如何通过 Cloudformation 将弹性 IP 附加到 Nat 网关

Posted

技术标签:

【中文标题】如何通过 Cloudformation 将弹性 IP 附加到 Nat 网关【英文标题】:How to Attach Elastic IP to NatGateway via Cloud Formation 【发布时间】:2021-05-13 19:33:51 【问题描述】:

我正在尝试学习 Aws cloud Formation,我正在尝试创建 VPC,如图所示。它包含三个公共子网,私有子网,natgateway 和 Internetgateway 以及公共和私有路由表。我正在尝试通过云形成来实现它,但获得弹性 IP 异常。 我已经创建了模板,但是当我尝试在云形成上创建堆栈时出现错误

"The elastic-ip ID 'xx.xxx.xx.xxx' is malformed (Service: AmazonEC2; Status Code: 400; Error Code: InvalidElasticIpID.Malformed; Request ID: 2e3a9f8c-5a7e-482e-869c-8a0e46a08f27; Proxy: null)"

。我正在尝试将弹性 IP 附加到 NatGateway 并解决错误。请指导我如何做到这一点。




  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": 
    "ExampleEc2Instance": 
      "Type": "AWS::EC2::Instance",
      "Properties": 
        "InstanceType": "t2.micro",
        "ImageId" : "ami-047a51fa27710816e",
        "AvailabilityZone" : "us-east-1a",
        "SecurityGroupIds" : [
           "Ref":"ExampleSecurityGroup"
        ],
        "SubnetId" : 
           "Ref":"public2A"
        
      
    ,"ExampleEc2InstancePrivate": 
      "Type": "AWS::EC2::Instance",
      "Properties": 
        "InstanceType": "t2.micro",
        "ImageId" : "ami-047a51fa27710816e",
        "AvailabilityZone" : "us-east-1a",
        "SecurityGroupIds" : [
           "Ref":"ExampleSecurityGroup"
        ],
        "SubnetId" : 
           "Ref":"private2A"
        
      
    ,
    "public2A":
      "Type" : "AWS::EC2::Subnet",
      "Properties":
       "AvailabilityZone" : "us-east-1a",
       "CidrBlock" : "10.0.2.0/24",
       "Tags" : ["Key" : "public2A", "Value" : "public2A"],
       "VpcId" : 
        "Ref":"ExampleVpcId"
       
      
    ,"public2B":
      "Type" : "AWS::EC2::Subnet",
      "Properties":
       "AvailabilityZone" : "us-east-1a",
       "CidrBlock" : "10.0.3.0/24",
       "Tags" : ["Key" : "public2B", "Value" : "public2B"],
       "VpcId" : 
        "Ref":"ExampleVpcId"
       
      
    ,
    "public2C":
      "Type" : "AWS::EC2::Subnet",
      "Properties":
       "AvailabilityZone" : "us-east-1a",
       "CidrBlock" : "10.0.1.0/24",
       "Tags" : ["Key" : "public2C", "Value" : "public2C"],
       "VpcId" : 
        "Ref":"ExampleVpcId"
       
      
    ,"private2A":
      "Type" : "AWS::EC2::Subnet",
      "Properties":
       "AvailabilityZone" : "us-east-1a",
       "CidrBlock" : "10.0.5.0/24",
       "Tags" : ["Key" : "private2A", "Value" : "private2A"],
       "VpcId" : 
        "Ref":"ExampleVpcId"
       
      
    ,"private2B":
      "Type" : "AWS::EC2::Subnet",
      "Properties":
       "AvailabilityZone" : "us-east-1a",
       "CidrBlock" : "10.0.6.0/24",
       "Tags" : ["Key" : "private2B", "Value" : "private2B"],
       "VpcId" : 
        "Ref":"ExampleVpcId"
       
      
    ,
    "private2C":
      "Type" : "AWS::EC2::Subnet",
      "Properties":
       "AvailabilityZone" : "us-east-1a",
       "CidrBlock" : "10.0.7.0/24",
       "Tags" : ["Key" : "private2C", "Value" : "private2C"],
       "VpcId" : 
        "Ref":"ExampleVpcId"
       
