AWS Amazon EC2 Association
This page shows how to write Terraform and CloudFormation for Amazon EC2 Association and write them securely.
aws_route_table_association (Terraform)
The Association in Amazon EC2 can be configured in Terraform with the resource name aws_route_table_association
. The following sections describe 1 example of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_route_table_association" "tappo1-public-1b-rtbassoc-0127c825ff6654db8" {
route_table_id = "rtb-0aa19f1b4bab76874"
subnet_id = "subnet-07fc1cb0c3b60c9ea"
}
resource "aws_route_table_association" "tappo1-db-1a-rtbassoc-02b62b697b221f82e" {
Parameters
-
gateway_id
optional - string -
id
optional computed - string -
route_table_id
required - string -
subnet_id
optional - string
Explanation in Terraform Registry
Provides a resource to create an association between a route table and a subnet or a route table and an internet gateway or virtual private gateway.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
AWS::EC2::Route (CloudFormation)
The Route in EC2 can be configured in CloudFormation with the resource name AWS::EC2::Route
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::EC2::RouteTable
Properties:
Tags:
- Key: "Name"
Value: "DEVRT"
VpcId: !Ref "VPC"
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId:
Ref: VPC
Tags:
-
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: Vpc
Tags:
- Key: Name
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref VPC1RouteTable
DestinationCidrBlock: 10.2.0.0/16
TransitGatewayId: !Ref Region1TransitGateway
VPC1TGWRoute3:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref VPC1RouteTable
DestinationCidrBlock: 10.2.0.0/16
TransitGatewayId: !Ref Region1TransitGateway
VPC1TGWRoute3:
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {"Fn::ImportValue": "VPCId"},
"Tags": [
{
"Key": "Name",
"Type": "AWS::EC2::RouteTable"
},
"rtb00404b6df41dfc37aassociation1": {
"Properties": {
"RouteTableId": {
"Ref": "rtb00404b6df41dfc37a"
"Type": "AWS::EC2::Route",
"Condition": "Peer1Vpc",
"Properties": {
"DestinationCidrBlock": { "Ref": "Peer1VpcCidr" },
"RouteTableId": { "Fn::ImportValue": { "Fn::Sub": "${DeploymentName}-InternetRouteTable" } },
"VpcPeeringConnectionId": { "Ref": "VpcPeer1" }
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
}
}
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : {"Ref" : "VPC"}
}
},
Parameters
-
CarrierGatewayId
optional - String -
DestinationCidrBlock
optional - String -
DestinationIpv6CidrBlock
optional - String -
EgressOnlyInternetGatewayId
optional - String -
GatewayId
optional - String -
InstanceId
optional - String -
LocalGatewayId
optional - String -
NatGatewayId
optional - String -
NetworkInterfaceId
optional - String -
RouteTableId
required - String -
TransitGatewayId
optional - String -
VpcEndpointId
optional - String -
VpcPeeringConnectionId
optional - String
Explanation in CloudFormation Registry
Specifies a route in a route table within a VPC.
You must specify either
DestinationCidrBlock
orDestinationIpv6CidrBlock
, plus the ID of one of the target resources.If you create a route that references a transit gateway in the same template where you create the transit gateway, you must declare a dependency on the transit gateway attachment. The route table cannot use the transit gateway until it has successfully attached to the VPC. Add a DependsOn Attribute in the
AWS::EC2::Route
resource to explicitly declare a dependency on theAWS::EC2::TransitGatewayAttachment
resource.
Frequently asked questions
What is AWS Amazon EC2 Association?
AWS Amazon EC2 Association is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EC2 Association?
For Terraform, the tappoflw/tappo1 source code example is useful. See the Terraform Example section for further details.
For CloudFormation, the virajnemane/DevOpsNM4, NetJimB/AWS-VPC-5-Tier and bcx-exa/open_source_triple_continent_traditional source code examples are useful. See the CloudFormation Example section for further details.