![](/img/trans.png)
[英]AWS Cloudformation VPCPeeringConnection between two public VPC's
[英]Create VPCPeeringConnection across AWS accounts via CloudFormation
在AWS中,我试图通过CloudFormation在不同帐户中的两个VPC之间创建VPC对等连接。
我可以通过UI手动创建对等连接,包含4个字段:
Name
Local VPC
Target Account ID
Target VPC ID
似乎CLI也支持目标帐户 。
当尝试使用AWS::EC2::VPCPeeringConnection
对象通过AWS::EC2::VPCPeeringConnection
做同样的事情时,问题出现了,问题是这个对象似乎只支持3个字段, 目标帐户不是其中之一 -
PeerVpcId
VpcId
Tags
用我的代码导致
AttributeError: AWS::EC2::VPCPeeringConnection object does not support attribute PeerVpcOwner
如何通过CloudFormation在另一个帐户中为VPC创建VPCPeeringConnection?
是的您可以在两个AWS账户之间配置VPC对等与云形成。
您可以使用AWS :: EC2 :: VPCPeeringConnection与另一个AWS账户中的虚拟私有云(VPC)进行对等。 这将在两个VPC之间创建网络连接,使您能够在它们之间路由流量,以便它们可以像在同一网络中一样进行通信。 VPC对等连接有助于促进数据访问和数据传输。
要建立VPC对等连接,您需要在单个AWS CloudFormation堆栈中授权两个单独的AWS账户。
来源: 演练:与另一个AWS账户中的Amazon VPC对等
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create a VPC and an assumable role for cross account VPC peering.",
"Parameters": {
"PeerRequesterAccountId": {
"Type": "String"
}
},
"Resources": {
"vpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.1.0.0/16",
"EnableDnsSupport": false,
"EnableDnsHostnames": false,
"InstanceTenancy": "default"
}
},
"peerRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Principal": {
"AWS": {
"Ref": "PeerRequesterAccountId"
}
},
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow"
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:AcceptVpcPeeringConnection",
"Resource": "*"
}
]
}
}
]
}
}
},
"Outputs": {
"VPCId": {
"Value": {
"Ref": "vpc"
}
},
"RoleARN": {
"Value": {
"Fn::GetAtt": [
"peerRole",
"Arn"
]
}
}
}
}
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create a VPC and a VPC Peering connection using the PeerRole to accept.",
"Parameters": {
"PeerVPCAccountId": {
"Type": "String"
},
"PeerVPCId": {
"Type": "String"
},
"PeerRoleArn": {
"Type": "String"
}
},
"Resources": {
"vpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.2.0.0/16",
"EnableDnsSupport": false,
"EnableDnsHostnames": false,
"InstanceTenancy": "default"
}
},
"vpcPeeringConnection": {
"Type": "AWS::EC2::VPCPeeringConnection",
"Properties": {
"VpcId": {
"Ref": "vpc"
},
"PeerVpcId": {
"Ref": "PeerVPCId"
},
"PeerOwnerId": {
"Ref": "PeerVPCAccountId"
},
"PeerRoleArn": {
"Ref": "PeerRoleArn"
}
}
}
},
"Outputs": {
"VPCId": {
"Value": {
"Ref": "vpc"
}
},
"VPCPeeringConnectionId": {
"Value": {
"Ref": "vpcPeeringConnection"
}
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.