NetworkConfig / VpcConfig | VpcTemplatesConfig / RouteTableConfig / RouteTableEntryConfig

VPC route table static route entry configuration.

Use this configuration to define static route entries in a VPC subnet or gateway route table. Static routes are used determine traffic flow from your subnet to a defined destination address and target.

Transit Gateway Attachment

- name: TgwRoute
destination: 0.0.0.0/0
type: transitGateway
target: Network-Main

NAT Gateway

- name: NatRoute
destination: 0.0.0.0/0
type: natGateway
target: Nat-A

Internet Gateway

- name: IgwRoute
destination: 0.0.0.0/0
type: internetGateway

VPC Peering

- name: PeerRoute
destination: 10.0.0.0/16
type: vpcPeering
target: Peering

Network Firewall with CIDR destination:

- name: NfwRoute
destination: 0.0.0.0/0
type: networkFirewall
target: accelerator-firewall
targetAvailabilityZone: a

Network Firewall with subnet destination:

- name: NfwRoute
destination: subnet-a
type: networkFirewall
target: accelerator-firewall
targetAvailabilityZone: a

Gateway Load Balancer Endpoint with CIDR destination:

- name: GwlbRoute
destination: 0.0.0.0/0
type: gatewayLoadBalancerEndpoint
target: Endpoint-A

Gateway Load Balancer Endpoint with subnet destination:

- name: GwlbRoute
destination: subnet-a
type: gatewayLoadBalancerEndpoint
target: Endpoint-A

Local Gateway associated with an AWS Outpost:

- name: LgwRoute
destination: 10.0.0.0/16
type: localGateway
target: LocalGateway-A

Network Interface associated with a dynamic lookup:

  • NOTE: This lookup value is not supported for firewalls defined in Ec2FirewallAutoScalingGroupConfig. The interface must have the associateElasticIp property set to 'true' or the sourceDestCheck property set to 'false'
- name: EniRoute
destination: 10.0.0.0/16
type: networkInterface
target: ${ACCEL_LOOKUP::EC2:ENI_0:accelerator-firewall:Id}

Network Interface associated with an explicit ENI Id:

- name: EniRoute
destination: 10.0.0.0/16
type: networkInterface
target: eni-0123456789abcdef

IPv6 route targeting an Egress-only IGW:

- name: EigwRoute
ipv6Destination: ::/0
type: egressOnlyIgw
interface IRouteTableEntryConfig {
    destination?: string;
    destinationPrefixList?: string;
    ipv6Destination?: string;
    name: string;
    target?: string;
    targetAvailabilityZone?: string | number;
    type?: RouteTableEntryType;
}

Properties

destination?: string

(OPTIONAL) The destination IPv4 CIDR block or dynamic subnet reference for the route table entry.

You can either use IPv4 CIDR notation (i.e. 10.0.0.0/16) or target a subnet by referencing its logical name property. If referencing a subnet name, the subnet MUST be defined in the same VPC. This feature is intended for ingress routing scenarios where a gateway route table must target a Gateway Load Balancer or Network Firewall endpoint in a dynamic IPAM-created subnet.

SubnetConfig and RouteTableConfig.

destination, ipv6Destination, or destinationPrefixList must be specified for the following route entry types: transitGateway, natGateway, internetGateway, networkInterface, vpcPeering, virtualPrivateGateway.

destination or ipv6Destination MUST be specified for route entry type networkFirewall or gatewayLoadBalancerEndpoint.

Note: Leave undefined for route entry type gatewayEndpoint.

destinationPrefixList?: string

The friendly name of the destination prefix list for the route table entry.

This is the logical name property of the prefix list as defined in network-config.yaml.

destination, ipv6Destination, or destinationPrefixList must be specified for the following route entry types: transitGateway, natGateway, internetGateway, egressOnlyIgw, networkInterface, vpcPeering, virtualPrivateGateway.

Cannot be specified for route entry type networkFirewall or gatewayLoadBalancerEndpoint. Use destination or ipv6Destination instead.

Note: Leave undefined for route entry type gatewayEndpoint.

PrefixListConfig

ipv6Destination?: string

(OPTIONAL) The destination IPv6 CIDR block or dynamic subnet reference for the route table entry.

You can either use IPv6 CIDR notation (i.e. fd00::/8) or target a subnet by referencing its logical name property. If referencing a subnet name, the subnet MUST be defined in the same VPC. This feature is intended for ingress routing scenarios where a gateway route table must target a Gateway Load Balancer or Network Firewall endpoint in a dynamic IPAM-created subnet.

SubnetConfig and RouteTableConfig.

destination, ipv6Destination, or destinationPrefixList must be specified for the following route entry types: transitGateway, natGateway, internetGateway, egressOnlyIgw, networkInterface, vpcPeering, virtualPrivateGateway.

destination or ipv6Destination MUST be specified for route entry type networkFirewall or gatewayLoadBalancerEndpoint.

Note: Leave undefined for route entry type gatewayEndpoint.

name: string

A friendly name for the route table.

CAUTION: Changing this value after initial deployment will cause the route table to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

target?: string

The friendly name of the destination target.

Use s3 or dynamodb as the string when specifying a route entry type of gatewayEndpoint.

This is the logical name property of other target types as defined in network-config.yaml.

Note: Leave undefined for route entry type internetGateway, egressOnlyIgw, or virtualPrivateGateway.

targetAvailabilityZone?: string | number

The Availability Zone (AZ) the target resides in.

Include only the letter of the AZ name (i.e. 'a' for 'us-east-1a') to target a subnet created in a specific AZ. Use an integer (i.e. 1) for subnets using a physical mapping ID to an AZ. Use the availability zone suffix e.g. "laz-1a" for Local Zones. Please reference the documentation Availability Zone IDs for your AWS resources for more information.

Note: Leave undefined for targets of route entry types other than networkFirewall.

type?: RouteTableEntryType

The destination type of route table entry.

NetworkConfigTypes.routeTableEntryTypeEnum