AWS Network Firewall: 'local-target' Error and Troubleshooting

This error message is related to the AWS Network Firewall service. The 'local-target' is a feature that allows you to redirect traffic to a specific IP address or network interface within your VPC. However, this feature can only be used with local destination CIDRs, which means that the traffic must be destined for an IP address or subnet within your VPC.

If you are seeing this error message, it is likely because you are trying to use the 'local-target' feature with a destination CIDR that is outside of your VPC. To resolve this issue, you should modify your configuration to ensure that the traffic is only redirected to local destinations within your VPC.

Here are a few steps you can take to troubleshoot this issue:

1. Check your Network Firewall configuration to ensure that the destination CIDR is correct and within your VPC.

2. Verify that your VPC has the correct routing configuration to allow traffic to reach the desired destination.

3. If you are using a VPN or Direct Connect connection, ensure that the routing configuration is correct on both ends of the connection.

4. Check your firewall rules to ensure that they are allowing traffic to reach the local target.

By following these steps, you should be able to resolve the 'aws local-target only allowed with network local destination CIDRs' error message and ensure that your Network Firewall is configured correctly.