I am creating a CDK app to deploy a NGFW behind a GWLB with all of the routing in place. When I launch the cdk app, the VPCEndpoints always fail to create if I register the EC2 Instance (NGFW) in same template. I've tried to add dependson conditions but nothing seems to happen. Simply including the instance targets causes the VPC endpoints to fail.
This config does not impact the vpce creation
gwlbtarget:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckPort: "443"
HealthCheckProtocol: TCP
Name: gwlb-targetgroup
Port: 6081
Protocol: GENEVE
VpcId:
Ref: firewallvpc63A6EE9C
Metadata:
aws:cdk:path: GwlbExampleStack/gwlb-target
This causes vpce endpoint to fail with error: "VPC Endpoint vpce-xxxxx did not stabilize. Current state: failed"
gwlbtarget:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckPort: "443"
HealthCheckProtocol: TCP
Name: gwlb-targetgroup
Port: 6081
Protocol: GENEVE
Targets:
- Id:
Ref: ngfw
VpcId:
Ref: firewallvpc63A6EE9C
Metadata:
aws:cdk:path: GwlbFirewallStack/gwlb-target