Fix 047-firewall: try replace-route, fall back to create-route — passes locally in eu-west-1

mwunderl · mwunderl · commit 7f4f243b4a7e · 2026-04-29T02:23:02.000Z
diff --git a/tuts/047-aws-network-firewall-gs/aws-network-firewall-gs.sh b/tuts/047-aws-network-firewall-gs/aws-network-firewall-gs.sh
@@ -698,21 +698,31 @@ echo "Updating internet gateway route table..."
 if ! aws ec2 replace-route \
   --route-table-id "$IGW_ROUTE_TABLE_ID" \
   --destination-cidr-block "$CUSTOMER_SUBNET_CIDR" \
-  --vpc-endpoint-id "$FIREWALL_ENDPOINT"; then
-  echo "ERROR: Failed to update internet gateway route"
-  cleanup_resources
-  exit 1
+  --vpc-endpoint-id "$FIREWALL_ENDPOINT" 2>/dev/null; then
+  if ! aws ec2 create-route \
+    --route-table-id "$IGW_ROUTE_TABLE_ID" \
+    --destination-cidr-block "$CUSTOMER_SUBNET_CIDR" \
+    --vpc-endpoint-id "$FIREWALL_ENDPOINT"; then
+    echo "ERROR: Failed to update internet gateway route"
+    cleanup_resources
+    exit 1
+  fi
 fi
 
 # Update the customer subnet route table
 echo "Updating customer subnet route table..."
 if ! aws ec2 replace-route \
   --route-table-id "$SUBNET_ROUTE_TABLE_ID" \
   --destination-cidr-block "0.0.0.0/0" \
-  --vpc-endpoint-id "$FIREWALL_ENDPOINT"; then
-  echo "ERROR: Failed to update customer subnet route"
-  cleanup_resources
-  exit 1
+  --vpc-endpoint-id "$FIREWALL_ENDPOINT" 2>/dev/null; then
+  if ! aws ec2 create-route \
+    --route-table-id "$SUBNET_ROUTE_TABLE_ID" \
+    --destination-cidr-block "0.0.0.0/0" \
+    --vpc-endpoint-id "$FIREWALL_ENDPOINT"; then
+    echo "ERROR: Failed to update customer subnet route"
+    cleanup_resources
+    exit 1
+  fi
 fi
 
 echo ""
