Amazon web services 安全组和子网属于不同的网络使用堡垒主机设置Aurora时出错
我正在尝试设置一个RDS Aurora群集,该群集具有相关的Bastion主机以供访问。我收到以下错误Amazon web services 安全组和子网属于不同的网络使用堡垒主机设置Aurora时出错,amazon-web-services,amazon-ec2,amazon-rds,amazon-aurora,Amazon Web Services,Amazon Ec2,Amazon Rds,Amazon Aurora,我正在尝试设置一个RDS Aurora群集,该群集具有相关的Bastion主机以供访问。我收到以下错误 Security group sg-0e71d565ec5decfd9 and subnet subnet-c2cda1aa belong to different networks. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameter; Request ID: 68495593-198a-416a-84b
Security group sg-0e71d565ec5decfd9 and subnet subnet-c2cda1aa belong to different networks.
(Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameter;
Request ID: 68495593-198a-416a-84b5-f35439f040c3)
我很困惑是什么导致了这一点,因为我正在明确地为此脚本指定VPC id。
我要过去
VpcId: vpc-0e613d6fe837e387f
VpcSecurityGroupId: sg-03d5dd202625be5c5
关于原因,我最好的猜测是bastion安全组默认使用特定的网络,但是我似乎不知道如何解决这个问题
我的脚本如下
Description: Set up a serverles PostgreSQL cluster with a bastion host (using Aurora)
Parameters:
DatabaseName:
Type: String
EngineVersion:
Type: String
Default: 11.4
MasterUsername:
Type: String
Default: root
MasterUserPassword:
Type: String
Default: root1234
NoEcho: true
VpcId:
Type: AWS::EC2::VPC::Id
VpcSecurityGroupId:
Type: AWS::EC2::SecurityGroup::Id
DBSubnetGroupName:
Type: String
BastionImageId:
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Default: /aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs
BastionKeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: EC2 key used to connect to the bastion host
DeletionProtection:
Type: String
Default: false
AllowedValues:
- true
- false
Resources:
Cluster:
Type: AWS::RDS::DBCluster
Properties:
Engine: aurora-postgresql
EngineVersion: !Ref EngineVersion
DatabaseName: !Ref DatabaseName
MasterUsername: !Ref MasterUsername
MasterUserPassword: !Ref MasterUserPassword
DBClusterIdentifier: !Ref AWS::StackName
DBClusterParameterGroupName: !Ref DBParameterGroup
DBSubnetGroupName: !Ref DBSubnetGroupName
BackupRetentionPeriod: 35
DeletionProtection: !Ref DeletionProtection
VpcSecurityGroupIds:
- !Ref VpcSecurityGroupId
DBParameterGroup:
Type: AWS::RDS::DBClusterParameterGroup
Properties:
Description: The parameter group for the discourse DB cluster
Family: aurora-postgresql11
Parameters:
client_encoding: 'UTF8'
BastionSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Sub Bastion for ${AWS::StackName}
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
FromPort: -1
ToPort: -1
IpProtocol: -1
- DestinationSecurityGroupId: !Ref VpcSecurityGroupId
IpProtocol: tcp
FromPort: 3306
ToPort: 3306
SecurityGroupIngress: []
VpcId: !Ref VpcId
Bastion:
Type: AWS::EC2::Instance
Properties:
DisableApiTermination: true
ImageId: !Ref BastionImageId
InstanceType: t2.nano
KeyName: !Ref BastionKeyName
Monitoring: false
SecurityGroupIds:
- !Ref VpcSecurityGroupId
- !Ref BastionSecurityGroup
UserData: !Base64 'yum install postgresql --assumeyes' # if this script does not work this line broke it
Outputs:
Host:
Value: !GetAtt Cluster.Endpoint.Address
Export:
Name: !Sub ${AWS::StackName}Host
Name:
Value: !Ref DatabaseName
Export:
Name: !Sub ${AWS::StackName}Name
BastionHost:
Value: !GetAtt Bastion.PublicDnsName
Export:
Name: !Sub ${AWS::StackName}BastionHost
BastionIp:
Value: !GetAtt Bastion.PublicIp
Export:
Name: !Sub ${AWS::StackName}BastionIp
BastionSecurityGroupId:
Value: !GetAtt BastionSecurityGroup.GroupId
Export:
Name: !Sub ${AWS::StackName}BastionSecurityGroupId
这个错误看起来是不言自明的。您可以显式传递VPC ID,但也可以显式传递VPC安全组ID和子网组名称。从错误中可以看出,您似乎分别通过了sg-0e71d565ec5decfd9和SUNBET-c2cda1aa,但很明显,安全组和子网组中的子网不是同一VPC的一部分。在您的设置中进行交叉检查 我仔细检查了一下,没有将这些值作为参数传入,我已经用我的VPC和VPCSecurityGroupIDs更新了问题。如果您没有显式地传入子网组名称,那么它将使用RDS在您的帐户中自动创建的默认子网组。默认子网组是在默认vpc中创建的,而不是在指定的vpc中创建的。您能否在您指定的vpc中显式创建子网组并尝试使用它?此外,请转到控制台中的EC2仪表板,转到子网,并从错误消息中找到子网。并检查它属于哪个vpc id。如果它与您在请求中指定的vpc id相同,我会感到惊讶。对此有任何更新吗?我相信这是可以很容易解决的。让我知道你在哪里。