如何通过 Cloudformation 将弹性 IP 附加到 Nat 网关
Posted
技术标签:
【中文标题】如何通过 Cloudformation 将弹性 IP 附加到 Nat 网关【英文标题】:How to Attach Elastic IP to NatGateway via Cloud Formation 【发布时间】:2021-05-13 19:33:51 【问题描述】:我正在尝试学习 Aws cloud Formation,我正在尝试创建 VPC,如图所示。它包含三个公共子网,私有子网,natgateway 和 Internetgateway 以及公共和私有路由表。我正在尝试通过云形成来实现它,但获得弹性 IP 异常。 我已经创建了模板,但是当我尝试在云形成上创建堆栈时出现错误
"The elastic-ip ID 'xx.xxx.xx.xxx' is malformed (Service: AmazonEC2; Status Code: 400; Error Code: InvalidElasticIpID.Malformed; Request ID: 2e3a9f8c-5a7e-482e-869c-8a0e46a08f27; Proxy: null)"
。我正在尝试将弹性 IP 附加到 NatGateway 并解决错误。请指导我如何做到这一点。
"AWSTemplateFormatVersion": "2010-09-09",
"Resources":
"ExampleEc2Instance":
"Type": "AWS::EC2::Instance",
"Properties":
"InstanceType": "t2.micro",
"ImageId" : "ami-047a51fa27710816e",
"AvailabilityZone" : "us-east-1a",
"SecurityGroupIds" : [
"Ref":"ExampleSecurityGroup"
],
"SubnetId" :
"Ref":"public2A"
,"ExampleEc2InstancePrivate":
"Type": "AWS::EC2::Instance",
"Properties":
"InstanceType": "t2.micro",
"ImageId" : "ami-047a51fa27710816e",
"AvailabilityZone" : "us-east-1a",
"SecurityGroupIds" : [
"Ref":"ExampleSecurityGroup"
],
"SubnetId" :
"Ref":"private2A"
,
"public2A":
"Type" : "AWS::EC2::Subnet",
"Properties":
"AvailabilityZone" : "us-east-1a",
"CidrBlock" : "10.0.2.0/24",
"Tags" : ["Key" : "public2A", "Value" : "public2A"],
"VpcId" :
"Ref":"ExampleVpcId"
,"public2B":
"Type" : "AWS::EC2::Subnet",
"Properties":
"AvailabilityZone" : "us-east-1a",
"CidrBlock" : "10.0.3.0/24",
"Tags" : ["Key" : "public2B", "Value" : "public2B"],
"VpcId" :
"Ref":"ExampleVpcId"
,
"public2C":
"Type" : "AWS::EC2::Subnet",
"Properties":
"AvailabilityZone" : "us-east-1a",
"CidrBlock" : "10.0.1.0/24",
"Tags" : ["Key" : "public2C", "Value" : "public2C"],
"VpcId" :
"Ref":"ExampleVpcId"
,"private2A":
"Type" : "AWS::EC2::Subnet",
"Properties":
"AvailabilityZone" : "us-east-1a",
"CidrBlock" : "10.0.5.0/24",
"Tags" : ["Key" : "private2A", "Value" : "private2A"],
"VpcId" :
"Ref":"ExampleVpcId"
,"private2B":
"Type" : "AWS::EC2::Subnet",
"Properties":
"AvailabilityZone" : "us-east-1a",
"CidrBlock" : "10.0.6.0/24",
"Tags" : ["Key" : "private2B", "Value" : "private2B"],
"VpcId" :
"Ref":"ExampleVpcId"
,
"private2C":
"Type" : "AWS::EC2::Subnet",
"Properties":
"AvailabilityZone" : "us-east-1a",
"CidrBlock" : "10.0.7.0/24",
"Tags" : ["Key" : "private2C", "Value" : "private2C"],
"VpcId" :
"Ref":"ExampleVpcId"
,
"privateRT":
"Type" : "AWS::EC2::RouteTable",
"Properties" :
"Tags" : ["Key" : "privateRT", "Value" : "privateRT"],
"VpcId" :
"Ref":"ExampleVpcId"
,
"publicRT":
"Type" : "AWS::EC2::RouteTable",
"Properties" :
"Tags" : ["Key" : "publicRT", "Value" : "publicRT"],
"VpcId" :
"Ref":"ExampleVpcId"
,
"public2ARouteTableAssociation" :
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" :
"SubnetId" : "Ref" : "public2A" ,
"RouteTableId" : "Ref" : "publicRT"
,
"public2BRouteTableAssociation" :
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" :
"SubnetId" : "Ref" : "public2B" ,
"RouteTableId" : "Ref" : "publicRT"
,
"public2CRouteTableAssociation" :
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" :
"SubnetId" : "Ref" : "public2C" ,
"RouteTableId" : "Ref" : "publicRT"
,
"private2ARouteTableAssociation" :
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" :
"SubnetId" : "Ref" : "private2A" ,
"RouteTableId" : "Ref" : "privateRT"
,
"private2BRouteTableAssociation" :
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" :
"SubnetId" : "Ref" : "private2B" ,
"RouteTableId" : "Ref" : "privateRT"
