# Local gateways for your Outposts racks
The local gateway is a core component of the architecture for your Outposts racks. A local gateway enables connectivity between your Outpost subnets and your on-premises network. If the on-premise infrastructure provides an internet access, workloads running on Outposts racks can also leverage the local gateway to communicate with regional services or regional workloads. This connectivity can be achieved either by using a public connection (internet) or using Direct Connect. For more information, see [AWS Outposts connectivity to AWS Regions](region-connectivity.md).
**Topics**
+ [Basics](#local-gateway)
+ [Routing](#lgw-routing)
+ [Connectivity](#lgw-connectivity)
+ [Route tables](routing.md)
+ [Route table routes](manage-lgw-routes.md)
+ [CoIP pools](coip-pools.md)
## Local gateway basics
AWS creates a local gateway for each Outposts rack as part of the installation process. An Outposts rack supports a single local gateway. The local gateway is owned by the AWS account associated with the Outposts rack.
**Note**
To understand instance bandwidth limitations for traffic going through a local gateway, see [Amazon EC2 instance network bandwidth](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-network-bandwidth.html) in the *Amazon EC2 User Guide*.
A local gateway has the following components:
+ **Route tables** – Only the owner of a local gateway can create local gateway route tables. For more information, see [Local gateway route tables](routing.md).
+ **CoIP pools** – (Optional) You can use IP address ranges that you own to facilitate communication between the on-premises network and instances in your VPC. For more information, see [Customer-owned IP addresses](routing.md#ip-addressing).
+ **Virtual interfaces (VIFs)** – Local gateway VIFs (Virtual Interface) is a logical interface component of Outposts racks that sets up VLAN, IP, and BGP connectivity between an Outposts networking device and an on-premise networking device for local gateway connectivity. AWS creates one VIF for each LAG and adds both VIFs to a VIF group. The local gateway route table must have a default route to the two VIFs for local network connectivity. For more information, see [Local network connectivity for Outposts racks](local-rack.md).
+ **VIF groups** – AWS adds the VIFs it creates to a VIF group. VIF groups are logical groupings of VIFs.
+ **Local gateway route table and VPC associations** – Local gateway route table and VPC associations allow you to connect your VPCs to local gateway route tables. With this association, you can add route targeted to local gateway within your Outposts subnet route table. This enables communication between your Outposts subnet resources and your on-premises network through the local gateway.
+ **Local gateway routing domains** – A local gateway routing domain is the association of a local gateway route table and local gateway VIF group. With this association, you can add a route targeted to a local gateway VIF group within your local gateway route table. This enables communication between your Outposts subnet resources and your on-premises network through the selected VIF group.
When AWS provisions your Outposts rack, we create some components and you are responsible for creating others.
**AWS responsibilities**
+ Delivers the hardware.
+ Creates the local gateway.
+ Creates the virtual interfaces (VIFs) and a VIF group.
**Your responsibilities**
+ Create the local gateway route table.
+ Associate a VPC with the local gateway route table.
+ Associate a VIF group with the local gateway route table to create a local gateway routing domain.
## Local gateway routing
The instances in your Outpost subnet can use one of the following options for communication with your on-premises network through the local gateway:
+ Private IP addresses – The local gateway uses the private IP addresses of instances in your Outpost subnet to facilitate communication with your on-premises network. This is the default.
+ Customer-owned IP addresses – The local gateway performs network address translation (NAT) for the customer-owned IP addresses that you assign to the instances in the Outpost subnet. This option supports overlapping CIDR ranges and other network topologies.
For more information, see [Local gateway route tables](routing.md).
## Connectivity through a local gateway
The primary role of a local gateway is to provide connectivity from an Outpost to your local on-premises network. It also provides connectivity to the internet through your on-premises network. For examples, see [Direct VPC routing](routing.md#direct-vpc-routing) and [Customer-owned IP addresses](routing.md#ip-addressing).
The local gateway can also provide a data plane path back to the AWS Region. The data plane path for the local gateway traverses from the Outpost, through the local gateway, and to your private local gateway LAN segment. It would then follow a private path back to the AWS service endpoints in the Region. Note that the control plane path always uses the service link connectivity, regardless of the data plane path that you use.
You can connect your on-premises Outposts infrastructure to AWS services in the Region privately over Direct Connect. For more information, see [AWS Outposts private connectivity](https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-outposts-private-connectivity/).
The following image shows the connectivity through the local gateway:
![\[Shows local gateway connections.\]](http://docs.aws.amazon.com/outposts/latest/userguide/images/outpost-rack-local-gateway-connection-Nov-23.png)
# Local gateway route tables
As part of the rack installation, AWS creates the local gateway, configures VIFs and a VIF group. The local gateway is owned by the AWS account associated with the Outpost. You create the local gateway route table. A local gateway route table must have an association to VIF group and a VPC. You create and manage the association of the VIF group and the VPC. Only the owner of the local gateway can modify the local gateway route table.
Outpost subnet route tables can include a route to local gateway VIF groups in order to provide connectivity to your on-premises network.
Local gateway route tables have a mode that determines how instances in the Outposts subnet communicate with your on-premises network. The default option is direct VPC routing, which uses the private IP addresses of the instances. The other option is to use addresses from a customer-owned IP address pool (CoIP) that you provide. Direct VPC routing and CoIP are mutually exclusive options that control how routing works. To determine the best option for your Outpost, see [How to choose between CoIP and Direct VPC routing modes on AWS Outposts rack](https://aws.amazon.com/blogs/compute/how-to-choose-between-coip-and-direct-vpc-routing-modes-on-aws-outposts-rack/).
You can share the local gateway route table with other AWS accounts or organizational units using AWS Resource Access Manager. For more information, see [Working with shared AWS Outposts resources](sharing-outposts.md).
**Topics**
+ [Direct VPC routing](#direct-vpc-routing)
+ [Customer-owned IP addresses](#ip-addressing)
+ [Custom route tables](#working-with-route-tables)
## Direct VPC routing
Direct VPC routing uses the private IP address of the instances in your VPC to facilitate communication with your on-premises network. These addresses are advertised to your on-premises network with BGP. Advertisement to BGP is only for the private IP addresses that belong to the subnets on your Outposts rack. This type of routing is the default mode for Outposts. In this mode, the local gateway does not perform NAT for instances, and you do not need to assign Elastic IP addresses to your EC2 instances. You have the option to use your own address space instead of direct VPC routing mode. For more information, see [Customer-owned IP addresses](#ip-addressing).
Direct VPC routing mode does not support overlapping CIDR ranges.
Direct VPC routing is supported only for instance network interfaces. With network interfaces that AWS creates on your behalf (known as requester-managed network interfaces), their private IP addresses are not reachable from your on-premises network. For example, VPC endpoints are not directly reachable from your on-premises network.
The following examples illustrate direct VPC routing.
**Topics**
+ [Internet connectivity through the Region](#direct-vpc-routing-example-1)
+ [Internet connectivity through the on-premises network](#direct-vpc-routing-example-2)
### Example: Internet connectivity through the VPC
Instances in an Outpost subnet can access the internet through the internet gateway attached to the VPC.
Consider the following configuration:
+ The parent VPC spans two Availability Zones and has a subnet in each Availability Zone.
+ The Outpost has one subnet.
+ Each subnet has an EC2 instance.
+ The local gateway uses BGP advertisement to advertise the private IP addresses of the Outpost subnet to the on-premises network.
**Note**
BGP advertisement is supported only for subnets on an Outpost that have a route with the local gateway as the destination. Any other subnets are not advertised through BGP.
In the following diagram, traffic from the instance in the Outpost subnet can use the internet gateway for the VPC to access the internet.
![\[Routing overview\]](http://docs.aws.amazon.com/outposts/latest/userguide/images/outpost-routing-overview-direct-vpc.png)
To achieve internet connectivity through the parent Region, the route table for the Outpost subnet must have the following routes.
| Destination | Target | Comments |
| --- | --- | --- |
| VPC CIDR | Local | Provides connectivity between the subnets in the VPC. |
| 0.0.0.0 | internet-gateway-id | Sends traffic destined for the internet to the internet gateway. |
| on-premises network CIDR | local-gateway-id | Sends traffic destined for the on-premises network to the local gateway. |
### Example: Internet connectivity through the on-premises network
Instances in an Outpost subnet can access the internet through the on-premises network. Instances in the Outpost subnet do not need a public IP address or Elastic IP address.
Consider the following configuration:
+ The Outpost subnet has an EC2 instance.
+ The router in the on-premises network performs network address translation (NAT).
+ The local gateway uses BGP advertisement to advertise the private IP addresses of the Outpost subnet to the on-premises network.
**Note**
BGP advertisement is supported only for subnets on an Outpost that have a route with the local gateway as the destination. Any other subnets are not advertised through BGP.
In the following diagram, traffic from the instance in the Outpost subnet can use the local gateway to access the internet or the on-premises network. Traffic from the on-premises network uses the local gateway to access the instance in the Outpost subnet.
![\[Local gateway access to on-premises\]](http://docs.aws.amazon.com/outposts/latest/userguide/images/outpost-routing.png)
To achieve internet connectivity through the on-premises network, the route table for the Outpost subnet must have the following routes.
| Destination | Target | Comments |
| --- | --- | --- |
| VPC CIDR | Local | Provides connectivity between the subnets in the VPC. |
| 0.0.0.0/0 | local-gateway-id | Sends traffic destined for the internet to the local gateway. |
**Outbound access to the internet**
Traffic initiated from the instance in the Outpost subnet with a destination of the internet uses the route for 0.0.0.0/0 to route traffic to the local gateway. The local gateway sends the traffic to the router. The router uses NAT to translate the private IP address to a public IP address on the router, and then sends the traffic to the destination.
**Outbound access to the on-premises network**
Traffic initiated from the instance in the Outpost subnet with a destination of the on-premises network uses the route for 0.0.0.0/0 to route traffic to the local gateway. The local gateway sends the traffic to the destination in the on-premises network.
**Inbound access from the on-premises network**
Traffic from the on-premises network with a destination of the instance in the Outpost subnet uses the private IP address of the instance. When the traffic reaches the local gateway, the local gateway sends the traffic to the destination in the VPC.
## Customer-owned IP addresses
By default, the local gateway uses the private IP addresses of instances in your VPC to facilitate communication with your on-premises network. However, you can provide an address range, known as a *customer-owned IP address pool* (CoIP), which supports overlapping CIDR ranges and other network topologies.
If you choose CoIP, you must create an address pool, assign it to the local gateway route table, and advertise these addresses back to your customer network through BGP. Any customer-owned IP Addresses associated with your local gateway route table show in the route table as propagated routes.
Customer-owned IP addresses provide local or external connectivity to resources in your on-premises network. You can assign these IP addresses to resources on your Outpost, such as EC2 instances, by allocating a new Elastic IP address from the customer-owned IP pool, and then assigning it to your resource. For more information, see [CoIP pools](coip-pools.md).
**Note**
For a customer-owned IP address pool, you must be able to route the address in your network.
When you allocate an Elastic IP address from your customer-owned IP address pool, you continue to own the IP addresses in your customer-owned IP address pool. You are responsible for advertising them as needed on your internal networks or WAN.
You can optionally share your customer-owned pool with multiple AWS accounts in your organization using AWS Resource Access Manager. After you share the pool, participants can allocate an Elastic IP address from the customer owned IP address pool, and then assign it to an EC2 instance on the Outpost. For more information, see [Share your AWS Outposts resources](sharing-outposts.md).
**Topics**
+ [Internet connectivity through Region](#coip-routing-example-1)
+ [Internet connectivity through the on-premises network](#coip-routing-example-2)
### Example: Internet connectivity through the VPC
Instances in an Outpost subnet can access the internet through the internet gateway attached to the VPC.
Consider the following configuration:
+ The parent VPC spans two Availability Zones and has a subnet in each Availability Zone.
+ The Outpost has one subnet.
+ Each subnet has an EC2 instance.
+ There is a customer-owned IP address pool.
+ The instance in the Outpost subnet has an Elastic IP address from the customer-owned IP address pool.
+ The local gateway uses BGP advertisement to advertise the customer-owned IP address pool to the on-premises network.
