I am deploying a Network Firewall setup (VPC, protected subnet, NAT subnet, firewall subnet, NAT GW, Network Firewall, IGW, route tables and routes) with CloudFormation.
How can I setup a needed route in the route table?
The route points to Network Firewall VPC endpoint in a specific subnet and I have to setup the route usingthe CloudFormation Type: AWS::EC2::Route
:
IGWIngressRoute:
Type: AWS::EC2::Route
DependsOn: NetworkFirewall
Properties:
RouteTableId: !Ref IGWIngressRouteTable
DestinationCidrBlock: !Ref NATGatewaySubnetCIDR
VpcEndpointId: <<<<<< here comes a specific Network Firewall endpoint
The property VpcEndpointId
should be set to a specific Network Firewall endpoint for a particular subnet.
The Network Firewall resource contains the EndpointIds
attribute with the list of all endpoints. I can get that list with !GetAtt NetworkFirewall.EndpointIds
The problem: how should I proceed correctly to setup the route pointing to a Network Firewall endpoint?
So far I have not found any sample CloudFormation snippet doing that.
I understand, that the route setup can be done via CFN custom resource or post-deployment etc. But is it doable with CloudFormation template only?