AWS CloudFormation deployment of AWS Network Firewall
I am deploying a Network Firewall setup (VPC, protected subnet, NAT subnet, firewall subnet, NAT GW, Network Firewall, IGW, route tables and routes) with CloudFormation.
How can I setup a needed route in the route table?
The route points to Network Firewall VPC endpoint in a specific subnet and I have to setup the route usingthe CloudFormation Type: AWS::EC2::Route:
IGWIngressRoute: Type: AWS::EC2::Route DependsOn: NetworkFirewall Properties: RouteTableId: !Ref IGWIngressRouteTable DestinationCidrBlock: !Ref NATGatewaySubnetCIDR VpcEndpointId: <<<<<< here comes a specific Network Firewall endpoint
The property VpcEndpointId should be set to a specific Network Firewall endpoint for a particular subnet.
The Network Firewall resource contains the EndpointIds attribute with the list of all endpoints. I can get that list with !GetAtt NetworkFirewall.EndpointIds
The problem: how should I proceed correctly to setup the route pointing to a Network Firewall endpoint? So far I have not found any sample CloudFormation snippet doing that.
I understand, that the route setup can be done via CFN custom resource or post-deployment etc. But is it doable with CloudFormation template only?
- Newest
- Most votes
- Most comments
You will have to use a Custom Resource (or possibly a Macro). Passing in the EndpointIds and either sorting them or returning a structure that can be selected from.
There's an open issue on the public resource provider which is worth tracking or contributing to.
Relevant content
- asked 2 years ago
- asked 2 years ago
- asked 2 years ago
- asked 2 years ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
