Invalid routing-instance is configured if the vsrx hostname has the substring "vpc-"

root@tvpc-vsrx1# show routing-instances ?
Possible completions:
<..skip..>
ge-routing Routing instance name
root@tvpc-vsrx1> Routing instance name <<<<<<<<<<<<<<<<<<<<< HERE
transit Routing instance name

Template is using old VMs of BYOL type. If updating to latest AMI, and updating template to use C5 instance, the instances won't come up.

Running AMI with instance as a standalone deployment works well.

When trying to run the transit-vpc-pujsh-juniper-config.py I get a key error described below:

{ "stackTrace": [ [ "/var/task/transit-vpc-push-juniper-config.py", 531, "lambda_handler", "record=event['Records'][0]" ] ], "errorType": "KeyError", "errorMessage": "'Records'" }

What might be the cause of this or how does one fix this issue?

Hi, git version does not with the amazon. Failed with "kvm no hardware support".

May be fixed by replacing "JunipervSRXAMI" to the on of the last version

Will try to do the pull-fix.

Using the template in us-east-1 region, shows that the Clouformation creation succeeds. When Tagging the VGW, VPN tunnels are created, but the Lambda configurator fails. It doesn't configure neither of the vSRX and both tunnels are show as down.

Looking into the Lamba logs, I can see that in one router, the configurator connects successfully. It even generates the AWS_config.txt file. However, no configuration changes are done to the router.

One minor error I see in the logs is :

edit edit: Command not found. root@tvpc-vsrx2%

Additionally, if I try to load manually the AWS_config.txt file, it shows the following errors:

root@tvpc-vsrx2# load override /var/log/AWS_config.txt
load complete

[edit]
root@tvpc-vsrx2# commit check
[edit security ipsec vpn vpn-0ab6de246ef00ffff-1]
  'ike'
    Missing mandatory statement: 'ipsec-policy'
[edit security ipsec vpn vpn-0ab6de246ef00ffff-2]
  'ike'
    Missing mandatory statement: 'ipsec-policy'
error: configuration check-out failed: (missing mandatory statements)

[edit]

When VPN tunnel configuration is pushed to the vsrx, bogus routing-instance called "show" is configured.

root@tvpc-vsrx1# show routing-instances ?
Possible completions:
<..skip..>
ge-routing Routing instance name
show Routing instance name <<<<<<<<<<<<<<<<<<<<< HERE
transit Routing instance name

Template is using old VMs of BYOL type. If updating to latest AMI, and updating template to use C5 instance, the instances won't come up.

Running AMI with instance as a standalone deployment works well.

It appears that there is no prefix list mapping for eu-north in the template and therefore Cloudformation fails to run the build with the error described in the title.

"PrefixListIdMap" : {
      "ap-south-1" : { "s3" : "pl-78a54011" },
      "eu-west-1" : { "s3" : "pl-6da54004" },
      "eu-west-2" : { "s3" : "pl-7ca54015" },
      "eu-west-3" : { "s3" : " pl-23ad484a " },
      "ap-southeast-1" : { "s3" : "pl-6fa54006" },
      "ap-southeast-2" : { "s3" : "pl-6ca54005" },
      "eu-central-1" : { "s3" : "pl-6ea54007" },
      "ap-northeast-2" : { "s3" : "pl-78a54011" },
      "ap-northeast-1" : { "s3" : "pl-61a54008" },
      "us-east-1" : { "s3" : "pl-63a5400a" },
      "us-east-2" : { "s3" : "pl-7ba54012" },
      "sa-east-1" : { "s3" : "pl-6aa54003" },
      "us-west-1" : { "s3" : "pl-6ba54002" },
      "us-west-2" : { "s3" : "pl-68a54001" },
      "ca-central-1" : { "s3" : "pl-7da54014" },
      "sa-east-1" : { "s3" : "pl-6aa54003" }
    }

Issue

vSRX will not boot, remains unreachable....

Notes

I am trying to launch ami manually, not using cloud formation template, I have existing VPCs and other VMs already working fine and reaching internet). I am a Red Hat Ansible Automation employee trying to use ansible to boot the instance work ansible workshops. I have successfully done this for Cisco CSR and Arista vEOS with no problem. I must be doing something silly with vSRX... when I do this from the wizard it will work. I have stared and compared and can't figure out what is going on. Everytime I launch the vSRX instances they just sit there.

Screen Shots

actions -> instance settings - > Get Instance Screenshot

screenshot is here->

any idea what is going on? If I boot from the wizard it seems to work... but I can't see to automate bringing this up?

In the ec2 console I am getting this->

Ami instance id

the ami is->

junos-vsrx3-x86-64-18.4R1.8--pm.img-4d1495fd-4d1f-48d0-9ec6-b67794a58765-ami-0e81c7dd03ae8d9b1.4 (ami-04a31bc7518969f2e)

Not able to connect this Transit VPC to Transit Gateway as VPC attachment.

We need to inspect traffic between VPC-1 and VPC-2 and the topology is as below

VPC-1 > Transit Gateway > Transit VPC(vSRX) > Transit Gateway > VPC-2

Need urgent help