,
"private2CRouteTableAssociation" :
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" :
"SubnetId" : "Ref" : "private2C" ,
"RouteTableId" : "Ref" : "privateRT"
,
"myVpcInternetGateWay":
"Type" : "AWS::EC2::InternetGateway",
"Properties" :
"Tags" : ["Key" : "myVpcInternetGateWay", "Value" : "myVpcInternetGateWay"]
,
"myVpcInternetGateWayRoute":
"Type" : "AWS::EC2::Route",
"Properties" :
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : "Ref":"myVpcInternetGateWay",
"RouteTableId" : "Ref":"publicRT"
,
"myVpcInternetGateWayAttachement":
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" :
"InternetGatewayId" : "Ref":"myVpcInternetGateWay",
"VpcId" : "Ref":"ExampleVpcId"
,
"myNatGateWay":
"Type" : "AWS::EC2::NatGateway",
"Properties" :
"AllocationId" : "Ref":"myElasticIP",
"SubnetId" :"Ref":"public2A",
"Tags" : ["Key" : "myNatGateWay", "Value" : "myNatGateWay"]
,"myVpcNatGatWayRoute":
"Type" : "AWS::EC2::Route",
"Properties" :
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : "Ref":"myNatGateWay",
"RouteTableId" : "Ref":"privateRT"
,
"myElasticIP":
"Type" : "AWS::EC2::EIP",
"Properties" :
"Domain" : "VPC",
"Tags" : ["Key" : "myElasticIP", "Value" : "myElasticIP"]
,
"ExampleSecurityGroup":
"Type":"AWS::EC2::SecurityGroup",
"Properties" :
"GroupDescription" : "Allow http to client host",
"GroupName" : "templateSecuritygrp",
"Tags" : [ "Key" : "securityGroup", "Value" : "cloudformationSecurityGroup" ],
"VpcId" :
"Ref":"ExampleVpcId"
,
"ExampleSecurityGroupEgress" :
"Type":"AWS::EC2::SecurityGroupEgress",
"Properties":
"IpProtocol":"-1",
"FromPort":"-1",
"ToPort":"-1",
"DestinationSecurityGroupId":
"Ref":"ExampleSecurityGroup"
,
"GroupId":
"Ref":"ExampleSecurityGroup"
,
"ExampleSecurityGroupIngress" :
"Type":"AWS::EC2::SecurityGroupIngress",
"Properties":
"IpProtocol":"-1",
"FromPort":"-1",
"ToPort":"-1",
"SourceSecurityGroupId":
"Ref":"ExampleSecurityGroup"
,
"GroupId":
"Ref":"ExampleSecurityGroup"
,
"ExampleVpcId":
"Type":"AWS::EC2::VPC",
"Properties" :
"CidrBlock" : "10.0.0.0/16",
"EnableDnsSupport" : "false",
"EnableDnsHostnames" : "false",
"InstanceTenancy" : "default",
"Tags" : [ "Key" : "tmpltVPC", "Value" : "firstVpc"]
【问题讨论】:
嗨。我还注意到您有很多问题的答案,但没有一个答案被接受。接受有用的答案不仅是一种好习惯,而且还可以减少重复问题的数量,对未来的读者有所帮助,并将您的问题从 unanswered 列表中删除。 对不起,我不知道我需要接受答案。今后我会接受答案。 谢谢。这有帮助。您可以查看您的history 并查看可能被接受的答案。 顺便问一下,我为这个问题提供的答案如何。您没有评论它是否有效,也没有被接受,因此不清楚它是否解决了您的问题? 【参考方案1】:在您的myNatGateWay 中,您应该使用GetAtt 来获取AllocationId:
"myNatGateWay":
"Type" : "AWS::EC2::NatGateway",
"Properties" :
"AllocationId" : "Fn::GetAtt" : ["myElasticIP", "AllocationId"],
"SubnetId" :"Ref":"public2A",
"Tags" : ["Key" : "myNatGateWay", "Value" : "myNatGateWay"]
您还需要在 EIP 中使用DependsOn:
"myElasticIP":
"Type" : "AWS::EC2::EIP",
"DependsOn":["myVpcInternetGateWayAttachement"] ,
"Properties" :
"Domain" : "VPC",
"Tags" : ["Key" : "myElasticIP", "Value" : "myElasticIP"]
最后myVpcNatGatWayRoute应该是:
"myVpcNatGatWayRoute":
"Type" : "AWS::EC2::Route",
"Properties" :
"DestinationCidrBlock" : "0.0.0.0/0",
"NatGatewayId" : "Ref":"myNatGateWay",
"RouteTableId" : "Ref":"privateRT"
【讨论】:
谢谢马尔辛。我不知道依赖和 getAttn 函数。它起作用了 你有什么好的资源可以让我找到更多的实践实践吗? @Jordan 遗憾的是,我没有任何单一的参考可推荐。但是 AWS 文档有很好的 beginners 教程。这将是一个好的开始。以上是关于如何通过 Cloudformation 将弹性 IP 附加到 Nat 网关的主要内容,如果未能解决你的问题,请参考以下文章
无法在 cloudformation 中使用 https 设置我的弹性负载均衡器
Terraform 资源弹性负载均衡器 - 减少 ConnectionDrainingPolicy 超时
如何在 Cloudformation 模板中将 EIP 分配给 VPC 的 Autoscaling Group
如何使用 cloudformation 模板为不同的 elasticbeanstalk 应用环境使用相同的应用负载均衡器?