does anybody knows what is the advantage of having...
# generalb
bored-river-53178
06/27/2019, 10:15 AMdoes anybody knows what is the advantage of having separate route tables for each subnet by default with awsx? (https://github.com/pulumi/pulumi-awsx/blob/master/nodejs/awsx/ec2/vpc.ts#L177)
bored-river-53178
06/27/2019, 10:17 AMby default, I would prefer to manage the routes for all subnets via vpc default route table, but it seems there is no such option, am I missing something?
bored-river-53178
07/03/2019, 12:59 AM@lemon-spoon-91807 could you please answer this?
l
lemon-spoon-91807
07/03/2019, 1:35 AMhi @bored-river-53178 !
lemon-spoon-91807
07/03/2019, 1:35 AMmostly due to:
lemon-spoon-91807
07/03/2019, 1:35 AMEach VPC created in AWS comes with a Default Route Table that can be managed, but not destroyed. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource. It is recommended you do not use both aws_default_route_table to manage the default route table and use the aws_main_route_table_association, due to possible conflict in routes.
The aws_default_route_table behaves differently from normal resources, in that Terraform does not create this resource, but instead attempts to "adopt" it into management. We can do this because each VPC created has a Default Route Table that cannot be destroyed, and is created with a single route.
When Terraform first adopts the Default Route Table, it immediately removes all defined routes. It then proceeds to create any routes specified in the configuration. This step is required so that only the routes specified in the configuration present in the Default Route Table.
lemon-spoon-91807
07/03/2019, 1:36 AMusing normal RouteTables and RouteTableAssociations seems simple and sensible
b
bored-river-53178
07/03/2019, 1:59 AMthanks, Cyrus
bored-river-53178
07/03/2019, 2:01 AMin my use case separate routes for subnets create unnecessary complication, I think: I am creating VPC peering between VPCs in different accounts and I have to create route for it
bored-river-53178
07/03/2019, 2:02 AMusually I create such route on VPC level and it works, but in the case of awsx.ec2.Vpc subnet specific routes override the VPC one
bored-river-53178
07/03/2019, 2:03 AM(because they contain 0.0.0.0)
bored-river-53178
07/03/2019, 2:04 AMis it necessary to define 0.0.0.0 route at the subnet level? that makes it impossible to override it
l
lemon-spoon-91807
07/03/2019, 2:06 AMawsx.ec2.Vpc's behavior is somewhat intended to be useful for common cases, but not for all types of configurability. Something you can do is make the low level resources yourself, and then just use Vpc.fromExistingIds if you really want to use the awsx.ec2.Vpc instance
b
bored-river-53178
07/03/2019, 2:07 AMyes, I know, but the functionality to automatically create subnets for each AZ is so convenient
l
lemon-spoon-91807
07/03/2019, 2:08 AMYou could def open an issue about different types of flexibility you'd like to see 🙂
lemon-spoon-91807
07/03/2019, 2:08 AMwe can discuss options. and potentially take a PR if you'd be interested 🙂
b
bored-river-53178
07/03/2019, 2:08 AMok, thanks
l
lemon-spoon-91807
07/03/2019, 2:10 AMone option would be to make it so we can avoid creating the IG by default.
lemon-spoon-91807
07/03/2019, 2:11 AMthen you could make the IG and attach the subnets to the IG yourself
7 Views