[英]AWS Cloudformation VPCPeeringConnection between two public VPC's
[英]Create VPCPeeringConnection across AWS accounts via CloudFormation
在AWS中,我試圖通過CloudFormation在不同帳戶中的兩個VPC之間創建VPC對等連接。
我可以通過UI手動創建對等連接,包含4個字段:
Name
Local VPC
Target Account ID
Target VPC ID
似乎CLI也支持目標帳戶 。
當嘗試使用AWS::EC2::VPCPeeringConnection
對象通過AWS::EC2::VPCPeeringConnection
做同樣的事情時,問題出現了,問題是這個對象似乎只支持3個字段, 目標帳戶不是其中之一 -
PeerVpcId
VpcId
Tags
用我的代碼導致
AttributeError: AWS::EC2::VPCPeeringConnection object does not support attribute PeerVpcOwner
如何通過CloudFormation在另一個帳戶中為VPC創建VPCPeeringConnection?
是的您可以在兩個AWS賬戶之間配置VPC對等與雲形成。
您可以使用AWS :: EC2 :: VPCPeeringConnection與另一個AWS賬戶中的虛擬私有雲(VPC)進行對等。 這將在兩個VPC之間創建網絡連接,使您能夠在它們之間路由流量,以便它們可以像在同一網絡中一樣進行通信。 VPC對等連接有助於促進數據訪問和數據傳輸。
要建立VPC對等連接,您需要在單個AWS CloudFormation堆棧中授權兩個單獨的AWS賬戶。
來源: 演練:與另一個AWS賬戶中的Amazon VPC對等
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create a VPC and an assumable role for cross account VPC peering.",
"Parameters": {
"PeerRequesterAccountId": {
"Type": "String"
}
},
"Resources": {
"vpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.1.0.0/16",
"EnableDnsSupport": false,
"EnableDnsHostnames": false,
"InstanceTenancy": "default"
}
},
"peerRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Principal": {
"AWS": {
"Ref": "PeerRequesterAccountId"
}
},
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow"
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:AcceptVpcPeeringConnection",
"Resource": "*"
}
]
}
}
]
}
}
},
"Outputs": {
"VPCId": {
"Value": {
"Ref": "vpc"
}
},
"RoleARN": {
"Value": {
"Fn::GetAtt": [
"peerRole",
"Arn"
]
}
}
}
}
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create a VPC and a VPC Peering connection using the PeerRole to accept.",
"Parameters": {
"PeerVPCAccountId": {
"Type": "String"
},
"PeerVPCId": {
"Type": "String"
},
"PeerRoleArn": {
"Type": "String"
}
},
"Resources": {
"vpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.2.0.0/16",
"EnableDnsSupport": false,
"EnableDnsHostnames": false,
"InstanceTenancy": "default"
}
},
"vpcPeeringConnection": {
"Type": "AWS::EC2::VPCPeeringConnection",
"Properties": {
"VpcId": {
"Ref": "vpc"
},
"PeerVpcId": {
"Ref": "PeerVPCId"
},
"PeerOwnerId": {
"Ref": "PeerVPCAccountId"
},
"PeerRoleArn": {
"Ref": "PeerRoleArn"
}
}
}
},
"Outputs": {
"VPCId": {
"Value": {
"Ref": "vpc"
}
},
"VPCPeeringConnectionId": {
"Value": {
"Ref": "vpcPeeringConnection"
}
}
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.