AWS Cloudformation - can't add multiple subnet associations to a public routing table

amazon-web-services amazon-cloudformation

Solution 1:

As @Marcus explained in his response to his own question; it is the lack of the DependsOn attribute when you create an AWS::EC2::Route entry where you specify a Gateway.

For route entries that specify a gateway, you must specify a dependency on the gateway attachment resource.

Having received the same error and scratching my head as to how this failed when the IGW is attached to the VPC it was a simple change in the AWS::EC2::Route declaration.

Failing CFN:

"VPC" : {
    "Type" : "AWS::EC2::VPC",
    "Properties" : {"CidrBlock" : "10.1.0.0/16"}
},
"InternetGateway" : {
    "Type" : "AWS::EC2::InternetGateway"
},
"InternetGatewayAttachment" : {
    "Type" : "AWS::EC2::VPCGatewayAttachment",
    "Properties" : {
        "VpcId" : {"Ref" : "VPC"},
        "InternetGatewayId" : {"Ref" : "InternetGateway"}
    }
},
"ManagementRouteTable" : {
    "Type" : "AWS::EC2::RouteTable",
    "Properties" : {
        "VpcId" : {"Ref" : "VPC"}
    }
},
"NATDefaultRoute" : {
    "Type" : "AWS::EC2::Route",
    "Properties" : {
        "RouteTableId" : {"Ref" : "ManagementRouteTable"},
        "DestinationCidrBlock" : "0.0.0.0/0",
        "GatewayId" : {"Ref" : "InternetGateway"}
    }
}

Working CFN:

"VPC" : {
    "Type" : "AWS::EC2::VPC",
    "Properties" : {"CidrBlock" : "10.1.0.0/16"}
},
"InternetGateway" : {
    "Type" : "AWS::EC2::InternetGateway"
},
"InternetGatewayAttachment" : {
    "Type" : "AWS::EC2::VPCGatewayAttachment",
    "Properties" : {
        "VpcId" : {"Ref" : "VPC"},
        "InternetGatewayId" : {"Ref" : "InternetGateway"}
    }
},
"ManagementRouteTable" : {
    "Type" : "AWS::EC2::RouteTable",
    "Properties" : {
        "VpcId" : {"Ref" : "VPC"}
    }
},
"NATDefaultRoute" : {
    "DependsOn" : "InternetGatewayAttachment",
    "Type" : "AWS::EC2::Route",
    "Properties" : {
        "RouteTableId" : {"Ref" : "ManagementRouteTable"},
        "DestinationCidrBlock" : "0.0.0.0/0",
        "GatewayId" : {"Ref" : "InternetGateway"}
    }
}

Solution 2:

are you sure you've attached the InternetGatway to a VPC (or the same VPC as the route table). In cloud formation this looks something like...

    "AttachInternetGateway" : {
       "Type" : "AWS::EC2::VPCGatewayAttachment",
       "Properties" : {
          "VpcId" : { "Ref" : "YourVpc" },
          "InternetGatewayId" : { "Ref" : "InternetGateway" }
       }
    },

Solution 3:

I found a fix. I was on the right track with the Wait Conditions however it turns out I needed to add a DependsOn attribute to the rule so that it depended on the igw being created first.

Related

Apache producing lots of SSL-only errors even though the data in-browser seems fine
Hyper-V 2012 R2 on HP ProLiant DL380 G5? [closed]
OS X equivalents for Ubuntu's genisoimage and qemu-img
How can I set one hostname and IP for multiple MACs in DHCPd (isc-dhcpd-4.1.1-P1) on CentOS 6.x?
Is it ok to use self-signed certificates for smtp transport?
Linux: Lost internet while using vipw. How can I unlock the file?
Recycle Bin for Network Share
Telnet Results in "Connection closed by foreign host"
How to upgrade nginx from 1.2 to 1.6 on debian 7
When cron is completed How to get email notification and log in a file (both)
Cloud mapping experiment. Contact [email protected] in the access logs
how to fix corrupt, not cleanly closed and upgrade needing tables in mysql