ec2_vpc_route_table should have support for VpcEndpointId

Question

ec2_vpc_route_table should have support for VpcEndpointId

andrewjroth opened this issue 7 months ago · comments

Summary

I am trying to create a route table used for VPC IGW Ingress Routing that directs inbound traffic to a VPC Endpoint (AWS Network Firewall) as described in the workshop below. To do this, I need to add a route to the route table with "dest = (subnet CIDR)" and "vpc_endpoint_id = (vpce for firewall)".

Therefore, the ec2_vpc_route_table should support routes with vpc_endpoint_id as the destination or possibly support vpce- endpoints for the gateway_id parameter with a destination CIDR block inside the VPC (i.e. a subnet CIDR).

This route table will be associated with an IGW using the gateway_id top-level parameter (which is different from the route parameter).

Additional Cited Information Resources

VPC route table configuration for AWS Network Firewall
boto3: EC2 create_route -- note the parameter used in the API/SDK is VpcEndpointId
Hands-on Network Firewall Workshop: Lab Two, Step Two -- note the desired route table configuration

Issue Type

Feature Idea

Component Name

ec2_vpc_route_table

Additional Information

    # with VPC CIDR of 10.10.0.0/16 and "protected" subnets 10.10.1.0/24 and 10.10.4.0/24
    - name: Create gateway route table
      amazon.aws.ec2_vpc_route_table:
        vpc_id: "{{ vpc_result.vpc.id }}"
        gateway_id: "{{ igw_result.gateway_id }}"
        routes:
          - dest: 10.10.1.0/24
            vpc_endpoint_id: "vpce-0807bf6d9f4368661"  # Endpoint for AWS Network Gateway in AZ A
          - dest: 10.10.4.0/24
            vpc_endpoint_id: "vpce-6d9f43686610807bf"  # Endpoint for AWS Network Gateway in AZ B

Code of Conduct

I agree to follow the Ansible Code of Conduct

Helen Bailey · Answer 1 · Wed Nov 29 2023 04:52:15 GMT+0800 (China Standard Time)

Thanks @andrewjroth for the feature idea! Is this something you would be willing to open a PR for?