ACM.62 Eradicated unnamed and pointless route tables and setting the primary route desk after deploying a CloudFormation stack.
It is a continuation of my collection of posts on Automating Cybersecurity Metrics.
In my final publish I defined how creating route tables for VPCs with CloudFormation doesn’t let you override the primary route desk. What you find yourself with is a route desk with a reputation you need and an extraneous no-name route desk.
On this publish I clarify learn how to automate eradicating the first route desk so you’re solely left along with your named route desk related to our VPC.
Ought to You Name Features in CloudFormation?
There are different strategies to repair this drawback apart from what I’m going to indicate you. You may create a Lambda perform and name it — however I personally don’t like including executable code to what’s imagined to be an outline of assets so I’ve but so as to add a customized perform to a CloudForamtion template. CloudFormation is extra like information or configuration. It’s utilized by executable code but it surely doesn’t, itself, execute or set off executions. I prefer to preserve information or configuration and executable code separate. Ideally AWS simply fixes this, however there are gaps in CloudFormation right here and there and we’ve to discover a work round.
Though I can manually repair it, it causes issues because of CloudFormation drift. You must manually delete any route tables previous to attempting to delete the CloudFormation stack when you take this strategy.
Changing and deleting the primary route desk
We will repair this drawback with a number of CLI instructions (or we might use Python later in a batch job) with the replace-route-table-association CLI command.
We’re additionally going to want to get our VPC ID:
After which get our essential route desk ID and the ID of the route desk we added to the VPC:
The we’ll delete the primary route desk (so long as it’s not already set to the proper route desk).
I added a brand new perform to my network_functions.sh file:
Then I added a name to this new perform to the tip of the deploy_vpc perform:
Word that while you go to delete your route CloudFormation stack after this variation it should fail. Strive once more, test the field, after which you’ll be able to delete it. If the route desk ID beneath exists it should nonetheless be listed in your record of route tables and you have to to delete it individually.
Hope that helps. Actually hope AWS fixes the issue above.
Keep tuned as I get again to deploying the subnets and safety teams for our VPCs.
Teri Radichel
If you happen to favored this story please clap and observe:
Medium: Teri Radichel or Electronic mail Listing: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests companies by way of LinkedIn: Teri Radichel or IANS Analysis
© 2nd Sight Lab 2022
All of the posts on this collection:
____________________________________________
Writer:
Cybersecurity for Executives within the Age of Cloud on Amazon
Want Cloud Safety Coaching? 2nd Sight Lab Cloud Safety Coaching
Is your cloud safe? Rent 2nd Sight Lab for a penetration take a look at or safety evaluation.
Have a Cybersecurity or Cloud Safety Query? Ask Teri Radichel by scheduling a name with IANS Analysis.
Cybersecurity & Cloud Safety Sources by Teri Radichel: Cybersecurity and Cloud safety lessons, articles, white papers, displays, and podcasts
