堆栈内存溢出
  简体   繁体   English

将子网修改为 VPC 终端节点

[英]Modify subnets to a VPC endpoint

 原文  2020-10-23 10:05:10       amazon-web-services/ endpoint/ subnet/ vpc

问题描述

I recently turned my two AWS public subnets into private subnets and added a public subnet that's got a NAT gateway.我最近将我的两个 AWS 公共子网变成了私有子网,并添加了一个带有 NAT 网关的公共子网。 The private subnet routing table routs traffic to the NAT gateway and the public one routs it to the Internet Gateway.私有子网路由表将流量路由到 NAT 网关,而公共子网路由表将其路由到 Internet 网关。 However, it isn't working and I don't get response to my API calls.但是,它不起作用,我的 API 调用没有得到响应。

I think this is due to the fact that my VPC endpoint has the two private subnets associated with it instead of the public subnet.我认为这是因为我的 VPC 终端节点有两个与之关联的私有子网,而不是公共子网。 I tried to change the associated private subnets to the public one but got the AWS error:我尝试将关联的私有子网更改为公共子网,但收到了 AWS 错误:

Error modifying subnets
Can't change subnets of a requester-managed endpoint for the service ...

What would be the way to get around this error and add my public subnet to the VPC endpoint?解决此错误并将我的公共子网添加到 VPC 终端节点的方法是什么?

Additional info: Each private subnet has an EC2 auto-scaling group instance and a serverless aurora DB instance in it.附加信息:每个私有子网中都有一个 EC2 自动扩展组实例和一个无服务器 Aurora 数据库实例。

Cheers, Kris干杯,克里斯

2 个解决方案

解决方案1
 2  2021-04-06 16:16:33

I also had this annoying problem.我也遇到了这个烦人的问题。 The error messages are not really helpful here.错误消息在这里并没有真正的帮助。 They do not reveal which service exactly created those interfaces.它们没有透露究竟是哪个服务创建了这些接口。 So I went to Cloudtrail, listed all events, and searched for the VPC Endpoint name (vpce-1234567890xxx) that refused to be deleted to find out who created it.于是我去Cloudtrail,列出所有事件,搜索拒绝删除的VPC Endpoint名称(vpce-1234567890xxx),找出是谁创建的。 In my case, it turned out to be the RDS proxy service.就我而言,结果是 RDS 代理服务。 So I went to RDS and deleted the proxy.所以我去了RDS并删除了代理。

解决方案2
 1 已采纳  2020-10-23 10:47:56

Since it is requester-managed VPC endpoint :由于它是请求者管理的 VPC 端点

You cannot modify or detach a requester-managed network interface.不能修改或分离请求者管理的网络接口。

This means that you have to delete the resource that created the endpoint in the first place:这意味着您必须首先删除创建端点的资源:

If you delete the resource that the network interface represents, the AWS service detaches and deletes the network interface for you.如果您删除网络接口代表的资源,AWS 服务会为您分离并删除网络接口。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Terraform 获取 vpc 端点子网的 IP - Terraform get IPs of vpc endpoint subnets AWS:私有子网的 VPC 接口终端节点 - AWS: VPC interface endpoint for private subnets 仅从我的VPC /子网访问Elastic Search Internet端点 - Access Elastic Search internet endpoint only from my VPC/Subnets 现有vpc和子网的VPC对等 - VPC peering of existing vpc and subnets VPC和子网是我还是用户? - VPC and Subnets for me or user? 在 Terraform 中创建 VPC 和相应的子网 - VPC and corresponding subnets creation in Terraform 一个 VPC 中需要多少个子网 - How many subnets required in a VPC 自定义 VPC 子网的 RDS 问题 - RDS issues with custom VPC Subnets VPC“fromLookup”导致所有私有子网和没有公共子网 - VPC "fromLookup" results in all Private Subnets and no Public Subnets 将AZ映射到所选子网,并将子网映射到所选VPC - Mapping the AZ to the selected subnet, and the subnets to the selected VPC
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM