Bird
Raised Fist0
AWScloud~5 mins

Route tables configuration in AWS - Commands & Configuration

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction
Route tables control where network traffic goes inside your cloud network. They help your servers and devices talk to each other and to the internet safely and correctly.
When you want to connect your cloud servers to the internet through a gateway.
When you need to allow communication between different parts of your cloud network.
When you want to block or allow traffic to specific destinations.
When setting up private networks that need to access public services securely.
When you want to control traffic flow for security or performance reasons.
Config File - main.tf
main.tf
provider "aws" {
  region = "us-east-1"
}

resource "aws_vpc" "example_vpc" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "example-vpc"
  }
}

resource "aws_internet_gateway" "example_igw" {
  vpc_id = aws_vpc.example_vpc.id
  tags = {
    Name = "example-igw"
  }
}

resource "aws_route_table" "example_route_table" {
  vpc_id = aws_vpc.example_vpc.id
  tags = {
    Name = "example-route-table"
  }
}

resource "aws_route" "internet_access" {
  route_table_id         = aws_route_table.example_route_table.id
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = aws_internet_gateway.example_igw.id
}

resource "aws_subnet" "example_subnet" {
  vpc_id            = aws_vpc.example_vpc.id
  cidr_block        = "10.0.1.0/24"
  availability_zone = "us-east-1a"
  tags = {
    Name = "example-subnet"
  }
}

resource "aws_route_table_association" "example_association" {
  subnet_id      = aws_subnet.example_subnet.id
  route_table_id = aws_route_table.example_route_table.id
}

This Terraform file creates a virtual private cloud (VPC) with a subnet and an internet gateway. It defines a route table that sends all traffic (0.0.0.0/0) to the internet gateway, allowing internet access. The route table is then linked to the subnet so that instances in the subnet use this route.

provider: sets the AWS region.

aws_vpc: creates a private network.

aws_internet_gateway: allows internet access.

aws_route_table: holds routing rules.

aws_route: defines a rule sending all traffic to the internet gateway.

aws_subnet: a smaller network inside the VPC.

aws_route_table_association: links the route table to the subnet.

Commands
This command prepares Terraform to work with AWS by downloading necessary plugins and setting up the environment.
Terminal
terraform init
Expected OutputExpected
Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/aws... - Installing hashicorp/aws v4.60.0... - Installed hashicorp/aws v4.60.0 (signed by HashiCorp) Terraform has been successfully initialized!
This command creates the VPC, subnet, internet gateway, route table, and associations as defined in the configuration file.
Terminal
terraform apply -auto-approve
Expected OutputExpected
aws_vpc.example_vpc: Creating... aws_vpc.example_vpc: Creation complete after 3s [id=vpc-0a1b2c3d4e5f6g7h8] aws_internet_gateway.example_igw: Creating... aws_internet_gateway.example_igw: Creation complete after 2s [id=igw-0a1b2c3d4e5f6g7h8] aws_route_table.example_route_table: Creating... aws_route_table.example_route_table: Creation complete after 2s [id=rtb-0a1b2c3d4e5f6g7h8] aws_route.internet_access: Creating... aws_route.internet_access: Creation complete after 1s aws_subnet.example_subnet: Creating... aws_subnet.example_subnet: Creation complete after 3s [id=subnet-0a1b2c3d4e5f6g7h8] aws_route_table_association.example_association: Creating... aws_route_table_association.example_association: Creation complete after 1s [id=rtbassoc-0a1b2c3d4e5f6g7h8] Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
-auto-approve - Automatically approves the plan without asking for confirmation
This command checks the route tables in the VPC to verify the routes are set correctly.
Terminal
aws ec2 describe-route-tables --filters "Name=vpc-id,Values=vpc-0a1b2c3d4e5f6g7h8"
Expected OutputExpected
{ "RouteTables": [ { "RouteTableId": "rtb-0a1b2c3d4e5f6g7h8", "Routes": [ { "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": "igw-0a1b2c3d4e5f6g7h8", "State": "active", "Origin": "CreateRoute" } ] } ] }
--filters - Filters results to show only route tables for the specified VPC
Key Concept

If you remember nothing else from this pattern, remember: route tables tell your cloud network where to send traffic, like a map for your data.

Common Mistakes
Not associating the route table with the subnet
Without association, the subnet won't use the route table rules, so traffic won't flow as expected.
Always create a route table association resource linking your route table to the subnet.
Setting the destination CIDR block incorrectly, like using 0.0.0.0/1 instead of 0.0.0.0/0
Traffic won't route properly if the destination range is wrong, causing connectivity issues.
Use 0.0.0.0/0 to represent all IPv4 addresses for internet-bound traffic.
Forgetting to create or attach an internet gateway when routing to the internet
Without an internet gateway, traffic cannot leave the VPC to reach the internet.
Create an internet gateway and reference its ID in the route table for internet traffic.
Summary
Initialize Terraform to prepare AWS provider plugins.
Apply the Terraform configuration to create VPC, subnet, internet gateway, route table, and associations.
Verify the route table has the correct route sending all traffic to the internet gateway.

Practice

(1/5)
1. What is the main purpose of a route table in AWS networking?
easy
A. To manage user permissions
B. To store user data securely
C. To direct network traffic between subnets and gateways
D. To monitor server health

Solution

  1. Step 1: Understand the role of route tables

    Route tables control how network traffic moves inside a cloud network by defining paths.

  2. Step 2: Identify what route tables connect

    They connect subnets to gateways or other networks, enabling communication.

