Interface IRouteTableEntryConfig

NetworkConfig / VpcConfig | VpcTemplatesConfig / RouteTableConfig / RouteTableEntryConfig

VPC route table static route entry configuration.

Description

Use this configuration to define static route entries in a VPC subnet or gateway route table. Static routes are used determine traffic flow from your subnet to a defined destination address and target.

Example

Transit Gateway Attachment

- name: TgwRoute
  destination: 0.0.0.0/0
  type: transitGateway
  target: Network-Main

NAT Gateway

- name: NatRoute
  destination: 0.0.0.0/0
  type: natGateway
  target: Nat-A

Internet Gateway

- name: IgwRoute
  destination: 0.0.0.0/0
  type: internetGateway

VPC Peering

- name: PeerRoute
  destination: 10.0.0.0/16
  type: vpcPeering
  target: Peering

Network Firewall with CIDR destination:

- name: NfwRoute
  destination: 0.0.0.0/0
  type: networkFirewall
  target: accelerator-firewall
  targetAvailabilityZone: a

Network Firewall with subnet destination:

- name: NfwRoute
  destination: subnet-a
  type: networkFirewall
  target: accelerator-firewall
  targetAvailabilityZone: a

Gateway Load Balancer Endpoint with CIDR destination:

- name: GwlbRoute
  destination: 0.0.0.0/0
  type: gatewayLoadBalancerEndpoint
  target: Endpoint-A

Gateway Load Balancer Endpoint with subnet destination:

- name: GwlbRoute
  destination: subnet-a
  type: gatewayLoadBalancerEndpoint
  target: Endpoint-A

Local Gateway associated with an AWS Outpost:

- name: LgwRoute
  destination: 10.0.0.0/16
  type: localGateway
  target: LocalGateway-A

Network Interface associated with a dynamic lookup:

NOTE: This lookup value is not supported for firewalls defined in Ec2FirewallAutoScalingGroupConfig. The interface must have the associateElasticIp property set to 'true' or the sourceDestCheck property set to 'false'

- name: EniRoute
  destination: 10.0.0.0/16
  type: networkInterface
  target: ${ACCEL_LOOKUP::EC2:ENI_0:accelerator-firewall:Id}

Network Interface associated with an explicit ENI Id:

- name: EniRoute
  destination: 10.0.0.0/16
  type: networkInterface
  target: eni-0123456789abcdef

IPv6 route targeting an Egress-only IGW:

- name: EigwRoute
  ipv6Destination: ::/0
  type: egressOnlyIgw

interface IRouteTableEntryConfig {
    destination?: string;
    destinationPrefixList?: string;
    ipv6Destination?: string;
    name: string;
    target?: string;
    targetAvailabilityZone?: string | number;
    type?: RouteTableEntryType;
}

Index

Properties

destination? destinationPrefixList? ipv6Destination? name target? targetAvailabilityZone? type?

Properties

`Optional` `Readonly`destination

destination?: string

(OPTIONAL) The destination IPv4 CIDR block or dynamic subnet reference for the route table entry.

Remarks

You can either use IPv4 CIDR notation (i.e. 10.0.0.0/16) or target a subnet by referencing its logical name property. If referencing a subnet name, the subnet MUST be defined in the same VPC. This feature is intended for ingress routing scenarios where a gateway route table must target a Gateway Load Balancer or Network Firewall endpoint in a dynamic IPAM-created subnet.

See

SubnetConfig and RouteTableConfig.

destination, ipv6Destination, or destinationPrefixList must be specified for the following route entry types: transitGateway, natGateway, internetGateway, networkInterface, vpcPeering, virtualPrivateGateway.

destination or ipv6Destination MUST be specified for route entry type networkFirewall or gatewayLoadBalancerEndpoint.

Note: Leave undefined for route entry type gatewayEndpoint.

`Optional` `Readonly`destinationPrefixList

destinationPrefixList?: string

The friendly name of the destination prefix list for the route table entry.

