AWS Amazon EC2 Route Table
This page shows how to write Terraform and CloudFormation for Amazon EC2 Route Table and write them securely.
aws_route_table (Terraform)
The Route Table in Amazon EC2 can be configured in Terraform with the resource name aws_route_table
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_route_table" "dev-tt-eu-central-1c" {
vpc_id = aws_vpc.vpc-ha-dev.id //"vpc-c05e4fab"
route {
cidr_block = "213.227.179.135/32"
gateway_id = aws_vpn_gateway.vpg.id // "vgw-0e6ac73982d1a57dc"
resource "aws_route_table" "main-public" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main-gw.id
}
resource "aws_route_table" "dev-tt-eu-central-1c" {
vpc_id = aws_vpc.vpc-ha-dev.id //"vpc-c05e4fab"
route {
cidr_block = "213.227.179.135/32"
gateway_id = aws_vpn_gateway.vpg.id // "vgw-0e6ac73982d1a57dc"
resource "aws_route_table" "hands_on_public_1a" {
vpc_id = aws_vpc.hands_on.id
tags = {
Name = "hands-on-public-1a"
}
resource "aws_route_table" "public" {
# The VPC ID.
vpc_id = aws_vpc.main.id
route {
# The CIDR block of the route.
Parameters
-
arn
optional computed - string -
id
optional computed - string -
owner_id
optional computed - string -
propagating_vgws
optional computed - set of string -
route
optional computed - set of object-
carrier_gateway_id
- string -
cidr_block
- string -
destination_prefix_list_id
- string -
egress_only_gateway_id
- string -
gateway_id
- string -
instance_id
- string -
ipv6_cidr_block
- string -
local_gateway_id
- string -
nat_gateway_id
- string -
network_interface_id
- string -
transit_gateway_id
- string -
vpc_endpoint_id
- string -
vpc_peering_connection_id
- string
-
-
tags
optional - map from string to string -
vpc_id
required - string
Explanation in Terraform Registry
Provides a resource to create a VPC routing table.
NOTE on Route Tables and Routes: Terraform currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite rules. NOTE on
gateway_id
andnat_gateway_id
: The AWS API is very forgiving with these two attributes and theaws_route_table
resource can be created with a NAT ID specified as a Gateway ID attribute. This will lead to a permanent diff between your configuration and statefile, as the API returns the correct parameters in the returned route table. If you're experiencing constant diffs in youraws_route_table
resources, the first thing to check is whether or not you're specifying a NAT ID instead of a Gateway ID, or vice-versa. NOTE onpropagating_vgws
and theaws_vpn_gateway_route_propagation
resource: If thepropagating_vgws
argument is present, it's not supported to also define route propagations usingaws_vpn_gateway_route_propagation
, since this resource will delete any propagating gateways not explicitly listed inpropagating_vgws
. Omit this argument when defining route propagation using the separate resource.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
AWS::EC2::RouteTable (CloudFormation)
The RouteTable in EC2 can be configured in CloudFormation with the resource name AWS::EC2::RouteTable
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Ref AWS::StackName
Type: AWS::EC2::RouteTable
DependsOn: VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
PublicRoute:
Type: AWS::EC2::Route
Type: AWS::EC2::RouteTable
Condition: Az1
Properties:
VpcId:
Ref: Vpc
Tags:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: Vpc
Tags:
- Key: Name
Type: AWS::EC2::RouteTable
Condition: Az1
Properties:
VpcId:
Ref: Vpc
Tags:
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Fn::ImportValue": {
"Fn::Sub": "VPC${VPCIdentifier}"
}
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Fn::ImportValue": {
"Fn::Sub": "VPC${VPCIdentifier}"
}
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Fn::ImportValue": {
"Fn::Sub": "VPC${VPCIdentifier}"
}
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId": {"Ref" :"Vpcid"},
"Tags": [{
Parameters
Explanation in CloudFormation Registry
Specifies a route table for a specified VPC. After you create a route table, you can add routes and associate the table with a subnet.
For more information, see Route Tables in the Amazon Virtual Private Cloud User Guide.
Frequently asked questions
What is AWS Amazon EC2 Route Table?
AWS Amazon EC2 Route Table is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EC2 Route Table?
For Terraform, the mdigbazova/terraforming-4ha-live-all-resources, rohitgabriel/packer-ansible-terraform and mdigbazova/terraforming-add-a-new-customer source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the bgaillard/meetup-spot-instances, FirosStuart/aws-moodle-container-app and bcx-exa/template_traditional_core source code examples are useful. See the CloudFormation Example section for further details.