About Outbound AutoScale VPN Attachement CFT #2
Comments
|
Thanks for the feedback. I will have a look at your questions and respond
in the morning. The Natgw is also used by lambda to reach the AWS API as
it runs inside the VPC. You could use the DX link but you need internet
access for the AWS API, S3 bucket for bootstrap and for the VPN gateway.
…On Mon, 9 Sep 2019 at 18:00, davidaavilar ***@***.***> wrote:
Hi, there.. How are you? I'm using the Oubound-Autoscale-VPN-Attachments
CFT. The CFT only ask for TGW-ID, routing table ID and
TransitGatewayRouteTablePropagationTag, but is not working for me. I got a
lambda error.
[image: image]
<https://user-images.githubusercontent.com/33632789/64550697-15721b00-d2f9-11e9-9ee8-544a09267f2d.png>
- What "TransitGatewayRouteTablePropagationTag" means?
- The NATGW that creates the template is only for vm-series MGMT from
Internet, right? If yes, may I delete it? That's because we are going to
manage these firewall through Direct Connect connection.
- The ASG map is set to minimum "0" and maximum "2" instances. Could I
change this values to min "0" and max "4" instances, for example, without
affect the Lambda code or something?
- I have understood that when I created the VPN attachment, it need a
Customer Gateway to establish the VPN. Are these resources created by the
template? Would the code send the IPSec VPN and BGP configuration to the
vm-series? Or do we need to download the VPN configuration template
generated by AWS and load manually in the vm-series?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2?email_source=notifications&email_token=AEAEZXDKE37ELVBEMZ4NUHTQIZ6K7A5CNFSM4IU5XHP2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HKHKW4A>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AEAEZXBRHBCR5CYAR7Z4KVDQIZ6K7ANCNFSM4IU5XHPQ>
.
|
|
The VPN tunnels are created by the add_eni and confi_fw lambda functions
once the ASG desired count is set to 1 or higher.
…On Mon, 9 Sep 2019 at 18:00, davidaavilar ***@***.***> wrote:
Hi, there.. How are you? I'm using the Oubound-Autoscale-VPN-Attachments
CFT. The CFT only ask for TGW-ID, routing table ID and
TransitGatewayRouteTablePropagationTag, but is not working for me. I got a
lambda error.
[image: image]
<https://user-images.githubusercontent.com/33632789/64550697-15721b00-d2f9-11e9-9ee8-544a09267f2d.png>
- What "TransitGatewayRouteTablePropagationTag" means?
- The NATGW that creates the template is only for vm-series MGMT from
Internet, right? If yes, may I delete it? That's because we are going to
manage these firewall through Direct Connect connection.
- The ASG map is set to minimum "0" and maximum "2" instances. Could I
change this values to min "0" and max "4" instances, for example, without
affect the Lambda code or something?
- I have understood that when I created the VPN attachment, it need a
Customer Gateway to establish the VPN. Are these resources created by the
template? Would the code send the IPSec VPN and BGP configuration to the
vm-series? Or do we need to download the VPN configuration template
generated by AWS and load manually in the vm-series?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2?email_source=notifications&email_token=AEAEZXDKE37ELVBEMZ4NUHTQIZ6K7A5CNFSM4IU5XHP2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HKHKW4A>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AEAEZXBRHBCR5CYAR7Z4KVDQIZ6K7ANCNFSM4IU5XHPQ>
.
|
|
Hi, jharris. Thank you very much for your fast response. |
|
Hi, there. How are you? I have noticed a few issues with lambda functions:
I hope to hear about you, soon. Thank you very much! |
|
Mail me at [email protected] and we can schedule a zoom. I am
not sure where the errors are coming from but I should be able to identify
the issue from the cloud trail logs.
…On Mon, 4 Nov 2019 at 20:41, davidaavilar ***@***.***> wrote:
Hi, there. How are you? I have noticed a few issues with lambda functions:
1. I got this error on ConfigFw execution "NameError: name
'tgw_route_table_id' is not defined". This is avoiding the association to
the routing table.
2. When I launch the cft, and then I delete it, the resources that
lambda functions create, they are not been removed. For example: customer
gateway, the vpns, auto-scaling group, launch configuration, etc.. is this
a normal behavior?
3. ConfigFw lambda function is creating at least three VPNs. Why? Just
one is commited by the code on the firewalls, the remain ones are
configured on the firewall but not applied.
I hope to hear about you, soon.
Thank you very much!
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#2?email_source=notifications&email_token=AEAEZXEZBP54HO7ZOOMN2EDQSCCG7A5CNFSM4IU5XHP2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEDAUMZA#issuecomment-549537380>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEAEZXC6Z6UZPBRQUNMX6R3QSCCG7ANCNFSM4IU5XHPQ>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, there.. How are you? I'm using the Oubound-Autoscale-VPN-Attachments CFT. The CFT only ask for TGW-ID, routing table ID and TransitGatewayRouteTablePropagationTag, but is not working for me. I got a lambda error.
The text was updated successfully, but these errors were encountered: