Reputation: 1114
AWS Cloudformation Stack - Route Table Main
Is it possible to specify in the cloudformation stack template the when adding a route table and set it to main:yes?
On my current stack template there's always a route table associated with my VPC (Also created by the stack) that is set to main:yes but it's not specified route table on my stack template.
Upvotes: 6
Views: 1619
Answers (2)
Reputation: 7039
In order to create similar setup you need to write the whole stack for infra by yourself: VPC, Internet Gateway, Subnet and Route Table. Then you need to explicitly define RouteTableAssociation for the specific subnet and create a public route for the table. YAML example of such a setup
AWSTemplateFormatVersion: '2010-09-09'
Description: Example
Resources:
myInternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: "Name"
Value: "a_gateway"
myVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/24
EnableDnsSupport: true
EnableDnsHostnames: true
InstanceTenancy: default
# Attach Internet gateway to created VPC
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId:
Ref: myVPC
InternetGatewayId:
Ref: myInternetGateway
# Create public routes table for VPC
myPublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref myVPC
Tags:
- Key: "Name"
Value: "public_routes"
# Create a route for the table which will forward the traffic
# from the gateway
myDefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref myPublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref myInternetGateway
# Subnet within VPC which will use route table (with default route)
# from Internet gateway
mySubnet:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ""
CidrBlock: 10.0.0.0/25
MapPublicIpOnLaunch: true
VpcId:
Ref: myVPC
# Associate route table (which contains default route) to newly created subnet
myPublicRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref myPublicRouteTable
SubnetId: !Ref mySubnet
Template is not really short, but to accomplish this simple requirement you have to define everything explicitly.
One way to protect your VPC is to leave the main route table in its original default state (with only the local route), and explicitly associate each new subnet you create with one of the custom route tables you've created. This ensures that you must explicitly control how each subnet's outbound traffic is routed.
Upvotes: 1
Reputation: 269550
No, this is not possible.
When a VPC is created, a 'Main' Route Table is automatically created, which will be the default route table for all subnets that do not have a Subnet Association specified.
It is not possible to create a subnet via CloudFormation that takes on this property.
Upvotes: 4
Related Questions
- CloudFormation - Route Table route Propagation for Tansit Gateway
- Cloudformation Route Erroring Out
- AWS and CloudFormation: How to attach a Virtual Private Gateway to a Routing Table?
- AWS CloudFormation stack: API Gateway resource with nested paths?
- AWS CloudFormation API GatewayV2 Route Creation
- AWS CloudFormation: Route table not populating
- CloudFormation AWS::EC2::Route
- AWS CloudFormation: how do I refer to the default/main route table (that is created when a VPC is created) in a cloudformation template?
- How do I configure the routing rules in a cloudformation yaml?
- Cloudformation: VPC Routing table with No Route for Internet Gateway