Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
s
strong-helmet-83704
10/13/2022, 1:35 AMIs there a way to change the default route (which points to local) of a route table with Pulumi? This is something which is possible in the API but i get errors when trying to do this with RouteTable and Route 😞
l
little-cartoon-10569
10/13/2022, 1:51 AMYes, but (iirc) you need to import the default route, so you can't do it with just a single
ups
strong-helmet-83704
10/13/2022, 1:52 AMooof that is an unfortunate state of affairs if this is the only available option
l
little-cartoon-10569
10/13/2022, 1:54 AMYes, pretty much anything where AWS "knows best" and creates extra resources doesn't play well with IaC.
It's not a Pulumi-specific problem.
However, it's safe to always ignore the default route, and create a managed route to local with higher priority, which sidesteps the problem.
s
strong-helmet-83704
10/13/2022, 1:56 AMI need to use the same CIDR as the default route but want it to go elsewhere.
l
little-cartoon-10569
10/13/2022, 1:56 AMSame as default VPC, default NACL, etc. Just ignore the defaults and manage your own ones...
I don't think that'll be a problem.
s
strong-helmet-83704
10/13/2022, 1:56 AMcan i deploy a route table and instruct it to not produce a route at all?
l
little-cartoon-10569
10/13/2022, 1:56 AMJust set up the Route and RouteTableAssociation in the normal way, as if the default route wasn't there.
Not sure... 🤔
The default route doesn't have a CIDR, does it? Other than 0.0.0.0....
s
strong-helmet-83704
10/13/2022, 1:58 AMI might be able to deploy more specific targets… but that only sidesteps the problem…
yea it has the same cidr as the vpc by default
l
little-cartoon-10569
10/13/2022, 1:59 AMAh.. you said default route... you mean default RouteTable.
Don't use the default RouteTable. Ignore it. Don't associate it with any subnets. This is a standard rule for all IaC.
s
strong-helmet-83704
10/13/2022, 2:00 AMuhh… yes… route inside the routetable when its generated
l
little-cartoon-10569
10/13/2022, 2:00 AMJust don't use that RouteTable. Create your own ones.
s
strong-helmet-83704
10/13/2022, 2:00 AMhmmm ok we may have gotten confused
l
little-cartoon-10569
10/13/2022, 2:00 AMThe default RouteTable isn't used by anything except the default subnet, and you shouldn't be using that.
s
strong-helmet-83704
10/13/2022, 2:00 AMi am generating a brand new route table, it comes with a local route. i can’t seem to update that route
l
little-cartoon-10569
10/13/2022, 2:02 AMI think I'm missing something. Checking my own Pulumi-created resources...
s
strong-helmet-83704
10/13/2022, 2:04 AMerror creating Route in Route Table (rtb-x) with destination (10.1.130.0/24): RouteAlreadyExists: The route identified by 10.1.130.0/24 already exists.I think you were right when you said that Pulumi is not aware of the local route created when the route table is created
perhaps we can perform an inline import of that route and then replace it….
l
little-cartoon-10569
10/13/2022, 2:09 AMNo, I don't think so. You can use the AWS SDK to make the change, after Pulumi has finished doing its thing.
You can also create another RouteTable with the correct route defined inline (rather than via Route / RouteTableAssoication).. not certain that'd work, but it might.
I've been looking through the AWS SDK to see if there's a different API for the default route, but there isn't. It's just a regular route that's set up by AWS.
(Grr)
s
strong-helmet-83704
10/13/2022, 2:13 AMTested that… same error. RouteAlreadyExists
l
little-cartoon-10569
10/13/2022, 2:14 AMIn fact.. it's a documented "feature" that if you create a RouteTable with inline routes, then set up Route / RouteTableAssociation routes, then all the inline routes are overwritten.. you might be able to make that work to your advantage... just define a dummy useless inline route, then set up all the real routes using Route.
https://www.pulumi.com/registry/packages/aws/api-docs/ec2/routetable/
NOTE on Route Tables and Routes: This provider currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite rules.
s
strong-helmet-83704
10/13/2022, 2:15 AMI can try…
l
little-cartoon-10569
10/13/2022, 2:15 AMI have a question about why you'd want this though.. normally if you want to redirect traffic through a VPC to another one, you'd set up either a virtual gateway, or peering. Would either of those options be better?
s
strong-helmet-83704
10/13/2022, 2:16 AMthis is for an igw which sits in front of a firewall. All local traffic coming back from the igw should be sent back to the vpce (firewall)
i THINK with my architecture i’m gonna need to use more specific subnet routes to redirect traffic to respective AZ’s anyhow. So that will be a good workaround….
l
little-cartoon-10569
10/13/2022, 2:18 AMIs the VPCE not inside a subnet? You shouldn't need to bother with the default route if the device is in an AWS subnet, right?
s
strong-helmet-83704
10/13/2022, 2:19 AMthe igw exists only at the vpc level. It needs a route table edge association to send traffic specifically back to the vpce…