Amazon web services 使用Internet网关的AWS云信息错误
这里是初学者。我一直在研究并致力于开发一个CloudFormation模板,该模板最终将用作我的团队开发环境的起点 我一直在网上通过一些课程和例子零零碎碎地学习,在我的小尝试中取得了相对成功。。。直到今晚 我现在尝试将Internet网关连接到我的VPC,这会导致堆栈创建作业失败并回滚。互联网网关不会连接,就我个人而言,我无法确定原因 我的完整模板在这里。计划创建一个具有2个公共子网和2个私有子网的专有网络。将有一个互联网网关连接到2个公共子网。这就是失败的原因。如果我注释掉Internet网关创建,则模板成功。提前感谢你的帮助Amazon web services 使用Internet网关的AWS云信息错误,amazon-web-services,amazon-cloudformation,Amazon Web Services,Amazon Cloudformation,这里是初学者。我一直在研究并致力于开发一个CloudFormation模板,该模板最终将用作我的团队开发环境的起点 我一直在网上通过一些课程和例子零零碎碎地学习,在我的小尝试中取得了相对成功。。。直到今晚 我现在尝试将Internet网关连接到我的VPC,这会导致堆栈创建作业失败并回滚。互联网网关不会连接,就我个人而言,我无法确定原因 我的完整模板在这里。计划创建一个具有2个公共子网和2个私有子网的专有网络。将有一个互联网网关连接到2个公共子网。这就是失败的原因。如果我注释掉Internet网关
AWSTemplateFormatVersion: '2010-09-09'
Resources:
DevVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
InstanceTenancy: default
Tags:
- Key: Name
Value: dev-vpc
DevRoute53HostedZone:
Type: "AWS::Route53::HostedZone"
Properties:
HostedZoneConfig:
Comment: "aws hosted dev environment"
Name: "mydomain.oregon-dev.local"
VPCs:
-
VPCId: !Ref DevVPC
VPCRegion: "us-west-2"
DevPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref DevVPC
CidrBlock: 10.0.8.0/25
AvailabilityZone: "us-west-2a"
Tags:
- Key: Name
Value: DevPublicSubnetA
DevPublicSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref DevVPC
CidrBlock: 10.0.8.128/25
AvailabilityZone: "us-west-2b"
Tags:
- Key: Name
Value: DevPublicSubnetB
DevPrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref DevVPC
CidrBlock: 10.0.9.0/25
AvailabilityZone: "us-west-2a"
Tags:
- Key: Name
Value: DevPrivateSubnetA
DevPrivateSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref DevVPC
CidrBlock: 10.0.9.128/25
AvailabilityZone: "us-west-2b"
Tags:
- Key: Name
Value: DevPrivateSubnetB
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: DevVPC
Tags:
- Key: Name
Value: DevRouteTable
DevRoute:
Type: AWS::EC2::Route
DependsOn: NonProdNATGateway
Properties:
RouteTableId:
Ref: RouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: NonProdNATGateway
NonProdNATEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
NonProdNATGateway:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NonProdNATEIP.AllocationId
SubnetId: !Ref DevPublicSubnetA
SubnetId: !Ref DevPublicSubnetB
DependsOn:
- NonProdNATEIP
- DevPublicSubnetA
- DevPublicSubnetB
NonProdGWVPCAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref NonProdNATGateway
VpcId: !Ref DevVPC
DependsOn:
- NonProdNATGateway
Route:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: RouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: NonProdNATGateway
PrivateRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref DevPrivateSubnetA
SubnetId: !Ref DevPrivateSubnetB
PublicRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref DevPublicSubnetA
SubnetId: !Ref DevPublicSubnetB
Mappings:
R53EnvironmentMapping:
dev:
oregonawslocal: mydomain.oregon-dev.local
Outputs:
DevPublicSubnetA:
Description: ID for dev subnet A
Value: !Ref DevPublicSubnetA
Export:
Name: DevPublicSubnetA
DevPublicSubnetB:
Description: ID for dev subnet B
Value: !Ref DevPublicSubnetB
Export:
Name: DevPublicSubnetB
DevPrivateSubnetA:
Description: ID for dev subnet A
Value: !Ref DevPrivateSubnetA
Export:
Name: DevPrivateSubnetA
DevPrivateSubnetB:
Description: ID for dev subnet B
Value: !Ref DevPrivateSubnetB
Export:
Name: DevPrivateSubnetB
DevRoute53OregonAWSLocalHostedZone:
Description: Hosted zone ID for hosted zone
Value: !Ref DevRoute53HostedZone
Export:
Name: DevRoute53OregonAWSLocalHostedZone
DevRoute53OregonAWSLocalHostedZoneName:
Description: Hosted zone name for hosted zone
Value: !FindInMap [R53EnvironmentMapping, dev, oregonawslocal]
Export:
Name: DevRoute53OregonAWSLocalHostedZoneName
如中所述,一个问题是您正在引用资源属性中的资源,这需要一个资源
和是两种不同类型的AWS资源—NAT网关只提供对专用子网的出站Internet访问,而Internet网关提供对公用子网的双向Internet访问
另一个问题是,您需要两组独立的和资源,一组用于公共子网,另一组用于私有子网。公共路由应具有对Internet网关的引用,而私有路由应具有对NAT网关的引用
最后,在多个资源(NatGateway
,SubnetRouteTableAssociation
)中存在一些无效的重复子网ID
属性-这些资源中的每个点仅接受一个子网ID
由于您是一名CloudFormation初学者,我强烈建议利用的快速入门参考VPC架构。此AWS支持的模板在每个指定的可用性区域(您提供2-4个可用性区域作为参数)内创建一个包含公共和私有子网的VPC。如有必要,您可以稍后自定义此模板以更好地满足您的特定需要,或将其用作配置您自己模板资源的参考。NAT网关与Internet网关不同,但您有
InternetGatewayId:!Ref NonProdNATGateway
。感谢你们的反馈,当我明天再次投入这项工作时,这给了我很多工作要做。