1. 首頁
  2. 問答
  3. AWS CloudFormation Internet網關出錯

AWS CloudFormation Internet網關出錯

2017-02-08 51 views
0

CloudFormation初學者在這裏。我一直在研究和開發一個CloudFormation模板,最終將被用作我的團隊開發環境的起點。AWS CloudFormation Internet網關出錯

我一直在網上搜索一些課程和實例,並在我的小試圖中相對成功......直到今晚。

我現在試圖將Internet網關連接到我的VPC,並導致堆棧創建作業失敗並回滾。互聯網網關不會附加,對我來說,我無法確定爲什麼。

我的完整模板在這裏。計劃是創建一個具有2個公共和2個私有子網的VPC。將有一個互聯網網關連接到2個公共子網。這是故障發生的地方。如果我註釋掉Internet網關的創建,則模板成功。在此先感謝您的幫助。

AWSTemplateFormatVersion: '2010-09-09' 

Resources: 
    DevVPC: 
    Type: AWS::EC2::VPC 
    Properties: 
     CidrBlock: 10.0.0.0/16 
     EnableDnsSupport: 'true' 
     EnableDnsHostnames: 'true' 
     InstanceTenancy: default 
    Tags: 
    - Key: Name 
    Value: dev-vpc 

    DevRoute53HostedZone: 
    Type: "AWS::Route53::HostedZone" 
    Properties: 
     HostedZoneConfig: 
     Comment: "aws hosted dev environment" 
     Name: "mydomain.oregon-dev.local" 
     VPCs: 
     - 
      VPCId: !Ref DevVPC 
      VPCRegion: "us-west-2" 

    DevPublicSubnetA: 
Type: AWS::EC2::Subnet 
Properties: 
    VpcId: !Ref DevVPC 
    CidrBlock: 10.0.8.0/25 
    AvailabilityZone: "us-west-2a" 
    Tags: 
    - Key: Name 
    Value: DevPublicSubnetA 

    DevPublicSubnetB: 
     Type: AWS::EC2::Subnet 
     Properties: 
     VpcId: !Ref DevVPC 
     CidrBlock: 10.0.8.128/25 
     AvailabilityZone: "us-west-2b" 
     Tags: 
     - Key: Name 
      Value: DevPublicSubnetB 

    DevPrivateSubnetA: 
    Type: AWS::EC2::Subnet 
    Properties: 
     VpcId: !Ref DevVPC 
     CidrBlock: 10.0.9.0/25 
     AvailabilityZone: "us-west-2a" 
     Tags: 
     - Key: Name 
     Value: DevPrivateSubnetA 

    DevPrivateSubnetB: 
    Type: AWS::EC2::Subnet 
    Properties: 
     VpcId: !Ref DevVPC 
     CidrBlock: 10.0.9.128/25 
     AvailabilityZone: "us-west-2b" 
     Tags: 
     - Key: Name 
     Value: DevPrivateSubnetB 

    RouteTable: 
    Type: AWS::EC2::RouteTable 
    Properties: 
     VpcId: 
     Ref: DevVPC 
     Tags: 
     - Key: Name 
     Value: DevRouteTable 

    DevRoute: 
    Type: AWS::EC2::Route 
    DependsOn: NonProdNATGateway 
    Properties: 
     RouteTableId: 
     Ref: RouteTable 
     DestinationCidrBlock: 0.0.0.0/0 
     GatewayId: 
     Ref: NonProdNATGateway 

    NonProdNATEIP: 
    Type: AWS::EC2::EIP 
    Properties: 
     Domain: vpc 

    NonProdNATGateway: 
    Type: AWS::EC2::NatGateway 
    Properties: 
     AllocationId: !GetAtt NonProdNATEIP.AllocationId 
     SubnetId: !Ref DevPublicSubnetA 
     SubnetId: !Ref DevPublicSubnetB 
    DependsOn: 
     - NonProdNATEIP 
     - DevPublicSubnetA 
     - DevPublicSubnetB 

