Skip to main content

routes

Creates, updates, deletes or gets a route resource or lists routes in a region

Overview

Nameroutes
TypeResource
DescriptionSpecifies a route in a route table. For more information, see [Routes](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#route-table-routes) in the *Amazon VPC User Guide*.
You must specify either a destination CIDR block or prefix list ID. You must also specify exactly one of the resources as the target.
If you create a route that references a transit gateway in the same template where you create the transit gateway, you must declare a dependency on the transit gateway attachment. The route table cannot use the transit gateway until it has successfully attached to the VPC. Add a [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) in the AWS::EC2::Route resource to explicitly declare a dependency on the AWS::EC2::TransitGatewayAttachment resource.
Idaws.ec2.routes

Fields

NameDatatypeDescription
carrier_gateway_idstringThe ID of the carrier gateway.
You can only use this option when the VPC contains a subnet which is associated with a Wavelength Zone.
cidr_blockstring
core_network_arnstringThe Amazon Resource Name (ARN) of the core network.
destination_cidr_blockstringThe IPv4 CIDR address block used for the destination match. Routing decisions are based on the most specific match. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.
destination_ipv6_cidr_blockstringThe IPv6 CIDR block used for the destination match. Routing decisions are based on the most specific match.
destination_prefix_list_idstringThe ID of a prefix list used for the destination match.
egress_only_internet_gateway_idstring[IPv6 traffic only] The ID of an egress-only internet gateway.
gateway_idstringThe ID of an internet gateway or virtual private gateway attached to your VPC.
instance_idstringThe ID of a NAT instance in your VPC. The operation fails if you specify an instance ID unless exactly one network interface is attached.
local_gateway_idstringThe ID of the local gateway.
nat_gateway_idstring[IPv4 traffic only] The ID of a NAT gateway.
network_interface_idstringThe ID of a network interface.
route_table_idstringThe ID of the route table for the route.
transit_gateway_idstringThe ID of a transit gateway.
vpc_endpoint_idstringThe ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only.
vpc_peering_connection_idstringThe ID of a VPC peering connection.
regionstringAWS region.

Methods

NameAccessible byRequired Params
create_resourceINSERTRouteTableId, region
delete_resourceDELETEdata__Identifier, region
update_resourceUPDATEdata__Identifier, data__PatchDocument, region
list_resourcesSELECTregion
get_resourceSELECTdata__Identifier, region

SELECT examples

Gets all routes in a region.

SELECT
region,
carrier_gateway_id,
cidr_block,
core_network_arn,
destination_cidr_block,
destination_ipv6_cidr_block,
destination_prefix_list_id,
egress_only_internet_gateway_id,
gateway_id,
instance_id,
local_gateway_id,
nat_gateway_id,
network_interface_id,
route_table_id,
transit_gateway_id,
vpc_endpoint_id,
vpc_peering_connection_id
FROM aws.ec2.routes
WHERE region = 'us-east-1';

Gets all properties from an individual route.

SELECT
region,
carrier_gateway_id,
cidr_block,
core_network_arn,
destination_cidr_block,
destination_ipv6_cidr_block,
destination_prefix_list_id,
egress_only_internet_gateway_id,
gateway_id,
instance_id,
local_gateway_id,
nat_gateway_id,
network_interface_id,
route_table_id,
transit_gateway_id,
vpc_endpoint_id,
vpc_peering_connection_id
FROM aws.ec2.routes
WHERE region = 'us-east-1' AND data__Identifier = '<RouteTableId>|<CidrBlock>';

INSERT example

Use the following StackQL query and manifest file to create a new route resource, using stack-deploy.

/*+ create */
INSERT INTO aws.ec2.routes (
 RouteTableId,
 region
)
SELECT 
'{{ RouteTableId }}',
'{{ region }}';

DELETE example

/*+ delete */
DELETE FROM aws.ec2.routes
WHERE data__Identifier = '<RouteTableId|CidrBlock>'
AND region = 'us-east-1';

Permissions

To operate on the routes resource, the following permissions are required:

Create

ec2:CreateRoute,
ec2:DescribeRouteTables,
ec2:DescribeNetworkInterfaces

Read

ec2:DescribeRouteTables

Update

ec2:ReplaceRoute,
ec2:DescribeRouteTables,
ec2:DescribeNetworkInterfaces

Delete

ec2:DeleteRoute,
ec2:DescribeRouteTables

List

ec2:DescribeRouteTables