![\[Routing overview\]](http://docs.aws.amazon.com/outposts/latest/userguide/images/outpost-routing-overview.png)
To achieve internet connectivity through the Region, the route table for the Outpost subnet must have the following routes.
| Destination | Target | Comments |
| --- | --- | --- |
| VPC CIDR | Local | Provides connectivity between the subnets in the VPC. |
| 0.0.0.0 | internet-gateway-id | Sends traffic destined for the public internet to the internet gateway. |
| On-premises network CIDR | local-gateway-id | Sends traffic destined for the on-premises network to the local gateway. |
### Example: Internet connectivity through the on-premises network
Instances in an Outpost subnet can access the internet through the on-premises network.
Consider the following configuration:
+ The Outpost subnet has an EC2 instance.
+ There is a customer-owned IP address pool.
+ The local gateway uses BGP advertisement to advertise the customer-owned IP address pool to the on-premises network.
+ An Elastic IP address association that maps 10.0.3.112 to 10.1.0.2.
+ The router in the customer on-premises network performs NAT.
![\[Local gateway access to on-premises\]](http://docs.aws.amazon.com/outposts/latest/userguide/images/outpost-routing.png)
To achieve internet connectivity through the local gateway, the route table for the Outpost subnet must have the following routes.
| Destination | Target | Comments |
| --- | --- | --- |
| VPC CIDR | Local | Provides connectivity between the subnets in the VPC. |
| 0.0.0.0/0 | local-gateway-id | Sends traffic destined for the internet to the local gateway. |
**Outbound access to the internet**
Traffic initiated from the EC2 instance in the Outpost subnet with a destination of the internet uses the route for 0.0.0.0/0 to route traffic to the local gateway. The local gateway maps the private IP address of the instance to the customer-owned IP address, and then sends the traffic to the router. The router uses NAT to translate the customer-owned IP address to a public IP address on the router, and then sends the traffic to the destination.
**Outbound access to the on-premises network**
Traffic initiated from the EC2 instance in the Outpost subnet with a destination of the on-premises network uses the route for 0.0.0.0/0 to route traffic to the local gateway. The local gateway translates the IP address of the EC2 instance to the customer-owned IP address (Elastic IP address), and then sends the traffic to the destination.
**Inbound access from the on-premises network**
Traffic from the on-premises network with a destination of the instance in the Outpost subnet uses the customer-owned IP address (Elastic IP address) of the instance. When the traffic reaches the local gateway, the local gateway maps the customer-owned IP address (Elastic IP address) to the instance IP address, and then sends the traffic to the destination in the VPC. In addition, the local gateway route table evaluates any routes that target elastic network interfaces. If the destination address matches any static route's destination CIDR, traffic is sent to that elastic network interface. When traffic follows a static route to an elastic network interface, the destination address is preserved and is not translated to the private IP address of the network interface.
## Custom route tables
You can create a custom route table for your local gateway. The local gateway route table must have an association to a VIF group and a VPC. For step-by-step directions, see [Configure local gateway connectivity](https://docs.aws.amazon.com/outposts/latest/userguide/launch-instance.html#configure-lgw-connectivity).
# Local gateway route table routes
You can create local gateway route tables and inbound routes to network interfaces on your Outpost. You can also modify an existing local gateway inbound route to change the target network interface.
A route is in **active** status only when its target network interface is attached to a running instance. If the instance is stopped or the interface is detached, the route status changes from **active** to **blackhole**.
**Topics**
+ [Requirements and limitations](#lgw-requirements-limitations)
+ [Create custom local gateway route tables](#create-lgw-route-table)
+ [Switch local gateway route table modes or delete a local gateway route table](#switch-modes)
## Requirements and limitations
The following requirements and limitations apply:
+ The target network interface must belong to a subnet on your Outpost and must be attached to an instance in that Outpost. A local gateway route can't target an Amazon EC2 instance on a different Outpost or in the parent AWS Region.
+ The subnet must belong to a VPC that is associated to the local gateway route table.
+ You must not exceed more than 100 network interface routes in the same route table.
+ AWS prioritizes the most specific route, and if the routes match, we prioritize static routes over propagated routes.
+ Interface VPC endpoints are not supported.
+ BGP advertisement is only for subnets on an Outpost that have a route in the route table that targets the local gateway. If subnets do not have a route in the route table that targets the local gateway, then those subnets are not advertised with BGP.
