由于子网无效,无法在 AWS 中创建 VPC
[英]failure to create VPC in AWS due to invalid subnets
问题描述
I'm using cloud formation to create a VPC.
我正在使用云形成来创建 VPC。 And it fails when it gets to creating the subnets.它在创建子网时失败。 I checked and I believe the subnets to be valid.我检查过,我相信子网是有效的。 Though my networking knowledge is somewhat lacking.虽然我的网络知识有点缺乏。
This is the error I get:这是我得到的错误:
00:46:49 UTC-0400 CREATE_FAILED AWS::EC2::Subnet SubnetA The CIDR '172.16.64.0/16' is invalid.
00:46:49 UTC-0400 CREATE_IN_PROGRESS AWS::EC2::RouteTable RouteTable Resource creation Initiated 00:46:49 UTC-0400 CREATE_FAILED AWS::EC2::Subnet SubnetB The CIDR '197.16.128.0/16' is invalid. 00:46:49 UTC-0400 CREATE_IN_PROGRESS AWS::EC2::RouteTable RouteTable 资源创建启动 00:46:49 UTC-0400 CREATE_FAILED AWS::EC2::Subnet SubnetB CIDR '197.16.128.0/16' 无效。
And this is the template I'm trying to use:这是我尝试使用的模板:
---
AWSTemplateFormatVersion: 2010-09-09
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.16.0.0/18
EnableDnsSupport: true
EnableDnsHostnames: true
InstanceTenancy: default
Tags:
- Key: Name
Value: JF-Staging-VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
SubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a
VpcId: !Ref VPC
CidrBlock: 172.16.64.0/16
MapPublicIpOnLaunch: False
SubnetB:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1b
VpcId: !Ref VPC
CidrBlock: 197.16.128.0/16
MapPublicIpOnLaunch: False
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
InternetRoute:
Type: AWS::EC2::Route
DependsOn: InternetGateway
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
RouteTableId: !Ref RouteTable
SubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetA
SubnetBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetB
SecurityGroupSSH:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "SSH Group"
GroupDescription: "SSH traffic in, all traffic out."
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupWeb:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "Web Group"
GroupDescription: "Web traffic in, all traffic out."
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '443'
ToPort: '443'
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
Metadata:
VPC:
Description: "Creating the JF Staging VPC"
InternetGateway:
Description: "Creating an Internet Gateway"
Can someone let me know where I'm going wrong and how to correct this?有人可以让我知道我哪里出错了以及如何解决这个问题吗?
2 个解决方案
解决方案1
4 2017-10-29 05:12:31
As per the error message, your IP address (CIDR) ranges are invalid.根据错误消息,您的 IP 地址 (CIDR) 范围无效。
It sets the following CIDR ranges:它设置以下 CIDR 范围:
- VPC: 172.16.0.0/18专有网络:172.16.0.0/18
- SubnetA: 172.16.64.0/16子网A:172.16.64.0/16
- SubnetB: 197.16.128.0/16子网B:197.16.128.0/16
Neither of these subnet ranges is part of the VPC range.这些子网范围均不属于 VPC 范围。 All subnet ranges must fall within the range specified by the VPC.所有子网范围都必须在 VPC 指定的范围内。 In fact, both of your subnets are larger (/16) than the VPC (/18).事实上,您的两个子网都比 VPC (/18)大(/16)。
Here, for example, are ranges that work fine:例如,这里是工作正常的范围:
- VPC: 172.16.0.0/16专有网络:172.16.0.0/16
- SubnetA: 172.16.64.0/24子网A:172.16.64.0/24
- SubnetB: 172.16.128.0/24子网B:172.16.128.0/24
If you do not understand CIDR ranges, see: Understanding IP Addresses, Subnets, and CIDR Notation for Networking如果您不了解 CIDR 范围,请参阅: 了解网络的 IP 地址、子网和 CIDR 表示法
解决方案2
2 已采纳 2017-10-29 05:06:13
The issue is with 197.16.128.0/16 which is a public IP address which cannot be assigned to a VPC or a subnet.问题在于 197.16.128.0/16,这是一个无法分配给 VPC 或子网的公共 IP 地址。
I think that you really meant to use the address:我认为你真的想使用这个地址:
172.16.128.0/16 172.16.128.0/16
[EDIT] [编辑]
Change your VPC to 172.16.0.0/16 Then change each subnet to use a portion of the /16 eg /24 Examples:将您的 VPC 更改为 172.16.0.0/16 然后更改每个子网以使用 /16 的一部分,例如 /24 示例:
172.16.0.0/24 172.16.0.0/24
172.16.1.0/24 172.16.1.0/24
172.16.2.0/24 172.16.2.0/24
etc.等等。
The issue with your current implementation is that your VPC is /18 which is smaller than the subnets that you are trying to create /16.您当前实施的问题是您的 VPC 是 /18,它小于您尝试创建的子网 /16。 You want the reverse, /16 for the VPC and /24 or anything smaller than /16 for the subnets.您希望相反,VPC 为 /16,子网为 /24 或任何小于 /16 的值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.