Remarks

This is the logical name property of the prefix list as defined in network-config.yaml.

destination, ipv6Destination, or destinationPrefixList must be specified for the following route entry types: transitGateway, natGateway, internetGateway, egressOnlyIgw, networkInterface, vpcPeering, virtualPrivateGateway.

Cannot be specified for route entry type networkFirewall or gatewayLoadBalancerEndpoint. Use destination or ipv6Destination instead.

Note: Leave undefined for route entry type gatewayEndpoint.

See

PrefixListConfig

`Optional` `Readonly`ipv6Destination

ipv6Destination?: string

(OPTIONAL) The destination IPv6 CIDR block or dynamic subnet reference for the route table entry.

Remarks

You can either use IPv6 CIDR notation (i.e. fd00::/8) or target a subnet by referencing its logical name property. If referencing a subnet name, the subnet MUST be defined in the same VPC. This feature is intended for ingress routing scenarios where a gateway route table must target a Gateway Load Balancer or Network Firewall endpoint in a dynamic IPAM-created subnet.

See

SubnetConfig and RouteTableConfig.

destination, ipv6Destination, or destinationPrefixList must be specified for the following route entry types: transitGateway, natGateway, internetGateway, egressOnlyIgw, networkInterface, vpcPeering, virtualPrivateGateway.

destination or ipv6Destination MUST be specified for route entry type networkFirewall or gatewayLoadBalancerEndpoint.

Note: Leave undefined for route entry type gatewayEndpoint.

`Readonly`name

name: string

A friendly name for the route table.

Remarks

CAUTION: Changing this value after initial deployment will cause the route table to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

`Optional` `Readonly`target

target?: string

The friendly name of the destination target.

Remarks

Use s3 or dynamodb as the string when specifying a route entry type of gatewayEndpoint.

This is the logical name property of other target types as defined in network-config.yaml.

Note: Leave undefined for route entry type internetGateway, egressOnlyIgw, or virtualPrivateGateway.

`Optional` `Readonly`targetAvailabilityZone

targetAvailabilityZone?: string | number

The Availability Zone (AZ) the target resides in.

Remarks

Include only the letter of the AZ name (i.e. 'a' for 'us-east-1a') to target a subnet created in a specific AZ. Use an integer (i.e. 1) for subnets using a physical mapping ID to an AZ. Use the availability zone suffix e.g. "laz-1a" for Local Zones. Please reference the documentation Availability Zone IDs for your AWS resources for more information.

Note: Leave undefined for targets of route entry types other than networkFirewall.

`Optional` `Readonly`type

type?: RouteTableEntryType

The destination type of route table entry.

See

NetworkConfigTypes.routeTableEntryTypeEnum

Interface IRouteTableEntryConfig

Description

Example

Index

Properties

Properties

`Optional` `Readonly`destination

Remarks

See

`Optional` `Readonly`destinationPrefixList

Remarks

See

`Optional` `Readonly`ipv6Destination

Remarks

See

`Readonly`name

Remarks

`Optional` `Readonly`target

Remarks

`Optional` `Readonly`targetAvailabilityZone

Remarks

`Optional` `Readonly`type

See

Settings

On This Page

Interface IRouteTableEntryConfig

Description

Example

Index

Properties

Properties

Optional Readonlydestination

Remarks

See

Optional ReadonlydestinationPrefixList

Remarks

See

Optional Readonlyipv6Destination

Remarks

See

Readonlyname

Remarks

Optional Readonlytarget

Remarks

Optional ReadonlytargetAvailabilityZone

Remarks

Optional Readonlytype

See

Settings

On This Page

`Optional` `Readonly`destination

`Optional` `Readonly`destinationPrefixList

`Optional` `Readonly`ipv6Destination

`Readonly`name

`Optional` `Readonly`target

`Optional` `Readonly`targetAvailabilityZone

`Optional` `Readonly`type