Fatal编程技术网

Amazon cloudformation 未找到vgw的云信息错误,超时

amazon-cloudformation

Amazon cloudformation 未找到vgw的云信息错误,超时,amazon-cloudformation,Amazon Cloudformation,以下是一个创建VPC VPN连接的模板,但它在尝试查找VGW时一直超时。有人能帮忙修改它或指出错误吗 AWSTemplateFormatVersion: 2010-09-09 Description: aws vpc-vpn connection for AGERO by ekumar Outputs: PrivateSubnet: Description: SubnetId of the VPN connected subnet Value: !Ref PrivateSub

以下是一个创建VPC VPN连接的模板,但它在尝试查找VGW时一直超时。有人能帮忙修改它或指出错误吗

AWSTemplateFormatVersion: 2010-09-09
Description: aws vpc-vpn connection for AGERO by ekumar
Outputs:
  PrivateSubnet:
    Description: SubnetId of the VPN connected subnet
    Value: !Ref PrivateSubnet
  VPCId:
    Description: VPCId of the newly created VPC
    Value: !Ref VPC
Parameters:
  OnPremiseCIDR:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: 10.0.0.0/24
    Description: IP Address range for your existing infrastructure
    MaxLength: '18'
    MinLength: '9'
    Type: String
  SubnetCIDR:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: 10.1.0.0/24
    Description: IP Address range for the VPN connected Subnet
    MaxLength: '18'
    MinLength: '9'
    Type: String
  VPCCIDR:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: 10.1.0.0/16
    Description: IP Address range for the VPN connected VPC
    MaxLength: '18'
    MinLength: '9'
    Type: String
  VPNAddress:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})'
    ConstraintDescription: must be a valid IP address of the form x.x.x.x
    Default: 98.216.131.178
    Description: IP Address of your VPN device
    MaxLength: '15'
    MinLength: '7'
    Type: String
Resources:
  CustomerGateway:
    Properties:
      BgpAsn: '65000'
      IpAddress: !Ref VPNAddress
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: VPN
          Value: !Join 
            - ''
            - - 'Gateway to '
              - !Ref VPNAddress
      Type: ipsec.1
    Type: 'AWS::EC2::CustomerGateway'
  InboundPrivateNetworkAclEntry:
    Properties:
      CidrBlock: 0.0.0.0/0
      Egress: 'false'
      NetworkAclId: !Ref PrivateNetworkAcl
      PortRange:
        From: '0'
        To: '65535'
      Protocol: '6'
      RuleAction: allow
      RuleNumber: '100'
    Type: 'AWS::EC2::NetworkAclEntry'
  OutBoundPrivateNetworkAclEntry:
    Properties:
      CidrBlock: 0.0.0.0/0
      Egress: 'true'
      NetworkAclId: !Ref PrivateNetworkAcl
      PortRange:
        From: '0'
        To: '65535'
      Protocol: '6'
      RuleAction: allow
      RuleNumber: '100'
    Type: 'AWS::EC2::NetworkAclEntry'
  PrivateNetworkAcl:
    Properties:
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: Private
      VpcId: !Ref VPC
    Type: 'AWS::EC2::NetworkAcl'
  PrivateRoute:
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref VPNGateway
      RouteTableId: !Ref PrivateRouteTable
    Type: 'AWS::EC2::Route'
    DependsOn: VPNGateway
  PrivateRouteTable:
    Properties:
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: VPN Connected Subnet
      VpcId: !Ref VPC
    Type: 'AWS::EC2::RouteTable'
  PrivateSubnet:
    Properties:
      CidrBlock: !Ref SubnetCIDR
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: VPN Connected Subnet
      VpcId: !Ref VPC
    Type: 'AWS::EC2::Subnet'
  PrivateSubnetNetworkAclAssociation:
    Properties:
      NetworkAclId: !Ref PrivateNetworkAcl
      SubnetId: !Ref PrivateSubnet
    Type: 'AWS::EC2::SubnetNetworkAclAssociation'
  PrivateSubnetRouteTableAssociation:
    Properties:
      RouteTableId: !Ref PrivateRouteTable
      SubnetId: !Ref PrivateSubnet
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
  VPC:
    Properties:
      CidrBlock: !Ref VPCCIDR
      EnableDnsHostnames: 'true'
      EnableDnsSupport: 'true'
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: VPN Connected VPC
    Type: 'AWS::EC2::VPC' 
    DependsOn: VPNConnection
  VPNConnection:
    Properties:
      CustomerGatewayId: !Ref CustomerGateway
      StaticRoutesOnly: 'true'
      Type: ipsec.1
      VpnGatewayId: !Ref VPNGateway
    Type: 'AWS::EC2::VPNConnection'
  VPNConnectionRoute:
    Properties:
      DestinationCidrBlock: !Ref OnPremiseCIDR
      VpnConnectionId: !Ref VPNConnection
    Type: 'AWS::EC2::VPNConnectionRoute'  
  VPNGateway:
    Properties:
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
      Type: ipsec.1
    Type: 'AWS::EC2::VPNGateway'
  VPNGatewayAttachment:
    Properties:
      VpcId: !Ref VPC
      VpnGatewayId: !Ref VPNGateway
    Type: 'AWS::EC2::VPCGatewayAttachment'
返回的错误为:

