Adding a route to a VPC Endpoint using Troposphere

495 views
Skip to first unread message

Amos S

unread,
Dec 1, 2015, 10:29:50 PM12/1/15
to cloudtools-dev
I followed the reply in https://groups.google.com/forum/#!searchin/cloudtools-dev/endpoint/cloudtools-dev/zGGRR09jugE/N8EPwa6jw6sJ to create an VPCEndpoint using Troposphere.

I now need to add a route entry which points to this End Point.

The problem is that ec2.Route class requires a DestinationCidrBlock but I don't know what should I put in it.

The existing route table (which was created manually through the AWS Console) contains an entry which uses the ARN "pl-6ca54005" as the Destination.

Googling around I found that resources identified by "pl-" are "Prefix Lists":

$ aws ec2 describe-prefix-lists --region ap-southeast-2
{
    "PrefixLists": [
        {
            "PrefixListName": "com.amazonaws.ap-southeast-2.s3",
            "Cidrs": [
                "54.231.252.0/24"
            ],
            "PrefixListId": "pl-6ca54005"
        }
    ]
}

But there is no mention of such strings in the Troposphere code.

For now, I manually copied the string "pl-6ca54005" to the DestinationCidrBlock field and the generated template passes validation (I haven't tried to bring up the stack yet) but I wonder if there is a better way to achieve this using Troposphere. I have to support any AWS region.

For now I suppose that I'll fetch the Prefix List for the relevant region using Boto.

Bob Van Zant

unread,
Dec 1, 2015, 11:17:02 PM12/1/15
to Amos S, cloudtools-dev
I create mine like this:

t.add_resource(VPCEndpoint(
    "s3VpcEndpoint",
    RouteTableIds=[Ref(x) for x in private_route_tables],
    ServiceName=Join("", ["com.amazonaws.", Ref("AWS::Region"), ".s3"]),
    VpcId=Ref(VPC),
))

A lot of that likely isn't applicable to you. I think what you're after is the ServiceName attribute?



--
You received this message because you are subscribed to the Google Groups "cloudtools-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cloudtools-de...@googlegroups.com.
To post to this group, send email to cloudto...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cloudtools-dev/8bde002a-9d18-44bc-a688-ad9043f8a357%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Amos S

unread,
Dec 3, 2015, 7:04:17 PM12/3/15
to cloudtools-dev, amos.s...@gmail.com
Thanks. I missed the "RouteTableId" attribute at first but now that I added it, it seems to work.
Reply all
Reply to author
Forward
0 new messages