CODEWITHSUNDEEP
amazon-web-servicesaws-cloudformation
Shivkumar Mallesappa
Shivkumar Mallesappa

Reputation: 3077

CloudFormation - Route Table route Propagation for Tansit Gateway

I am creating the following resources using CloudFormation:

I have created a site-to-site VPN with my on-prem office manually. I have created the transit gateway manually and attached my VPN to it. Now since I will be creating the VPC with CloudFormation, I thought to avoid manual work lets associate VPC to Transit Gateway and propagate the route in the Route Tables in the CloudFormation Script itself. Please refer the following snippet for the same:

  VPCTransitGateayAttachment:
    Type: AWS::EC2::TransitGatewayAttachment
    Properties: 
      SubnetIds: 
        - !Ref PrivateSubnet1
        - !Ref PrivateSubnet2
      TransitGatewayId: 'tgw-1234567890'
      VpcId: !Ref VPC

#TransitGateWay Routes
  TransitGateWayPublicRouteTableRoutes:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: '0.0.0.0/16'
      TransitGatewayId: 'tgw-1234567890'

  TransitGateWayPrivateRouteTable1Routes:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PrivateRouteTable1
      DestinationCidrBlock: '0.0.0.0/16'
      TransitGatewayId: 'tgw-1234567890'  

  TransitGateWayPrivateRouteTable2Routes:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PrivateRouteTable2
      DestinationCidrBlock: '0.0.0.0/16'
      TransitGatewayId: 'tgw-1234567890'

But I am facing the following error when I execute the script.

The transitGateway ID 'tgw-1234567890' does not exist. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidTransitGatewayID.NotFound; Request ID: 30d31120-f9e2-4870-a378-55bc9a36f5bb)

For the AWS::EC2::Route resource. I am not able to understand what is the issue. The document states the option for Transit Gateway for AWS::EC2::Route. What else I am missing here ?

Upvotes: 1

Views: 2254

Answers (3)

Andreea
Andreea

Reputation: 41

The attachment may be in a "Pending acceptance" state and you need to go in the console, on the account that contains the transit gateway and accept the request in the Transit Gateway Attachments tab.

Upvotes: 0

Jakub Duchon
Jakub Duchon

Reputation: 145

There's no need to deploy your stack in two stages. Instead, add explicit dependency between your routes and the TGW attachment.

E.g.,

TransitGatewayAttachment:
  Type: AWS::EC2::TransitGatewayAttachment
  Properties:
    # ...

RouteToTransitGateway1:
  Type: AWS::EC2::Route
  DependsOn: TransitGatewayAttachment
  Properties:
    # ...

RouteToTransitGateway2:
  Type: AWS::EC2::Route
  DependsOn: TransitGatewayAttachment
  Properties:
    # ...

Upvotes: 0

Erick Gutierrez
Erick Gutierrez

Reputation: 61

I was facing the same issue in cloudformation, the problem was the routes must wait for the AWS::EC2::TransitGatewayAttachment, I ran the cloudformation template with all of my routes that needed the TransitGatewayId paramter commented, then uncommented the routes, and it worked.

There is documentation that this is required for internet gateways attachments, but my test shows, this is also required for TransitGatewayAttachments.

What we should do is add a DependsOn and that should solve the problem.

Upvotes: 6

Related Questions