This message was deleted.

The error says that routing table rule for 10.0.0.0/16 is already exist

the local route (cidr for vpc) is added for every route table and cannot be changed/updated. What are you trying to accomplish ? an example may be helpful

I’m creating an environment with a firewall (pfSense) and I have done that manually. I have changed the CIDR of the VPC for a specific subnet into the network interface of the FW.

But the 10.0.0.0/16 is the vpc cidr right? If that's so, any block that matches this space will be local and cannot be changed.

This is a subnet’s routing table inside the VPC 10.1.0.0/16. As you can see, I have changed the CIDR to the FWs interface

Ya the additional route should be more specific than the local route. May be you can share vpc cidr, subnet cidr and the specific route you are trying to add. Take a look at this if it helps. https://aws.amazon.com/blogs/aws/inspect-subnet-to-subnet-traffic-with-amazon-vpc-more-specific-routing/

Here is the code that I’m using: internet_route_table = ec2.RouteTable(“route_table_name”, vpc_id=self.vpc.id, routes=[ ec2.RouteTableRouteArgs(cidr_block=f’10.1.0.0/16’, network_interface_id=fw_interface.id), ec2.RouteTableRouteArgs(cidr_block=‘0.0.0.0/0’, network_interface_id=fw_interface.id), ], tags={‘Name’: “route_table_name”}) error creating Route in Route Table (rtb-08706f685e5305d9b) with destination (10.1.0.0/16): RouteAlreadyExists: The route identified by 10.1.0.0/16 already exists.

Welcome. If u can share the vpc cidr and the subnet cidr it will be helpful. And to try, change the route to 10.1.0.0/17.

The VPC CIDR is 10.1.0.0/16 Subnet A - 10.1.1.0/24 Subnet B - 10.1.2.0/24 I thought maybe to change the routing table after its creation but I don’t know if pulumi works like that. Step 1 - Create routing table Step 2 - Get the new routing table Step 3 - Change the record of 10.1.0.0/16 -> local to 10.1.0.0/16 -> FW interface

as mentioned earlier, the default entry of the route 10.1.0.0/16 (which corresponds to the VPC CIDR) cannot be changed from local. if the intention is to route all outbound traffic to the fw interface, then the 0.0.0.0/0 pointing to the eni will suffice. OR If you want to inspect INTER SUBNET traffic, then the route entries should be the SUBNET CIDR (example 10.1.2.0/24 which is more specific than the VPC CIDR) pointing to the eni. For Pulumi's behavior, if you make a change to a rule, it should be able to just update the rule. You dont typically add the default local rule in the Pulumi code as its always present. You only add new additional rules. Hope all this makes sense. Else if you are open for consulting, we can help you. DM me if required. Thanks