**20:23:22 UTC-0400 CREATE_FAILED   AWS::EC2::Route PrivateRoute    The gateway ID 'vgw-a359aeca' does not exist**
这里的问题是vgw从未与您的VPC关联,因此路由表中的任何关联都将失败,因为vgw根本不存在于您的VPC中

下面是对模板的轻微修改,以等待vgwattachment完成,然后执行其他任务

AWSTemplateFormatVersion: 2010-09-09
Description: aws vpc-vpn connection for XYZ by ekumar
Outputs:
  PrivateSubnet:
    Description: SubnetId of the VPN connected subnet
    Value: !Ref PrivateSubnet
  VPCId:
    Description: VPCId of the newly created VPC
    Value: !Ref VPC
Parameters:
  OnPremiseCIDR:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: 10.0.0.0/24
    Description: IP Address range for your existing infrastructure
    MaxLength: '18'
    MinLength: '9'
    Type: String
  SubnetCIDR:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: 10.1.0.0/24
    Description: IP Address range for the VPN connected Subnet
    MaxLength: '18'
    MinLength: '9'
    Type: String
  VPCCIDR:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: 10.1.0.0/16
    Description: IP Address range for the VPN connected VPC
    MaxLength: '18'
    MinLength: '9'
    Type: String
  VPNAddress:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})'
    ConstraintDescription: must be a valid IP address of the form x.x.x.x
    Default: 98.216.131.178
    Description: IP Address of your VPN device
    MaxLength: '15'
    MinLength: '7'
    Type: String
Resources:
  VPC:
    Properties:
      CidrBlock: !Ref VPCCIDR
      EnableDnsHostnames: 'true'
      EnableDnsSupport: 'true'
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: VPN Connected VPC
    Type: 'AWS::EC2::VPC'  
    DependsOn: VPNConnection
  CustomerGateway:
    Properties:
      BgpAsn: '65000'
      IpAddress: !Ref VPNAddress
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: VPN
          Value: !Join 
            - ''
            - - 'Gateway to '
              - !Ref VPNAddress
      Type: ipsec.1
    Type: 'AWS::EC2::CustomerGateway'
  PrivateNetworkAcl:
    Properties:
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: Private
      VpcId: !Ref VPC
    Type: 'AWS::EC2::NetworkAcl'
  InboundPrivateNetworkAclEntry:
    Properties:
      CidrBlock: 0.0.0.0/0
      Egress: 'false'
      NetworkAclId: !Ref PrivateNetworkAcl
      PortRange:
        From: '0'
        To: '65535'
      Protocol: '6'
      RuleAction: allow
      RuleNumber: '100'
    Type: 'AWS::EC2::NetworkAclEntry'
  OutBoundPrivateNetworkAclEntry:
    Properties:
      CidrBlock: 0.0.0.0/0
      Egress: 'true'
      NetworkAclId: !Ref PrivateNetworkAcl
      PortRange:
        From: '0'
        To: '65535'
      Protocol: '6'
      RuleAction: allow
      RuleNumber: '100'
    Type: 'AWS::EC2::NetworkAclEntry'
  VPNConnection:
    Properties:
      CustomerGatewayId: !Ref CustomerGateway
      StaticRoutesOnly: 'true'
      Type: ipsec.1
      VpnGatewayId: !Ref VPNGateway
    Type: 'AWS::EC2::VPNConnection'
  VPNConnectionRoute:
    Properties:
      DestinationCidrBlock: !Ref OnPremiseCIDR
      VpnConnectionId: !Ref VPNConnection
    Type: 'AWS::EC2::VPNConnectionRoute'  
  VPNGateway:
    Properties:
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
      Type: ipsec.1
    Type: 'AWS::EC2::VPNGateway'
  VPNGatewayAttachment:
    Properties:
      VpcId: !Ref VPC
      VpnGatewayId: !Ref VPNGateway
    Type: 'AWS::EC2::VPCGatewayAttachment'
  PrivateRoute:
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref VPNGateway
      RouteTableId: !Ref PrivateRouteTable
    Type: 'AWS::EC2::Route'
    DependsOn: VPNGateway
  PrivateRouteTable:
    Properties:
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: VPN Connected Subnet
      VpcId: !Ref VPC
    Type: 'AWS::EC2::RouteTable'
    DependsOn: VPNGatewayAttachment
  PrivateSubnet:
    Properties:
      CidrBlock: !Ref SubnetCIDR
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: VPN Connected Subnet
      VpcId: !Ref VPC
    Type: 'AWS::EC2::Subnet'
  PrivateSubnetNetworkAclAssociation:
    Properties:
      NetworkAclId: !Ref PrivateNetworkAcl
      SubnetId: !Ref PrivateSubnet
    Type: 'AWS::EC2::SubnetNetworkAclAssociation'
  PrivateSubnetRouteTableAssociation:
    Properties:
      RouteTableId: !Ref PrivateRouteTable
      SubnetId: !Ref PrivateSubnet
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
为了便于阅读,请将输出部分放在末尾。并记下创建资源的顺序

注意:不要质疑公司名称: