![](/img/trans.png)
[英]Restrict acces to API Gateway endpoint to VPC in cloudformation
[英]VPC endpoint in Cloudformation - Endpoint type (Gateway) does not match available service types ([Interface])
我正在嘗試在 Cloudformation 中為 API 網關創建 VPC 端點,但出現此錯誤:
Endpoint type (Gateway) does not match available service types ([Interface]).
下面的模板放置在資源部分中:
executeApiEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal: "*"
Action:
- "execute-api:Invoke"
- "execute-api:ManageConnections"
Resource:
- "arn:aws:execute-api:*:*:*"
RouteTableIds:
- !Ref privateRouteTable
ServiceName: !Sub com.amazonaws.${AWS::Region}.execute-api
VpcId: !Ref pubPrivateVPC
這個也不起作用:
executeApiEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal: "*"
Action:
- "execute-api:*"
Resource:
- "*"
RouteTableIds:
- !Ref privateRouteTable
ServiceName: !Sub com.amazonaws.${AWS::Region}.execute-api
VpcId: !Ref pubPrivateVPC
但是,這個塊(來自模板)能夠在沒有任何錯誤的情況下執行:
s3Endpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal: "*"
Action:
- "s3:*"
Resource:
- "*"
RouteTableIds:
- !Ref privateRouteTable
ServiceName: !Sub com.amazonaws.${AWS::Region}.s3
VpcId: !Ref pubPrivateVPC
這里出了什么問題?
您還必須將AWS::EC2::VPCEndpoint
資源上的VpcEndpointType 屬性指定為Interface
以使接口類型的 VPC 終端節點正常工作。 默認值為“網關”,僅適用於 S3 和 DynamoDB VPC 終端節點。
您的解決方案使用 S3 作為端點的原因是因為VpcEndpointType
屬性具有“網關”作為默認值(適用於 S3)。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.