What is a Route Table?

A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed. (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html)

Components of a Route Table

  1. Destination: The CIDR block representing the address range for which the route applies.
  2. Target: Where to route the traffic. This could be an Internet Gateway, Virtual Private Gateway, Network Interface, etc

Types of Route Tables

Main Route Table
  1. Definition: A default route table that comes pre-configured with your VPC.
  2. Behavior: Automatically associated with all subnets not explicitly associated with another route table.
Custom Route Table
  1. Definition: User-created route tables.
  2. Behavior: Must be explicitly associated with a subnet.

Key Functions

  1. Routing Traffic to the Internet: For a subnet to be able to route traffic to the internet, a route pointing to the Internet Gateway should be added.
  2. Routing to a VPN: For a subnet to route traffic to a VPN, a route pointing to a Virtual Private Gateway should be added.
  3. Internal Routing: Route tables are also used to handle traffic routing between different subnets within the same VPC.

How to Configure

  1. Create Route Table: From the AWS Management Console, go to the VPC dashboard and create a new route table.
  2. Edit Routes: Add routes to the route table specifying the destination and the target.
  3. Associate Subnets: Associate one or more subnets with the route table.

For purpose of this tutorial, we are going to create custom route tables, this route table will be responsible to route traffic to our 2 public subnets. We will add a route to this route table to route traffic to the internet using our internet gateway.

Update our main.tf file and add the following code:

resource "aws_route_table" "dev-public-route-table" {
  vpc_id = aws_vpc.dev-vpc.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.dev-igw.id
  }

  tags = {
    Name = "dev-public-route-table"
    env  = "dev"
  }
}

Check AWS Console.

We have 2 route tables in our VPC the main and custom route tables.

Current architecture

Next thing we have to do is to explicitly associate our public subnets to our route table. We are going to use aws_route_table_association resource from terraform for the 2 public AZs.

Update mian.tf and add the following code:

resource "aws_route_table_association" "dev-route-table-association-AZ1" {
  subnet_id      = aws_subnet.dev-public-subnet-AZ1.id
  route_table_id = aws_route_table.dev-public-route-table.id
}

resource "aws_route_table_association" "dev-route-table-association-AZ2" {
  subnet_id      = aws_subnet.dev-public-subnet-AZ2.id
  route_table_id = aws_route_table.dev-public-route-table.id
}

Apply changes

terraform apply

Check AWS Console.

Current architecture

Next we have to create 2 route tables in the 2 AZs and add a route to the NAT Gateways to provide internet access to our private subnets. After that we will explicitly associate our dev and data private subnets.

Lets modify our main.tf file and add these: (ROUTE TABLE FOR SUBNETS IN THE FIRST AZ)

resource "aws_route_table" "dev-private-route-table-AZ1" {
  vpc_id = aws_vpc.aws-vpc.id

  route {
    cidr_block     = "0.0.0.0/0"
    nat_gateway_id = aws_nat_gateway.dev-nat-gateway-AZ1.id
  }

  tags = {
    Name = "dev-private-route-table-AZ1"
    env  = "dev"
  }
}


resource "aws_route_table_association" "dev-private-route-table-association-app-AZ1" {
  subnet_id      = aws_subnet.dev-private-app-subnet-AZ1.id
  route_table_id = aws_route_table.dev-private-route-table-AZ1.id
}

resource "aws_route_table_association" "dev-private-route-table-association-data-AZ1" {
  subnet_id      = aws_subnet.dev-private-data-subnet-AZ1.id
  route_table_id = aws_route_table.dev-private-route-table-AZ1.id
}

(ROUTE TABLE FOR SUBNETS IN THE SECOND AZ)

# Route table AZ2
resource "aws_route_table" "dev-private-route-table-AZ2" {
  vpc_id = aws_vpc.aws-vpc.id

  route {
    cidr_block     = "0.0.0.0/0"
    nat_gateway_id = aws_nat_gateway.dev-nat-gateway-AZ2.id
  }

  tags = {
    Name = "dev-private-route-table-AZ2"
    env  = "dev"
  }
}


resource "aws_route_table_association" "dev-private-route-table-association-app-AZ2" {
  subnet_id      = aws_subnet.dev-private-app-subnet-AZ2.id
  route_table_id = aws_route_table.dev-private-route-table-AZ2.id
}

resource "aws_route_table_association" "dev-private-route-table-association-data-AZ2" {
  subnet_id      = aws_subnet.dev-private-data-subnet-AZ2.id
  route_table_id = aws_route_table.dev-private-route-table-AZ2.id
}

Check AWS Console.

Current architecture

Remember to destroy resources at the end of the tutorial..

terraform destroy

Next – Security Groups

Categorized in:

AWSCloudNetworkingTechnologyVPC