NetworkConfig / VpcConfig | VpcTemplatesConfig / RouteTableConfig / RouteTableEntryConfig

VPC route table static route entry configuration. Use this configuration to define static route entries in a VPC subnet or gateway route table. Static routes are used determine traffic flow from your subnet to a defined destination address and target.

Example

Transit Gateway Attachment

- name: TgwRoute
destination: 0.0.0.0/0
type: transitGateway
target: Network-Main

NAT Gateway

- name: NatRoute
destination: 0.0.0.0/0
type: natGateway
target: Nat-A

Internet Gateway

- name: IgwRoute
destination: 0.0.0.0/0
type: internetGateway

VPC Peering

- name: PeerRoute
destination: 10.0.0.0/16
type: vpcPeering
target: Peering

Network Firewall with CIDR destination:

- name: NfwRoute
destination: 0.0.0.0/0
type: networkFirewall
target: accelerator-firewall
targetAvailabilityZone: a

Network Firewall with subnet destination:

- name: NfwRoute
destination: subnet-a
type: networkFirewall
target: accelerator-firewall
targetAvailabilityZone: a

Gateway Load Balancer Endpoint with CIDR destination:

- name: GwlbRoute
destination: 0.0.0.0/0
type: gatewayLoadBalancerEndpoint
target: Endpoint-A

Gateway Load Balancer Endpoint with subnet destination:

- name: GwlbRoute
destination: subnet-a
type: gatewayLoadBalancerEndpoint
target: Endpoint-A

Local Gateway associated with an AWS Outpost:

- name: LgwRoute
destination: 10.0.0.0/16
type: localGateway
target: LocalGateway-A

Network Interface associated with a dynamic lookup:

  • NOTE: This lookup value is not supported for firewalls defined in Ec2FirewallAutoScalingGroupConfig. The interface must have the associateElasticIp property set to 'true' or the sourceDestCheck property set to 'false'
- name: EniRoute
destination: 10.0.0.0/16
type: networkInterface
target: ${ACCEL_LOOKUP::EC2:ENI_0:accelerator-firewall:Id}

Network Interface associated with an explicit ENI Id:

- name: EniRoute
destination: 10.0.0.0/16
type: networkInterface
target: eni-0123456789abcdef

Hierarchy

  • RouteTableEntryConfig

Implements

Constructors

Properties

destination: undefined | string = undefined

(OPTIONAL) The destination CIDR block or dynamic subnet reference for the route table entry.

Remarks

You can either use CIDR notation (i.e. 10.0.0.0/16) or target a subnet by referencing its logical name property. If referencing a subnet name, the subnet MUST be defined in the same VPC. This feature is intended for ingress routing scenarios where a gateway route table must target a Gateway Load Balancer or Network Firewall endpoint in a dynamic IPAM-created subnet.

See

SubnetConfig and RouteTableConfig.

Either destination or destinationPrefixList must be specified for the following route entry types: transitGateway, natGateway, internetGateway, networkInterface, vpcPeering, virtualPrivateGateway.

destination MUST be specified for route entry type networkFirewall or gatewayLoadBalancerEndpoint.

Note: Leave undefined for route entry type gatewayEndpoint.

destinationPrefixList: undefined | string = undefined

The friendly name of the destination prefix list for the route table entry.

Remarks

This is the logical name property of the prefix list as defined in network-config.yaml.

Either destination or destinationPrefixList must be specified for the following route entry types: transitGateway, natGateway, internetGateway, networkInterface, vpcPeering, virtualPrivateGateway.

Cannot be specified for route entry type networkFirewall or gatewayLoadBalancerEndpoint. Use destination instead.

Note: Leave undefined for route entry type gatewayEndpoint.

See

PrefixListConfig

name: string = ''

A friendly name for the route table.

Remarks

CAUTION: Changing this value after initial deployment will cause the route table to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

target: undefined | string = undefined

The friendly name of the destination target.

Remarks

Use s3 or dynamodb as the string when specifying a route entry type of gatewayEndpoint.

This is the logical name property of other target types as defined in network-config.yaml.

Note: Leave undefined for route entry type internetGateway or virtualPrivateGateway.

targetAvailabilityZone: undefined | string | number = undefined

The Availability Zone (AZ) the target resides in.

Remarks

Include only the letter of the AZ name (i.e. 'a' for 'us-east-1a') to target a subnet created in a specific AZ. Use an integer (i.e. 1) for subnets using a physical mapping ID to an AZ. Please reference the documentation Availability Zone IDs for your AWS resources for more information.

Note: Leave undefined for targets of route entry types other than networkFirewall.

type: undefined | "virtualPrivateGateway" | "transitGateway" | "natGateway" | "internetGateway" | "local" | "localGateway" | "gatewayEndpoint" | "gatewayLoadBalancerEndpoint" | "networkFirewall" | "networkInterface" | "vpcPeering" = undefined

The destination type of route table entry.

See

routeTableEntryTypeEnum

Generated using TypeDoc