-
Bug
-
Resolution: Done
-
Undefined
-
None
-
Unspecified
-
True
-
-
False
-
-
https://github.com/ansible-collections/amazon.aws/issues/1867
-
-
- Summary
-
I am trying to create a route table used for VPC IGW Ingress Routing that directs inbound traffic to a VPC Endpoint (AWS Network Firewall) as described in the workshop below. To do this, I need to add a route to the route table with "dest = (subnet CIDR)" and "vpc_endpoint_id = (vpce for firewall)".
Therefore, the `ec2_vpc_route_table` should support routes with `vpc_endpoint_id` as the destination or possibly support `vpce-` endpoints for the `gateway_id` parameter with a destination CIDR block inside the VPC (i.e. a subnet CIDR).
This route table will be associated with an IGW using the `gateway_id` top-level parameter (which is different from the route parameter).
-
-
-
- Additional Cited Information Resources
-
-
- [VPC route table configuration for AWS Network Firewall
](https://docs.aws.amazon.com/network-firewall/latest/developerguide/vpc-config.html#vpc-config-route-tables) - [boto3: EC2 create_route](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2/routetable/create_route.html) – note the parameter used in the API/SDK is `VpcEndpointId`
- [Hands-on Network Firewall Workshop: Lab Two, Step Two](https://catalog.us-east-1.prod.workshops.aws/workshops/d071f444-e854-4f3f-98c8-025fa0d1de2f/en-US/lab-two/step-two) – note the desired route table configuration
-
-
- Issue Type
-
Feature Idea
-
-
- Component Name
-
ec2_vpc_route_table
-
-
- Additional Information
-
```yaml
- with VPC CIDR of 10.10.0.0/16 and "protected" subnets 10.10.1.0/24 and 10.10.4.0/24
- name: Create gateway route table
amazon.aws.ec2_vpc_route_table:
vpc_id: "{{ vpc_result.vpc.id }}"
gateway_id: "{{ igw_result.gateway_id }}"
routes: - dest: 10.10.1.0/24
vpc_endpoint_id: "vpce-0807bf6d9f4368661" # Endpoint for AWS Network Gateway in AZ A - dest: 10.10.4.0/24
vpc_endpoint_id: "vpce-6d9f43686610807bf" # Endpoint for AWS Network Gateway in AZ B
```
-
-
- Code of Conduct
-
- [X] I agree to follow the Ansible Code of Conduct