+ Only network interfaces that are attached to Outpost instances can communicate through the local gateway for that Outpost. Network interfaces that belong to the Outpost subnet but attached to an instance in the Region can't communicate through the local gateway for that Outpost.
+ Requester-managed interfaces, such as those created for VPC endpoints, can't be reached from the on-premises network through the local gateway. They can be reached only from instances that are in the Outpost subnet.
The following NAT considerations apply:
+ The local gateway does not perform NAT on traffic that matches an network interface route. Instead, the destination IP address is preserved.
+ Turn off source/destination checking for the target network interface. For more information, see [Network interface concepts](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#eni-basics) in the *Amazon EC2 User Guide*.
+ Configure the operating system to allow traffic from the destination CIDR to be accepted on the network interface.
## Create custom local gateway route tables
You can create a custom route table for your local gateway using the AWS Outposts console.
**To create a custom local gateway route table using the console**
1. Open the AWS Outposts console at [https://console.aws.amazon.com/outposts/](https://console.aws.amazon.com/outposts/home).
1. To change the AWS Region, use the Region selector in the upper-right corner of the page.
1. On the navigation pane, choose **Local gateway route table**.
1. Choose **Create local gateway route table**.
1. (Optional) For **Name**, enter a name for your local gateway route table.
1. For **Local gateway**, choose your local gateway.
1. (Optional) Choose **Associate VIF group** and choose your **VIF group**.
Edit the local gateway route table to add a static route that has the VIF Group as the target.
1. For **Mode**, choose a mode for communication with your on-premises network.
+ Choose **Direct VPC routing** to use the private IP address of an instance.
+ Choose **CoIP** to use the customer-owned IP address.
+ (Optional) Add or remove CoIP pools and additional CIDR blocks
[Add a CoIP pool] Choose **Add new pool** and do the following:
+ For **Name**, enter a name for your CoIP pool.
+ For **CIDR**, enter a CIDR block of customer-owned IP addresses.
+ [Add CIDR blocks] Choose **Add new CIDR** and enter a range of customer-owned IP addresses.
+ [Remove a CoIP pool or an additional CIDR block] Choose **Remove** to the right of a CIDR block or below the CoIP pool.
You can specify up to 10 CoIP pools and 100 CIDR blocks.
1. (Optional) Add or remove a tag.
[Add a tag] Choose **Add new tag** and do the following:
+ For **Key**, enter the key name.
+ For **Value**, enter the key value.
[Remove a tag] Choose **Remove** to the right of the tag’s key and value.
1. Choose **Create local gateway route table**.
## Switch local gateway route table modes or delete a local gateway route table
You must delete and recreate the local gateway route table to switch modes. Deleting the local gateway route table causes network traffic interruption.
**To switch modes or delete a local gateway route table**
1. Open the AWS Outposts console at [https://console.aws.amazon.com/outposts/](https://console.aws.amazon.com/outposts/home).
1. Verify that you are in the correct AWS Region.
To change the Region, use the Region selector in the top-right corner of the page.
1. On the navigation pane, choose **Local gateway route tables**.
1. Verify if the local gateway route table is associated with a VIF group. If it is associated, you must remove the association between the local gateway route table and the VIF group.
1. Choose the ID of the local gateway route table.
1. Choose the **VIF group association** tab.
1. If one or more VIF groups are associated with the local gateway route table, choose **Edit VIF group association**.
1. Clear the **Associate VIF group** checkbox.
1. Choose **Save changes**.
1. Choose **Delete local gateway route table**.
1. In the confirmation dialog box, type **delete** and then choose **Delete**.
1. (Optional) Create a local gateway route table with a new mode.
1. On the navigation pane, choose **Local gateway route tables**.
1. Choose **Create local gateway route table**.
1. Configure the local gateway route table using the new mode. For more information, see [Create custom local gateway route tables](#create-lgw-route-table).
# Create a CoIP pool
You can provide IP address ranges to facilitate communication between your on-premises network and instances in your VPC. For more information, see [Customer-owned IP addresses](routing.md#ip-addressing).
Customer-owned IP pools are available for local gateway route tables in CoIP mode.
Use the following procedure to create a CoIP pool.
------
#### [ Console ]
**To create a CoIP pool using the console**
1. Open the AWS Outposts console at [https://console.aws.amazon.com/outposts/](https://console.aws.amazon.com/outposts/home).
