AWS::RefactorSpaces::Route - AWS CloudFormation
SyntaxPropertiesReturn values

AWS::RefactorSpaces::Route

Creates an AWS Migration Hub Refactor Spaces route. The account owner of the service resource is always the environment owner, regardless of which account creates the route. Routes target a service in the application. If an application does not have any routes, then the first route must be created as a DEFAULT RouteType.

When created, the default route defaults to an active state so state is not a required input. However, like all other state values the state of the default route can be updated after creation, but only when all other routes are also inactive. Conversely, no route can be active without the default route also being active.

Note

In the AWS::RefactorSpaces::Route resource, you can only update the ActivationState property, which resides under the UriPathRoute and DefaultRoute properties. All other properties associated with the AWS::RefactorSpaces::Route cannot be updated, even though the property description might indicate otherwise. Updating all other properties will result in the replacement of Route.

When you create a route, Refactor Spaces configures the Amazon API Gateway to send traffic to the target service as follows:

  • URL Endpoints

    If the service has a URL endpoint, and the endpoint resolves to a private IP address, Refactor Spaces routes traffic using the API Gateway VPC link. If a service endpoint resolves to a public IP address, Refactor Spaces routes traffic over the public internet. Services can have HTTP or HTTPS URL endpoints. For HTTPS URLs, publicly-signed certificates are supported. Private Certificate Authorities (CAs) are permitted only if the CA's domain is also publicly resolvable.

    Refactor Spaces automatically resolves the public Domain Name System (DNS) names that are set in CreateService:UrlEndpoint when you create a service. The DNS names resolve when the DNS time-to-live (TTL) expires, or every 60 seconds for TTLs less than 60 seconds. This periodic DNS resolution ensures that the route configuration remains up-to-date.

    One-time health check

    A one-time health check is performed on the service when either the route is updated from inactive to active, or when it is created with an active state. If the health check fails, the route transitions the route state to FAILED, an error code of SERVICE_ENDPOINT_HEALTH_CHECK_FAILURE is provided, and no traffic is sent to the service.

    For private URLs, a target group is created on the Network Load Balancer and the load balancer target group runs default target health checks. By default, the health check is run against the service endpoint URL. Optionally, the health check can be performed against a different protocol, port, and/or path using the CreateService:UrlEndpoint parameter. All other health check settings for the load balancer use the default values described in the Health checks for your target groups in the Elastic Load Balancing guide. The health check is considered successful if at least one target within the target group transitions to a healthy state.

  • AWS Lambda function endpoints

    If the service has an AWS Lambda function endpoint, then Refactor Spaces configures the Lambda function's resource policy to allow the application's API Gateway to invoke the function.

    The Lambda function state is checked. If the function is not active, the function configuration is updated so that Lambda resources are provisioned. If the Lambda state is Failed, then the route creation fails. For more information, see the GetFunctionConfiguration's State response parameter in the AWS Lambda Developer Guide.

    A check is performed to determine that a Lambda function with the specified ARN exists. If it does not exist, the health check fails. For public URLs, a connection is opened to the public endpoint. If the URL is not reachable, the health check fails.

Environments without a network bridge

When you create environments without a network bridge (CreateEnvironment:NetworkFabricType is NONE) and you use your own networking infrastructure, you need to configure VPC to VPC connectivity between your network and the application proxy VPC. Route creation from the application proxy to service endpoints will fail if your network is not configured to connect to the application proxy VPC. For more information, see Create a route in the Refactor Spaces User Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::RefactorSpaces::Route",
  "Properties" : {
      "ApplicationIdentifier" : String,
      "DefaultRoute" : DefaultRouteInput,
      "EnvironmentIdentifier" : String,
      "RouteType" : String,
      "ServiceIdentifier" : String,
      "Tags" : [ Tag, ... ],
      "UriPathRoute" : UriPathRouteInput
    }
}

YAML

Type: AWS::RefactorSpaces::Route
Properties:
  ApplicationIdentifier: String
  DefaultRoute: 
    DefaultRouteInput
  EnvironmentIdentifier: String
  RouteType: String
  ServiceIdentifier: String
  Tags: 
    - Tag
  UriPathRoute: 
    UriPathRouteInput

Properties

ApplicationIdentifier

The unique identifier of the application.

Required: Yes

Type: String

Pattern: ^app-([0-9A-Za-z]{10}$)

Minimum: 14

Maximum: 14

Update requires: Replacement

DefaultRoute

Configuration for the default route type.

Required: No

Type: DefaultRouteInput

Update requires: No interruption

EnvironmentIdentifier

The unique identifier of the environment.

Required: Yes

Type: String

Pattern: ^env-([0-9A-Za-z]{10}$)

Minimum: 14

Maximum: 14

Update requires: Replacement

RouteType

The route type of the route.

Required: Yes

Type: String

Allowed values: DEFAULT | URI_PATH

Update requires: Replacement

ServiceIdentifier

The unique identifier of the service.

Required: Yes

Type: String

Pattern: ^svc-([0-9A-Za-z]{10}$)

Minimum: 14

Maximum: 14

Update requires: Replacement

Tags

The tags assigned to the route.

Required: No

Type: Array of Tag

Update requires: No interruption

UriPathRoute

The configuration for the URI path route type.

Required: No

Type: UriPathRouteInput

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns a composite ID following this format: <EnvironmentId>|<ApplicationId>|<RouteId>, for example, env-1234654123|app-1234654123|rte-1234654123.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The Amazon Resource Name (ARN) of the route.

PathResourceToId

A mapping of Amazon API Gateway path resources to resource IDs.

RouteIdentifier

The unique identifier of the route.