AWS::EC2::VPNConnectionRoute - Parameter route=X.X.X.67/31 fails its validation function

Question

I have one specific IP which I need to route through the VPN. I tried to providing that IP using a mask that provides the smallest possible subnet.

    vpcConnection:
        Type: 'AWS::EC2::VPNConnectionRoute'
        Properties:
            DestinationCidrBlock: X.X.X.67/31
            VpnConnectionId:
                Ref: vpnRef

Once applied, the cloud formation responds with:

Parameter route=X.X.X.67/31 fails its validation function

score 0 · Accepted Answer · answered Nov 24 '20 at 10:51

route=X.X.X.67/31 will point to the broadcast address of the specified subnet.

In order to validate, the DestinationCidrBlock CidrBlock needs to point to the network address which in this case would be:

    vpcConnection:
        Type: 'AWS::EC2::VPNConnectionRoute'
        Properties:
            DestinationCidrBlock: X.X.X.66/31
            VpnConnectionId:
                Ref: vpnRef

AWS::EC2::VPNConnectionRoute - Parameter route=X.X.X.67/31 fails its validation function

1 Answers1