
Routing table:
"rtb": {
  "Type": "AWS::EC2::RouteTable",
  "Properties": {
    "VpcId": {
      "Ref": "vpc"
    }
  },
  "Metadata": {
    "AWS::CloudFormation::Designer": {
      "id": "65297cdc-8bcd-482d-af40-b0fef849b8c2"
    }
  }
}
VPCGatewayAttachment:
"gw1": {
  "Type": "AWS::EC2::VPCGatewayAttachment",
  "Properties": {
    "VpcId": {
      "Ref": "vpc"
    },
    "InternetGatewayId": {
      "Ref": "ig"
    }
  },
  "Metadata": {
    "AWS::CloudFormation::Designer": {
      "id": "aa69d6c0-3b11-43be-a8c1-7e79176f8c89"
    }
  }
}
Route:
"route1": {
  "Type": "AWS::EC2::Route",
  "Properties": {
    "DestinationCidrBlock": "0.0.0.0/0",
    "RouteTableId": {
      "Ref": "rtb"
    },
    "GatewayId": {
      "Ref": "ig"
    }
  },
  "DependsOn": "gw1",
  "Metadata": {
    "AWS::CloudFormation::Designer": {
      "id": "a68dd12e-3c14-4fa9-ba36-e0046374a0e9"
    }
  }
}
Internet Gateway:
"ig": {
  "Type": "AWS::EC2::InternetGateway",
  "Properties": {},
  "Metadata": {
    "AWS::CloudFormation::Designer": {
      "id": "9f9b4ce3-b994-43ff-9155-04aeb7ab2edf"
    }
  }
}
All of the items are being created, except the IG routing rule for the VPC. There are no errors in the cloudformation stack creation.
The routing table:
Destination: 172.31.0.0/16
Target: local
Expected routing table:
Destination: 172.31.0.0/16
Target: local
Destination: 0.0.0.0/0
Target: igw-********
Note that I can add the rule by myself directly after cloudformation stack creation.
Is there something I am missing?
Main route table—The route table that automatically comes with your VPC. It controls the routing for all subnets that are not explicitly associated with any other route table. Custom route table—A route table that you create for your VPC.
Within a VPC, route tables are assigned to individual subnets. With only 1 route table created in a VPC, all of the subnets would be assigned to that route table. You can create multiple route tables in a VPC, or you can leave the 1 default route table.
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/ . In the navigation pane, choose Subnets, and then select the subnet. In the Route Table tab, choose Edit route table association. From the Route Table ID list, select the new route table with which to associate the subnet, and then choose Save.
After contacting AWS support, it turned out that each VPC creates a routing table automatically and it is set by default for all of its subnets. The solution to that would be to use a SubnetRouteTableAssociation to associate my new route table with each subnet.
    "subnet0RTA": {
      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
      "Properties" : {
        "RouteTableId" : {"Ref" : "rtb"},
        "SubnetId" : {"Ref" : "subnet0"}
      }
    },
    "subnet1RTA": {
      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
      "Properties" : {
        "RouteTableId" : {"Ref" : "rtb"},
        "SubnetId" : {"Ref" : "subnet1"}
      }
    },
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With