    NonProdGWVPCAttachment: 
    Type: AWS::EC2::VPCGatewayAttachment 
    Properties: 
     InternetGatewayId: !Ref NonProdNATGateway 
     VpcId: !Ref DevVPC 
    DependsOn: 
     - NonProdNATGateway 

    Route: 
    Type: AWS::EC2::Route 
    Properties: 
     RouteTableId: 
     Ref: RouteTable 
     DestinationCidrBlock: 0.0.0.0/0 
     NatGatewayId: 
     Ref: NonProdNATGateway 

    PrivateRouteTableAssociation: 
    Type: AWS::EC2::SubnetRouteTableAssociation 
    Properties: 
     RouteTableId: !Ref RouteTable 
     SubnetId: !Ref DevPrivateSubnetA 
     SubnetId: !Ref DevPrivateSubnetB 

    PublicRouteTableAssociation: 
    Type: AWS::EC2::SubnetRouteTableAssociation 
    Properties: 
     RouteTableId: !Ref RouteTable 
     SubnetId: !Ref DevPublicSubnetA 
     SubnetId: !Ref DevPublicSubnetB 

Mappings: 
    R53EnvironmentMapping: 
    dev: 
     oregonawslocal: mydomain.oregon-dev.local 

Outputs: 

    DevPublicSubnetA: 
    Description: ID for dev subnet A 
    Value: !Ref DevPublicSubnetA 
    Export: 
     Name: DevPublicSubnetA 

    DevPublicSubnetB: 
    Description: ID for dev subnet B 
    Value: !Ref DevPublicSubnetB 
    Export: 
     Name: DevPublicSubnetB 

    DevPrivateSubnetA: 
    Description: ID for dev subnet A 
    Value: !Ref DevPrivateSubnetA 
    Export: 
     Name: DevPrivateSubnetA 

    DevPrivateSubnetB: 
    Description: ID for dev subnet B 
    Value: !Ref DevPrivateSubnetB 
    Export: 
     Name: DevPrivateSubnetB 

    DevRoute53OregonAWSLocalHostedZone: 
    Description: Hosted zone ID for hosted zone 
    Value: !Ref DevRoute53HostedZone 
    Export: 
     Name: DevRoute53OregonAWSLocalHostedZone 

    DevRoute53OregonAWSLocalHostedZoneName: 
    Description: Hosted zone name for hosted zone 
    Value: !FindInMap [R53EnvironmentMapping, dev, oregonawslocal] 
    Export: 
     Name: DevRoute53OregonAWSLocalHostedZoneName

來源

2017-02-08 8675309

+0

NAT網關和Internet網關不是一回事,但是你有'InternetGatewayId:!Ref NonProdNATGateway'。 –

回答

0

如在comment提到Michael - sqlbot,有一個問題是,你引用了AWS::EC2::VPCGatewayAttachment資源的InternetGatewayId屬性,它需要一個AWS::EC2::InternetGateway資源的AWS::EC2::NATGateway資源。

NAT GatewaysInternet Gateways是兩種不同類型的AWS資源:NAT網關僅提供對出站專用子網的出站Internet訪問,而Internet網關提供對公用子網的雙向Internet訪問。

另一個問題是,您需要兩組單獨的AWS::EC2::RouteTableAWS::EC2::Route資源,一組用於公用子網,另一組用於私有子網。公共路由應該有GatewayId引用Internet網關,並且私有路由應該有NatGatewayId引用NAT網關。

最後,您在幾個資源(NatGateway,SubnetRouteTableAssociation)中有一些無效的重複SubnetId屬性 - 每個這些資源只有一個點接受單個子網ID。

由於您是CloudFormation初學者,我強烈建議您利用參考VPC架構快速入門,利用AWS Quick StartAmazon VPC Architecturetemplate。此AWS支持的模板在每個指定的可用區域(您提供2-4個可用區作爲參數)內創建一個包含公有和私有子網的VPC。您可以稍後自定義此模板,以根據需要更好地滿足您的特定需求,或將其用作配置自己模板資源的參考。

來源

2017-02-08 16:34:08 wjordan

+0

謝謝你們的反饋,當我明天再次潛入這項工作時,它給了我很多幫助。 – 8675309

相關問題

 相關問題