Internet Gateway的AWS CloudFormation错误
[英]AWS CloudFormation Errors with Internet Gateway
问题描述
CloudFormation beginner here. 
CloudFormation初学者在这里。 I've been researching and working on developing a CloudFormation template that will eventually be used as the starting point for a development environment for my team. 我一直在研究和开发CloudFormation模板,该模板最终将用作我团队开发环境的起点。
I've been picking at bits and pieces through some courses and examples online and have been relatively successful in my small attempt... Until tonight. 我一直在通过网上的一些课程和示例来进行点点滴滴的尝试,直到我今晚为止,在我的小尝试中都取得了相对的成功。
I am now trying to attach an Internet Gateway to my VPC and it is causing the Stack creation job to fail and rollback. 我现在尝试将Internet网关附加到我的VPC,这导致堆栈创建作业失败并回滚。 The Internet Gateway will not attach and for the life of me I just cannot determine why. Internet网关不会连接,对于我来说,我无法确定原因。
My full template is here. 我的完整模板在这里。 The plan is to create a VPC with 2 public and 2 private subnets. 该计划是创建一个具有2个公共子网和2个私有子网的VPC。 There will be an Internet Gateway attached to the 2 public subnets. 将有一个Internet网关连接到2个公共子网。 This is where the failure comes in. If I comment out the Internet Gateway creation, the template is successful. 这就是失败的原因。如果我注释掉Internet网关的创建,则模板成功。 Thanks in advance for your help. 在此先感谢您的帮助。
AWSTemplateFormatVersion: '2010-09-09'
Resources:
DevVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
InstanceTenancy: default
Tags:
- Key: Name
Value: dev-vpc
DevRoute53HostedZone:
Type: "AWS::Route53::HostedZone"
Properties:
HostedZoneConfig:
Comment: "aws hosted dev environment"
Name: "mydomain.oregon-dev.local"
VPCs:
-
VPCId: !Ref DevVPC
VPCRegion: "us-west-2"
DevPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref DevVPC
CidrBlock: 10.0.8.0/25
AvailabilityZone: "us-west-2a"
Tags:
- Key: Name
Value: DevPublicSubnetA
DevPublicSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref DevVPC
CidrBlock: 10.0.8.128/25
AvailabilityZone: "us-west-2b"
Tags:
- Key: Name
Value: DevPublicSubnetB
DevPrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref DevVPC
CidrBlock: 10.0.9.0/25
AvailabilityZone: "us-west-2a"
Tags:
- Key: Name
Value: DevPrivateSubnetA
DevPrivateSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref DevVPC
CidrBlock: 10.0.9.128/25
AvailabilityZone: "us-west-2b"
Tags:
- Key: Name
Value: DevPrivateSubnetB
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: DevVPC
Tags:
- Key: Name
Value: DevRouteTable
DevRoute:
Type: AWS::EC2::Route
DependsOn: NonProdNATGateway
Properties:
RouteTableId:
Ref: RouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: NonProdNATGateway
NonProdNATEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
NonProdNATGateway:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NonProdNATEIP.AllocationId
SubnetId: !Ref DevPublicSubnetA
SubnetId: !Ref DevPublicSubnetB
DependsOn:
- NonProdNATEIP
- DevPublicSubnetA
- DevPublicSubnetB
NonProdGWVPCAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref NonProdNATGateway
VpcId: !Ref DevVPC
DependsOn:
- NonProdNATGateway
Route:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: RouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: NonProdNATGateway
PrivateRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref DevPrivateSubnetA
SubnetId: !Ref DevPrivateSubnetB
PublicRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref DevPublicSubnetA
SubnetId: !Ref DevPublicSubnetB
Mappings:
R53EnvironmentMapping:
dev:
oregonawslocal: mydomain.oregon-dev.local
Outputs:
DevPublicSubnetA:
Description: ID for dev subnet A
Value: !Ref DevPublicSubnetA
Export:
Name: DevPublicSubnetA
DevPublicSubnetB:
Description: ID for dev subnet B
Value: !Ref DevPublicSubnetB
Export:
Name: DevPublicSubnetB
DevPrivateSubnetA:
Description: ID for dev subnet A
Value: !Ref DevPrivateSubnetA
Export:
Name: DevPrivateSubnetA
DevPrivateSubnetB:
Description: ID for dev subnet B
Value: !Ref DevPrivateSubnetB
Export:
Name: DevPrivateSubnetB
DevRoute53OregonAWSLocalHostedZone:
Description: Hosted zone ID for hosted zone
Value: !Ref DevRoute53HostedZone
Export:
Name: DevRoute53OregonAWSLocalHostedZone
DevRoute53OregonAWSLocalHostedZoneName:
Description: Hosted zone name for hosted zone
Value: !FindInMap [R53EnvironmentMapping, dev, oregonawslocal]
Export:
Name: DevRoute53OregonAWSLocalHostedZoneName
1 个解决方案
解决方案1
0 已采纳 2017-02-08 16:34:08
As Michael - sqlbot mentioned in a comment , one issue is that you're referencing an AWS::EC2::NATGateway resource in the AWS::EC2::VPCGatewayAttachment resource's InternetGatewayId property, which requires an AWS::EC2::InternetGateway resource. 正如Michael-sqlbot在评论中提到的那样,一个问题是您在AWS::EC2::VPCGatewayAttachment资源的InternetGatewayId属性中引用了AWS::EC2::NATGateway资源,该属性需要一个AWS::EC2::InternetGateway资源。
NAT Gateways and Internet Gateways are two different types of AWS resources - a NAT Gateway provides outbound-only Internet access to a private Subnet, while an Internet Gateway provides two-way Internet access to a public Subnet. NAT网关和Internet网关是两种不同类型的AWS资源-NAT网关提供对私有子网的仅出站Internet访问,而Internet网关提供对公共子网的双向Internet访问。
Another issue is that you need two separate sets of AWS::EC2::RouteTable and AWS::EC2::Route Resources, one set for your public Subnet and another for your private Subnet. 另一个问题是,您需要两套单独的AWS::EC2::RouteTable和AWS::EC2::Route资源,一组用于您的公共子网,另一组用于您的私有子网。 The public Route should have GatewayId referencing the Internet Gateway, and the private Route should have NatGatewayId referencing the NAT Gateway. 公用路由应具有引用Internet网关的GatewayId ,而私有路由应具有引用NAT网关的NatGatewayId 。
Finally, you have some invalid duplicate SubnetId properties in several resources ( NatGateway , SubnetRouteTableAssociation )- each of these Resources only points accepts a single Subnet ID. 最后,您在多个资源( NatGateway , SubnetRouteTableAssociation )中有一些无效的SubnetId属性重复-这些资源中的每个仅点接受一个子网ID。
Since you're a CloudFormation beginner, I strongly recommend leveraging AWS Quick Start 's Amazon VPC Architecture template to get started quickly with a reference VPC architecture. 由于您是CloudFormation的初学者,因此我强烈建议您利用AWS Quick Start的Amazon VPC架构 模板快速开始使用参考VPC架构。 This AWS-supported template creates a single VPC containing both public and private subnets within each specified Availability Zone (you provide 2-4 Availability Zones as Parameters). 此AWS支持的模板在每个指定的可用区中创建一个包含公共子网和专用子网的单个VPC(您提供2-4个可用区作为参数)。 You can later customize this template to better fit your specific needs if necessary, or use it as a reference for configuring your own template's resources. 以后,您可以根据需要自定义此模板,以更好地满足您的特定需求,或将其用作配置自己模板资源的参考。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.