aws-transit-vpc icon indicating copy to clipboard operation
aws-transit-vpc copied to clipboard

Published 20 hours ago verified publisher icon PaloAltoNetworks

Route Propagation

Open pcrum opened this issue 6 years ago • 2 comments

Currently, a user has to manually enable route propagation on the subscriber VPC. Is it possible to have route propagation enabled by default when subscriber VPC is being instantiated or configured?

pcrum avatar May 03 '18 01:05 pcrum

yes you would have to change the SubscriberVPC template to enable route propagation and it will be turned on during launch.

jpeezus avatar May 03 '18 01:05 jpeezus

in commonLambdaFunctions.py:

def createVgwAttachToVpc(vpcId, vgwAsn, region, paGroup):
    """Creates a VGW and attach it to the VPC, returns VgwId
    """
    try:
        tags = [{'Key': 'Name', 'Value': paGroup}]
        import time
        ec2Connection = boto3.client('ec2', region_name=region)
        # Create VGW with vgwAsn
        response = ec2Connection.create_vpn_gateway(Type='ipsec.1', AmazonSideAsn=int(vgwAsn))
        vgw_id = response['VpnGateway']['VpnGatewayId']
        # Attach VGW to VPC
        while True:
            status = ec2Connection.attach_vpn_gateway(VpcId=vpcId, VpnGatewayId=vgw_id,
                                                      DryRun=False)['VpcAttachment']
            if status['State'] == 'attaching':
                time.sleep(2)
            elif status['State'] == 'attached':
                ec2Connection.create_tags(Resources=[vgw_id], Tags=tags)
                # Propagate routes to routing table
                route_tables = ec2Connection.describe_route_tables(
                    Filters=[{'Name': 'vpc-id', 'Values': [vpcId]},{'Name': 'association.main', 'Values': ['false']}])
                ec2Connection.enable_vgw_route_propagation(RouteTableId=route_tables['RouteTables'][0]['RouteTableId'],
                                                           GatewayId=vgw_id)
                return vgw_id
            else:
                return None
        # return response['VpnGateway']['VpnGatewayId']
    except Exception as e:
        logger.error("Error creating Vgw and Attaching it to VPC, Error : {}".format(str(e)))
        return False

This assumes that there are no additional route tables created in the subscribing VPC other than the non-default one created by the CF/TF template. The relevant change is the addition of these lines:

                # Propagate routes to routing table
                route_tables = ec2Connection.describe_route_tables(
                    Filters=[{'Name': 'vpc-id', 'Values': [vpcId]},{'Name': 'association.main', 'Values': ['false']}])
                ec2Connection.enable_vgw_route_propagation(RouteTableId=route_tables['RouteTables'][0]['RouteTableId'],
                                                           GatewayId=vgw_id)

freimer avatar May 19 '18 16:05 freimer