  3. Final Answer:

    To direct network traffic between subnets and gateways -> Option C

  4. Quick Check:

    Route tables = traffic direction [OK]
Hint: Route tables guide traffic flow inside the cloud [OK]
Common Mistakes:
  • Confusing route tables with security groups
  • Thinking route tables store data
  • Mixing route tables with monitoring tools
2. Which of the following is the correct way to associate a route table with a subnet in AWS CLI?
easy
A. aws ec2 create-route-table --subnet-id subnet-12345 --route-table-id rtb-67890
B. aws ec2 associate-route-table --subnet-id subnet-12345 --route-table-id rtb-67890
C. aws ec2 attach-route-table --subnet subnet-12345 --table rtb-67890
D. aws ec2 link-route-table --subnet subnet-12345 --route-table rtb-67890

Solution

  1. Step 1: Identify the correct AWS CLI command for association

    The command to associate a route table with a subnet is 'associate-route-table'.

  2. Step 2: Check the correct syntax and parameters

    The correct syntax uses '--subnet-id' and '--route-table-id' flags with IDs.

  3. Final Answer:

    aws ec2 associate-route-table --subnet-id subnet-12345 --route-table-id rtb-67890 -> Option B

  4. Quick Check:

    Associate route table = associate-route-table command [OK]
Hint: Use 'associate-route-table' with subnet and route table IDs [OK]
Common Mistakes:
  • Using 'create-route-table' instead of 'associate-route-table'
  • Wrong parameter names like '--subnet' instead of '--subnet-id'
  • Using non-existent commands like 'attach-route-table'
3. Given a route table with the following routes:
Destination: 0.0.0.0/0, Target: igw-12345
Destination: 10.0.1.0/24, Target: local
What happens when an instance in subnet 10.0.1.0/24 tries to reach 8.8.8.8?
medium
A. Traffic is sent to the internet gateway (igw-12345)
B. Traffic is blocked because no route exists
C. Traffic is sent to the local subnet only
D. Traffic is sent to a NAT gateway automatically

Solution

  1. Step 1: Analyze the route for 0.0.0.0/0

    This route sends all traffic not matching other routes to the internet gateway (igw-12345).

  2. Step 2: Determine route for 8.8.8.8

    Since 8.8.8.8 is outside the local subnet, it matches the 0.0.0.0/0 route and goes to the internet gateway.

  3. Final Answer:

    Traffic is sent to the internet gateway (igw-12345) -> Option A

  4. Quick Check:

    Default route sends traffic to internet gateway [OK]
Hint: Default 0.0.0.0/0 route sends traffic outside subnet [OK]
Common Mistakes:
  • Assuming traffic is blocked without explicit deny
  • Confusing local route with internet access
  • Thinking NAT gateway is used without configuration
4. You created a route table and associated it with a subnet, but instances in that subnet cannot access the internet. What is the most likely mistake?
medium
A. The route table lacks a route to an internet gateway
B. The subnet is not associated with any route table
C. The route table has a route to a NAT gateway instead of an internet gateway
D. The instances have no security group attached

Solution

  1. Step 1: Check route table routes for internet access

    Internet access requires a route to an internet gateway (igw) for 0.0.0.0/0.

  2. Step 2: Identify missing or incorrect routes

    If the route to the internet gateway is missing, instances cannot reach the internet despite association.

  3. Final Answer:

    The route table lacks a route to an internet gateway -> Option A

  4. Quick Check:

    Internet needs 0.0.0.0/0 route to igw [OK]
Hint: Check for 0.0.0.0/0 route to internet gateway [OK]
Common Mistakes:
  • Assuming subnet association alone grants internet access
  • Confusing NAT gateway with internet gateway routes
  • Ignoring security group rules as cause
5. You have two subnets: Subnet A (10.0.1.0/24) and Subnet B (10.0.2.0/24). You want instances in Subnet A to access the internet via a NAT gateway in Subnet B, but Subnet B should not have direct internet access. How should you configure the route tables?
hard
A. Associate Subnet A's route table with 0.0.0.0/0 to the NAT gateway; Subnet B's route table with no route to internet gateway
B. Associate Subnet A's route table with 0.0.0.0/0 to the internet gateway; Subnet B's route table with 0.0.0.0/0 to the NAT gateway
C. Associate both subnets' route tables with 0.0.0.0/0 to the internet gateway
D. Associate Subnet A's route table with a route 0.0.0.0/0 to the NAT gateway; Subnet B's route table with 0.0.0.0/0 to the internet gateway

Solution

  1. Step 1: Understand NAT gateway purpose

    NAT gateway allows instances in private subnet (Subnet A) to access internet outbound.

  2. Step 2: Configure Subnet B's route table (NAT subnet)

    Subnet B must have 0.0.0.0/0 to internet gateway so NAT can reach internet. Direct access for instances in B can be restricted via security groups.

  3. Step 3: Configure Subnet A's route table

    Subnet A has 0.0.0.0/0 to NAT gateway.

  4. Final Answer:

    Associate Subnet A's route table with a route 0.0.0.0/0 to the NAT gateway; Subnet B's route table with 0.0.0.0/0 to the internet gateway -> Option D

  5. Quick Check:

    Private to NAT; NAT subnet to igw [OK]
Hint: Private subnet (A) routes to NAT; NAT subnet (B) routes to igw [OK]
Common Mistakes:
  • Omitting igw route in NAT subnet (B), breaking NAT functionality
  • Routing private subnet (A) directly to igw
  • Confusing NAT gateway and internet gateway roles