AWS Amazon EC2 Client VPN Route

This page shows how to write Terraform and CloudFormation for Amazon EC2 Client VPN Route and write them securely.

aws_ec2_client_vpn_route (Terraform)

The Client VPN Route in Amazon EC2 can be configured in Terraform with the resource name aws_ec2_client_vpn_route. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L7
resource "aws_ec2_client_vpn_route" "this" {
  client_vpn_endpoint_id = var.client_vpn_endpoint_id
  description            = var.description
  destination_cidr_block = var.destination_cidr_block
  target_vpc_subnet_id   = var.target_vpc_subnet_id
}
vpn.tf#L125
resource "aws_ec2_client_vpn_route" "associate_vpn_le0_sn0_route0" {
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.associate_vpn.id
  destination_cidr_block = "192.168.8.0/22"
  target_vpc_subnet_id   = aws_subnet.private_subnet1[0].id
}

Parameters

Explanation in Terraform Registry

Provides additional routes for AWS Client VPN endpoints. For more information on usage, please see the AWS Client VPN Administrator's Guide.

AWS::EC2::ClientVpnRoute (CloudFormation)

The ClientVpnRoute in EC2 can be configured in CloudFormation with the resource name AWS::EC2::ClientVpnRoute. The following sections describe 9 examples of how to use the resource and its parameters.

Example Usage from GitHub

client-vpn.yml#L91
    Type: AWS::EC2::ClientVpnRoute
    Properties:
      ClientVpnEndpointId: !Ref ClientVPN
      DestinationCidrBlock: 0.0.0.0/0
      TargetVpcSubnetId: !Select [ 0, !Ref PrivateSubnetIds ]

Scenario-2-G.yml#L61
    Type: AWS::EC2::ClientVpnRoute
    Properties:
      ClientVpnEndpointId:
        Ref: ClientVPNEndpoint
      Description: Route for private subnet AZ A
      DestinationCidrBlock: 0.0.0.0/0
client_vpn_route_setup.yml#L52
    Type: AWS::EC2::ClientVpnRoute
    Properties:
      ClientVpnEndpointId: !Ref ClientVpnEndpoint
      DestinationCidrBlock: !Ref NewVpcCIDR
      TargetVpcSubnetId: !Ref ClientVpnTargetNetworkSubnet1

add-route-table-cfn.yml#L40
    Type: "AWS::EC2::ClientVpnRoute"
    Properties:
      # create-clientvpn-cfn.ymlで作成したエンドポイントに対してルートテーブルを追加
      ClientVpnEndpointId: !ImportValue "ClientVpnEndpoint"
      # 対象のサブネットを指定
      TargetVpcSubnetId:
client-vpn-with-directory.yml#L171
    Type: AWS::EC2::ClientVpnRoute
    Condition: RoutePeered
    DependsOn: ClientVPNAssociation
    Properties:
      ClientVpnEndpointId: !Ref ClientVPN
      Description: Route to peered VPC
EC2ClientVpnRouteSpecification.json#L3
    "AWS::EC2::ClientVpnRoute": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnroute.html",
      "Properties": {
        "ClientVpnEndpointId": {
          "Required": true,
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnroute.html#cfn-ec2-clientvpnroute-clientvpnendpointid",
AwsDiGavBlueprint.template.json#L2428
      "Type": "AWS::EC2::ClientVpnRoute",
      "Properties": {
        "ClientVpnEndpointId": {
          "Ref": "ClientVpnclientVpnEndpoint53D29AAC"
        },
        "DestinationCidrBlock": {
awsResouceIconMatches.json#L158
        "resourceType": "AWS::EC2::ClientVpnRoute",
        "filePath": "icons/aws/Resource/Res_Networking-and-Content-Delivery/Res_48_Dark/Res_Amazon-Route-53_Route-Table_48_Dark_gen.png"
      },
      {
        "resourceType": "AWS::EC2::PlacementGroup",
        "filePath": null
template.json#L1439
    "AWS::EC2::ClientVpnRoute": {
      "Type": "AWS::EC2::ClientVpnRoute",
      "Properties": {}
    },
    "AWS::ApiGateway::DocumentationVersion": {
      "Type": "AWS::ApiGateway::DocumentationVersion",

Parameters

Explanation in CloudFormation Registry

Specifies a network route to add to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks.

A target network association must be created before you can specify a route. If you're setting up all the components of a Client VPN endpoint at the same time, you must use the DependsOn Attribute to declare a dependency on the AWS::EC2::ClientVpnTargetNetworkAssociation resource.

Frequently asked questions

What is AWS Amazon EC2 Client VPN Route?

AWS Amazon EC2 Client VPN Route is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon EC2 Client VPN Route?

For Terraform, the niveklabs/aws and epieye/winslet source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the webscale-oy-open-source/client-vpn-templates, bayustira/TemplateCloudFormationYAML and VerticalRelevance/aws-client-vpn-factory source code examples are useful. See the CloudFormation Example section for further details.