1. To change the AWS Region, use the Region selector in the upper-right corner of the page.
1. On the navigation pane, choose **Local gateway route tables**.
1. Choose the route table.
1. Choose the **CoIP pools** tab in the details pane, and then choose **Create CoIP pool**.
1. (Optional) For **Name**, enter a name for your CoIP pool.
1. Choose **Add new CIDR** and enter a range of customer-owned IP addresses.
1. (Optional) To add a CIDR block, choose **Add new CIDR** and enter a range of customer-owned IP addresses.
1. Choose **Create CoIP pool**.
------
#### [ AWS CLI ]
**To create a CoIP pool using the AWS CLI**
1. Use the [create-coip-pool](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-coip-pool.html) command to create a pool of CoIP addresses for the specified local gateway route table.
```
aws ec2 create-coip-pool --local-gateway-route-table-id lgw-rtb-abcdefg1234567890
```
The following is example output.
```
{
"CoipPool": {
"PoolId": "ipv4pool-coip-1234567890abcdefg",
"LocalGatewayRouteTableId": "lgw-rtb-abcdefg1234567890",
"PoolArn": "arn:aws:ec2:us-west-2:123456789012:coip-pool/ipv4pool-coip-1234567890abcdefg"
}
}
```
1. Use the [create-coip-cidr](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-coip-cidr.html) command to create a range of CoIP addresses in the specified CoIP pool.
```
aws ec2 create-coip-cidr --cidr 15.0.0.0/24 --coip-pool-id ipv4pool-coip-1234567890abcdefg
```
The following is example output.
```
{
"CoipCidr": {
"Cidr": "15.0.0.0/24",
"CoipPoolId": "ipv4pool-coip-1234567890abcdefg",
"LocalGatewayRouteTableId": "lgw-rtb-abcdefg1234567890"
}
}
```
------
After you create a CoIP pool, use the following procedure to assign an address to your instance.
------
#### [ Console ]
**To assign a CoIP address to an instance using the console**
1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).
1. In the navigation pane, choose **Elastic IPs**.
1. Choose **Allocate Elastic IP address**.
1. For **Network Border Group**, select the location from which the IP address is advertised.
1. For **Public IPv4 address pool**, choose **Customer owned IPv4 address pool**.
1. For **Customer owned IPv4 address pool**, select the pool that you configured.
1. Choose **Allocate**.
1. Select the Elastic IP address, and choose **Actions**, **Associate Elastic IP address**.
1. Select the instance from **Instance**, and then choose **Associate**.
------
#### [ AWS CLI ]
**To assign a CoIP address to an instance using the AWS CLI**
1. Use the [describe-coip-pools](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-coip-pools.html) command to retrieve information about your customer-owned address pools.
```
aws ec2 describe-coip-pools
```
The following is example output.
```
{
"CoipPools": [
{
"PoolId": "ipv4pool-coip-0abcdef0123456789",
"PoolCidrs": [
"192.168.0.0/16"
],
"LocalGatewayRouteTableId": "lgw-rtb-0abcdef0123456789"
}
]
}
```
1. Use the [allocate-address](https://docs.aws.amazon.com/cli/latest/reference/ec2/allocate-address.html) command to allocate an Elastic IP address. Use the pool ID returned in the previous step.
```
aws ec2 allocate-address--address 192.0.2.128 --customer-owned-ipv4-pool ipv4pool-coip-0abcdef0123456789
```
The following is example output.
```
{
"CustomerOwnedIp": "192.0.2.128",
"AllocationId": "eipalloc-02463d08ceEXAMPLE",
"CustomerOwnedIpv4Pool": "ipv4pool-coip-0abcdef0123456789",
}
```
1. Use the [associate-address](https://docs.aws.amazon.com/cli/latest/reference/ec2/associate-address.html) command to associate the Elastic IP address with the Outpost instance. Use the allocation ID returned in the previous step.
```
aws ec2 associate-address --allocation-id eipalloc-02463d08ceEXAMPLE --network-interface-id eni-1a2b3c4d
```
The following is example output.
```
{
"AssociationId": "eipassoc-02463d08ceEXAMPLE",
}
```
------