AWS Amazon EC2 Transit Gateway Prefix List Reference
This page shows how to write Terraform and CloudFormation for Amazon EC2 Transit Gateway Prefix List Reference and write them securely.
aws_ec2_transit_gateway_prefix_list_reference (Terraform)
The Transit Gateway Prefix List Reference in Amazon EC2 can be configured in Terraform with the resource name aws_ec2_transit_gateway_prefix_list_reference
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_ec2_transit_gateway_prefix_list_reference" "prod_usw1_usw2" {
provider = aws.us-west-1
depends_on = [aws_ec2_transit_gateway_peering_attachment_accepter.usw1_usw2]
prefix_list_id = aws_ec2_managed_prefix_list.prod_usw1_usw2.id
transit_gateway_attachment_id = aws_ec2_transit_gateway_peering_attachment.usw1_usw2.id
resource "aws_ec2_transit_gateway_prefix_list_reference" "prod_usw2_usw1" {
provider = aws.us-west-2
depends_on = [aws_ec2_transit_gateway_peering_attachment_accepter.usw1_usw2]
prefix_list_id = aws_ec2_managed_prefix_list.prod_usw2_usw1.id
transit_gateway_attachment_id = aws_ec2_transit_gateway_peering_attachment_accepter.usw1_usw2.id
Parameters
-
blackhole
optional - bool -
id
optional computed - string -
prefix_list_id
required - string -
prefix_list_owner_id
optional computed - string -
transit_gateway_attachment_id
optional - string -
transit_gateway_route_table_id
required - string
Explanation in Terraform Registry
Manages an EC2 Transit Gateway Prefix List Reference.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
AWS::EC2::TransitGateway (CloudFormation)
The TransitGateway in EC2 can be configured in CloudFormation with the resource name AWS::EC2::TransitGateway
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::EC2::TransitGateway
Properties:
AutoAcceptSharedAttachments: enable
DefaultRouteTableAssociation: enable
DefaultRouteTablePropagation: enable
Type: "AWS::EC2::TransitGateway"
Properties:
AmazonSideAsn: 65000
Description: "TGW Route Integration Test"
AutoAcceptSharedAttachments: "disable"
DefaultRouteTableAssociation: "enable"
Type: AWS::EC2::TransitGateway
Type: AWS::EC2::TransitGateway
Type: AWS::EC2::TransitGateway
Properties:
AutoAcceptSharedAttachments: enable # Hoping this makes attaching VPCs easier
Outputs:
TransitGatewayId:
"Type": "AWS::EC2::TransitGateway",
"Properties": {
"Description": "TGW for LZ",
"AutoAcceptSharedAttachments": "enable",
"DefaultRouteTableAssociation": "disable",
"DefaultRouteTablePropagation": "disable",
"Type": "AWS::EC2::TransitGateway",
"Properties": {
"DefaultRouteTableAssociation": "disable",
"DefaultRouteTablePropagation": "disable",
"Tags": [
{
"AWS::EC2::TransitGateway": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgateway.html",
"Properties": {
"DefaultRouteTablePropagation": {
"Required": false,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgateway.html#cfn-ec2-transitgateway-defaultroutetablepropagation",
"AWS::EC2::TransitGateway": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgateway.html",
"Properties": {
"DefaultRouteTablePropagation": {
"Required": false,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgateway.html#cfn-ec2-transitgateway-defaultroutetablepropagation",
"AWS::EC2::TransitGateway": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgateway.html",
"Properties": {
"DefaultRouteTablePropagation": {
"Required": false,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgateway.html#cfn-ec2-transitgateway-defaultroutetablepropagation",
Parameters
-
DefaultRouteTablePropagation
optional - String -
Description
optional - String -
AutoAcceptSharedAttachments
optional - String -
DefaultRouteTableAssociation
optional - String -
VpnEcmpSupport
optional - String -
DnsSupport
optional - String -
MulticastSupport
optional - String -
AmazonSideAsn
optional - Integer -
TransitGatewayCidrBlocks
optional - List -
Tags
optional - List of Tag -
AssociationDefaultRouteTableId
optional - String -
PropagationDefaultRouteTableId
optional - String
Explanation in CloudFormation Registry
Specifies a transit gateway.
You can use a transit gateway to interconnect your virtual private clouds (VPC) and on-premises networks. After the transit gateway enters the
available
state, you can attach your VPCs and VPN connections to the transit gateway.To attach your VPCs, use AWS::EC2::TransitGatewayAttachment.
To attach a VPN connection, use AWS::EC2::CustomerGateway to create a customer gateway and specify the ID of the customer gateway and the ID of the transit gateway in a call to AWS::EC2::VPNConnection.
When you create a transit gateway, we create a default transit gateway route table and use it as the default association route table and the default propagation route table. You can use AWS::EC2::TransitGatewayRouteTable to create additional transit gateway route tables. If you disable automatic route propagation, we do not create a default transit gateway route table. You can use AWS::EC2::TransitGatewayRouteTablePropagation to propagate routes from a resource attachment to a transit gateway route table. If you disable automatic associations, you can use AWS::EC2::TransitGatewayRouteTableAssociation to associate a resource attachment with a transit gateway route table.
Frequently asked questions
What is AWS Amazon EC2 Transit Gateway Prefix List Reference?
AWS Amazon EC2 Transit Gateway Prefix List Reference is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EC2 Transit Gateway Prefix List Reference?
For Terraform, the danielmacuare/aws-net and danielmacuare/aws-net source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the Iman0510/Sandbox, j-crotty/CloudFormation and cue-sh/stax source code examples are useful. See the CloudFormation Example section for further details.