21

Am I missing something but is there no way to add a route via CloudFormation to the default route table that comes provisioned with a VPC?

sciurus
  • 12,493
  • 2
  • 30
  • 49
Sleeper Smith
  • 503
  • 1
  • 4
  • 11

2 Answers2

28

Nah you can't, there's nothing to refer to anyway (e.g. logical ID). Just create your own main table ;-).

This is probably one of the reason it can't be used:

One way to protect your VPC is to leave the main route table in its original default state (with only the local route), and explicitly associate each new subnet you create with one of the custom route tables you've created. This ensures that you must explicitly control how each subnet's outbound traffic is routed.

Raimana Lowgreen
  • 396
  • 3
  • 3
  • 3
    Sounds like a chore. – Sleeper Smith Apr 15 '14 at 15:17
  • 5
    Think that's bad? Wait until you separate out your templates so that each one has only a single responsibility, with a parent template pulling smaller ones into a larger stack... now you have to pass both the VPC **and** the RouteTable from one template to all your other child templates. This, despite the fact the RouteTable already knows which VPC it's a part of, but you can't extract that information from it. – DanielM Aug 11 '15 at 20:14
  • 3
    @DanielM Sounds like a job for https://github.com/SleeperSmith/Aws-Lego . Looks like we have the same gripe. :D hahahaha. – Sleeper Smith Aug 16 '15 at 01:57
  • More info at - https://forums.aws.amazon.com/thread.jspa?threadID=97060 – ALex_hha Feb 06 '17 at 17:10
1

You can define each component by yourself in case you need to implement that setup via CloudFormation. Just create your own VPC, Internet Gateway, Subnet and Route Table. Then you need to explicitly declare RouteTableAssociation for the specific subnet and create a public route for that table. Here's an example

AWSTemplateFormatVersion: '2010-09-09'
Description: Example
Resources:
  myInternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: "Name"
          Value: "a_gateway"

  myVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/24
      EnableDnsSupport: true
      EnableDnsHostnames: true
      InstanceTenancy: default

  # Attach Internet gateway to created VPC
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId:
        Ref: myVPC
      InternetGatewayId:
        Ref: myInternetGateway

  # Create public routes table for VPC
  myPublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref myVPC
      Tags:
        - Key: "Name"
          Value: "public_routes"

  # Create a route for the table which will forward the traffic
  # from the gateway
  myDefaultPublicRoute:
    Type: AWS::EC2::Route
    DependsOn: AttachGateway
    Properties:
      RouteTableId: !Ref myPublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref myInternetGateway

  # Subnet within VPC which will use route table (with default route)
  # from Internet gateway
  mySubnet:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: ""
      CidrBlock: 10.0.0.0/25
      MapPublicIpOnLaunch: true
      VpcId:
        Ref: myVPC

  # Associate route table (which contains default route) to newly created subnet
  myPublicRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref myPublicRouteTable
      SubnetId: !Ref mySubnet

This way you'll be able to use created route table (in the example above it's used to forward traffic from Internet Gateway)

Most Wanted
  • 161
  • 3