ec2_vpc_route_table should have support for VpcEndpointId
andrewjroth opened this issue · comments
Summary
I am trying to create a route table used for VPC IGW Ingress Routing that directs inbound traffic to a VPC Endpoint (AWS Network Firewall) as described in the workshop below. To do this, I need to add a route to the route table with "dest = (subnet CIDR)" and "vpc_endpoint_id = (vpce for firewall)".
Therefore, the ec2_vpc_route_table
should support routes with vpc_endpoint_id
as the destination or possibly support vpce-
endpoints for the gateway_id
parameter with a destination CIDR block inside the VPC (i.e. a subnet CIDR).
This route table will be associated with an IGW using the gateway_id
top-level parameter (which is different from the route parameter).
Additional Cited Information Resources
- VPC route table configuration for AWS Network Firewall
- boto3: EC2 create_route -- note the parameter used in the API/SDK is
VpcEndpointId
- Hands-on Network Firewall Workshop: Lab Two, Step Two -- note the desired route table configuration
Issue Type
Feature Idea
Component Name
ec2_vpc_route_table
Additional Information
# with VPC CIDR of 10.10.0.0/16 and "protected" subnets 10.10.1.0/24 and 10.10.4.0/24
- name: Create gateway route table
amazon.aws.ec2_vpc_route_table:
vpc_id: "{{ vpc_result.vpc.id }}"
gateway_id: "{{ igw_result.gateway_id }}"
routes:
- dest: 10.10.1.0/24
vpc_endpoint_id: "vpce-0807bf6d9f4368661" # Endpoint for AWS Network Gateway in AZ A
- dest: 10.10.4.0/24
vpc_endpoint_id: "vpce-6d9f43686610807bf" # Endpoint for AWS Network Gateway in AZ B
Code of Conduct
- I agree to follow the Ansible Code of Conduct
Thanks @andrewjroth for the feature idea! Is this something you would be willing to open a PR for?