# Routing configuration details

In AWS the following components are required to programmatically create the routing infrastructure:

1. Route - The route defines the destination CIDR block. The destination gateway is either defined inline as a property or via connection to a gateway&#x20;
2. Route Table - The route table is associated with the VPC
3. Route Table Association - The association component connects the route, route table and the appropriate subnets
4. NAT Gateway - NAT Gateway allows resources on the private subnet to access the Internet NAT and Internet gateway
5. EIP - Elastic IP associated with the NAT Gateway

**Routes and Route Table**

Besides the local routes for the VPC CIDR Blocks, the following routes are defined.

1. Private Subnet - 0.0.0.0/0 to NAT Gateway
2. Protected Subnet - 0.0.0.0/0 to VPCE-xxx (this is the VPC Endpoint for the firewall)
3. Public Subnet - 0.0.0.0 to Internet Gateway
4. IGW Route table - This is a special route table that's unique where the route table is defined by associating the IGW under Edge Associations (instead of a subnet). For forwarding all ingress traffic to the protected subnet, we add a route for 172.21.30.0/23 (the protected subnet CIDR block) and add the next hop as VPCE-xxx (this is the VPC Endpoint for the firewall)

**In summary:**

All egress traffic from the private subnet is forwarded to the NAT gateway and eventually to the firewall.

All ingress traffic from the Internet that is passed through the IGW, is forwarded to the firewall for inspection. Once the firewall inspects the traffic, it forwards the traffic to the load balancer in the protected subnet in the sample deployment.

**Connections:**

The following diagram depicts the appropriate connections. QMCLOUD offers "Auto Connections" feature that connects most commonly used connections on the canvas automatically thus reducing the effort required by the end users.

<figure><img src="/files/ufIOtSAqv5S5pwMCudYI" alt=""><figcaption><p>Defining connections (Dependencies) for VPC, Subnet and Routing components</p></figcaption></figure>

{% hint style="info" %}
You will need to either use auto connection or manually connect each of the remaining subnets and the corresponding routing components. Note that the public subnet connects to the Internet Gateway as shown in the summary section diagram.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.qmcloud.io/examples/deploy-aws-firewall-and-networking-with-qmcloud/routing-configuration-details.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.