AWS and CloudFormation: How to attach a Virtual Private Gateway to a Routing Table?
Question
I'm trying to attach a Virtual Private Gateway to a Routing Table with CloudFormation
The following is the Route table JSON I have...
"PrivateRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [{
"Key": "Name",
"Value": "Private_RouteTable-AZ-A"
}]
}
},
"DefaultPrivateRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "PrivateRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "NatGateway"
}
}
},
"PrivateSubnetRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "PrivateRouteTable"
},
"SubnetId": {
"Ref": "PrivateSN"
}
}
}
And this is the Virtual Private Gateway JSON I have..
"VirtualPrivateGateway": {
"Type": "AWS::EC2::VPNGateway",
"Properties": {
"Type": "ipsec.1",
"Tags": [{
"Key": "Name",
"Value": "Virtual Private Gateway"
}]
}
},
"AttachmentVPNGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"VpnGatewayId": {
"Ref": "VirtualPrivateGateway"
}
}
},
"VPNConnection": {
"Type": "AWS::EC2::VPNConnection",
"Properties": {
"Type": "ipsec.1",
"CustomerGatewayId": {
"Ref": "CustomerGateway"
},
"StaticRoutesOnly": true,
"Tags": [{
"Key": "Name",
"Value": "VPN_Connection"
}],
"VpnGatewayId": {
"Ref": "VirtualPrivateGateway"
}
}
}
There's more as well that creates the VPC, Subnet, etc, but I've left it out for simplicity sake. The error happens if I try attach the VPG to the Route table with the following JSON...
"VPGPrivateRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "PrivateRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "VirtualPrivateGateway"
}
}
}
The error I receive from CloudFormation...
The gateway ID 'vgw-xxxxxxxxxxx' does not exist (Service: AmazonEC2; Status Code: 400; Error Code: InvalidGatewayID.NotFound; Request ID: e29700b2-2d76-4e19-9d13-b6f84e22b01c)
The documentation does say that I should be use "GatewayId" to associate a VPG to a route table.
1 answers
solution1
1 ACCPTED 2020-05-29 11:04:25
I think there should be DependsOn on the route table:
A VPN gateway route propagation depends on a VPC-gateway attachment when you have a VPN gateway.
Maybe the following will help:
"VPGPrivateRoute": {
"Type": "AWS::EC2::Route",
"DependsOn" : "AttachmentVPNGateway",
"Properties": {
"RouteTableId": {
"Ref": "PrivateRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "VirtualPrivateGateway"
}
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.