https://pulumi.com logo
Title
s

strong-helmet-83704

10/13/2022, 1:35 AM
Is there a way to change the default route (which points to local) of a route table with Pulumi? This is something which is possible in the API but i get errors when trying to do this with RouteTable and Route 😞
l

little-cartoon-10569

10/13/2022, 1:51 AM
Yes, but (iirc) you need to import the default route, so you can't do it with just a single
up
.
s

strong-helmet-83704

10/13/2022, 1:52 AM
ooof that is an unfortunate state of affairs if this is the only available option
l

little-cartoon-10569

10/13/2022, 1:54 AM
Yes, pretty much anything where AWS "knows best" and creates extra resources doesn't play well with IaC.
It's not a Pulumi-specific problem.
However, it's safe to always ignore the default route, and create a managed route to local with higher priority, which sidesteps the problem.
s

strong-helmet-83704

10/13/2022, 1:56 AM
I need to use the same CIDR as the default route but want it to go elsewhere.
l

little-cartoon-10569

10/13/2022, 1:56 AM
Same as default VPC, default NACL, etc. Just ignore the defaults and manage your own ones...
I don't think that'll be a problem.
s

strong-helmet-83704

10/13/2022, 1:56 AM
can i deploy a route table and instruct it to not produce a route at all?
l

little-cartoon-10569

10/13/2022, 1:56 AM
Just set up the Route and RouteTableAssociation in the normal way, as if the default route wasn't there.
Not sure... 🤔
The default route doesn't have a CIDR, does it? Other than 0.0.0.0....
s

strong-helmet-83704

10/13/2022, 1:58 AM
I might be able to deploy more specific targets… but that only sidesteps the problem…
yea it has the same cidr as the vpc by default
l

little-cartoon-10569

10/13/2022, 1:59 AM
Ah.. you said default route... you mean default RouteTable.
Don't use the default RouteTable. Ignore it. Don't associate it with any subnets. This is a standard rule for all IaC.
s

strong-helmet-83704

10/13/2022, 2:00 AM
uhh… yes… route inside the routetable when its generated
l

little-cartoon-10569

10/13/2022, 2:00 AM
Just don't use that RouteTable. Create your own ones.
s

strong-helmet-83704

10/13/2022, 2:00 AM
hmmm ok we may have gotten confused
l

little-cartoon-10569

10/13/2022, 2:00 AM
The default RouteTable isn't used by anything except the default subnet, and you shouldn't be using that.
s

strong-helmet-83704

10/13/2022, 2:00 AM
i am generating a brand new route table, it comes with a local route. i can’t seem to update that route
l

little-cartoon-10569

10/13/2022, 2:02 AM
I think I'm missing something. Checking my own Pulumi-created resources...
s

strong-helmet-83704

10/13/2022, 2:04 AM
error creating Route in Route Table (rtb-x) with destination (10.1.130.0/24): RouteAlreadyExists: The route identified by 10.1.130.0/24 already exists.
I think you were right when you said that Pulumi is not aware of the local route created when the route table is created
perhaps we can perform an inline import of that route and then replace it….
l

little-cartoon-10569

10/13/2022, 2:09 AM
No, I don't think so. You can use the AWS SDK to make the change, after Pulumi has finished doing its thing.
You can also create another RouteTable with the correct route defined inline (rather than via Route / RouteTableAssoication).. not certain that'd work, but it might.
I've been looking through the AWS SDK to see if there's a different API for the default route, but there isn't. It's just a regular route that's set up by AWS.
(Grr)
s

strong-helmet-83704

10/13/2022, 2:13 AM
Tested that… same error. RouteAlreadyExists
l

little-cartoon-10569

10/13/2022, 2:14 AM
In fact.. it's a documented "feature" that if you create a RouteTable with inline routes, then set up Route / RouteTableAssociation routes, then all the inline routes are overwritten.. you might be able to make that work to your advantage... just define a dummy useless inline route, then set up all the real routes using Route. https://www.pulumi.com/registry/packages/aws/api-docs/ec2/routetable/
NOTE on Route Tables and Routes: This provider currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite rules.
s

strong-helmet-83704

10/13/2022, 2:15 AM
I can try…
l

little-cartoon-10569

10/13/2022, 2:15 AM
I have a question about why you'd want this though.. normally if you want to redirect traffic through a VPC to another one, you'd set up either a virtual gateway, or peering. Would either of those options be better?
s

strong-helmet-83704

10/13/2022, 2:16 AM
this is for an igw which sits in front of a firewall. All local traffic coming back from the igw should be sent back to the vpce (firewall)
i THINK with my architecture i’m gonna need to use more specific subnet routes to redirect traffic to respective AZ’s anyhow. So that will be a good workaround….
l

little-cartoon-10569

10/13/2022, 2:18 AM
Is the VPCE not inside a subnet? You shouldn't need to bother with the default route if the device is in an AWS subnet, right?
s

strong-helmet-83704

10/13/2022, 2:19 AM
the igw exists only at the vpc level. It needs a route table edge association to send traffic specifically back to the vpce…