No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

by default, I would prefer to manage the routes for all subnets via vpc default route table, but it seems there is no such option, am I missing something?

<@UB9JVTW07> could you please answer this?

&gt; Each VPC created in AWS comes with a Default Route Table that can be managed, but not destroyed. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource. It is recommended you do not use both aws_default_route_table to manage the default route table and use the aws_main_route_table_association, due to possible conflict in routes.

&gt; The aws_default_route_table behaves differently from normal resources, in that Terraform does not create this resource, but instead attempts to "adopt" it into management. We can do this because each VPC created has a Default Route Table that cannot be destroyed, and is created with a single route.

&gt; When Terraform first adopts the Default Route Table, it immediately removes all defined routes. It then proceeds to create any routes specified in the configuration. This step is required so that only the routes specified in the configuration present in the Default Route Table.

using normal RouteTables and RouteTableAssociations seems simple and sensible

in my use case separate routes for subnets create unnecessary complication, I think: I am creating VPC peering between VPCs in different accounts and I have to create route for it

usually I create such route on VPC level and it works, but in the case of awsx.ec2.Vpc subnet specific routes override the VPC one

is it necessary to define 0.0.0.0 route at the subnet level? that makes it impossible to override it

awsx.ec2.Vpc's behavior is somewhat intended to be useful for common cases, but not for all types of configurability.  Something you can do is make the low level resources yourself, and then just use  Vpc.fromExistingIds if you really want to use the awsx.ec2.Vpc instance

yes, I know, but the functionality to automatically create subnets for each AZ is so convenient

You could def open an issue about different types of flexibility you'd like to see :slightly_smiling_face:

we can discuss options.  and potentially take a PR if you'd be interested :slightly_smiling_face:

one option would be to make it so we can avoid creating the IG by default.

then you could make the IG and attach the subnets to the IG yourself