      
    ,
    "privateRT":
      "Type" : "AWS::EC2::RouteTable",
      "Properties" : 
          "Tags" : ["Key" : "privateRT", "Value" : "privateRT"],
          "VpcId" : 
            "Ref":"ExampleVpcId"
            
        
    ,
    "publicRT":
      "Type" : "AWS::EC2::RouteTable",
      "Properties" : 
          "Tags" : ["Key" : "publicRT", "Value" : "publicRT"],
          "VpcId" : 
            "Ref":"ExampleVpcId"
            
        
    ,
    "public2ARouteTableAssociation" : 
       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
       "Properties" : 
          "SubnetId" :  "Ref" : "public2A" ,
          "RouteTableId" :  "Ref" : "publicRT" 
           
    ,
    "public2BRouteTableAssociation" : 
       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
       "Properties" : 
          "SubnetId" :  "Ref" : "public2B" ,
          "RouteTableId" :  "Ref" : "publicRT" 
           
    ,
    "public2CRouteTableAssociation" : 
       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
       "Properties" : 
          "SubnetId" :  "Ref" : "public2C" ,
          "RouteTableId" :  "Ref" : "publicRT" 
           
    ,
    "private2ARouteTableAssociation" : 
       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
       "Properties" : 
          "SubnetId" :  "Ref" : "private2A" ,
          "RouteTableId" :  "Ref" : "privateRT" 
           
    ,
    "private2BRouteTableAssociation" : 
       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
       "Properties" : 
          "SubnetId" :  "Ref" : "private2B" ,
          "RouteTableId" :  "Ref" : "privateRT" 
           
    ,
    "private2CRouteTableAssociation" : 
       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
       "Properties" : 
          "SubnetId" :  "Ref" : "private2C" ,
          "RouteTableId" :  "Ref" : "privateRT" 
           
    ,
    "myVpcInternetGateWay":
        "Type" : "AWS::EC2::InternetGateway",
        "Properties" : 
            "Tags" : ["Key" : "myVpcInternetGateWay", "Value" : "myVpcInternetGateWay"]
         
    ,
    "myVpcInternetGateWayRoute":
        "Type" : "AWS::EC2::Route",
            "Properties" : 
              "DestinationCidrBlock" : "0.0.0.0/0",
              "GatewayId" : "Ref":"myVpcInternetGateWay",
              "RouteTableId" : "Ref":"publicRT"
            
    ,
    "myVpcInternetGateWayAttachement":
        "Type" : "AWS::EC2::VPCGatewayAttachment",
        "Properties" : 
            "InternetGatewayId" : "Ref":"myVpcInternetGateWay",
            "VpcId" : "Ref":"ExampleVpcId"
         
    ,
    "myNatGateWay":
        "Type" : "AWS::EC2::NatGateway",
        "Properties" : 
             "AllocationId" : "Ref":"myElasticIP",
             "SubnetId" :"Ref":"public2A",
             "Tags" : ["Key" : "myNatGateWay", "Value" : "myNatGateWay"]
        
    ,"myVpcNatGatWayRoute":
        "Type" : "AWS::EC2::Route",
            "Properties" : 
              "DestinationCidrBlock" : "0.0.0.0/0",
              "GatewayId" : "Ref":"myNatGateWay",
              "RouteTableId" : "Ref":"privateRT"
            
    ,
    "myElasticIP":
        "Type" : "AWS::EC2::EIP",
        "Properties" : 
              "Domain" : "VPC",
              "Tags" : ["Key" : "myElasticIP", "Value" : "myElasticIP"]
         
    ,
    "ExampleSecurityGroup":
       "Type":"AWS::EC2::SecurityGroup",
       "Properties" : 
          "GroupDescription" : "Allow http to client host",
          "GroupName" : "templateSecuritygrp",
          "Tags" : [ "Key" : "securityGroup", "Value" : "cloudformationSecurityGroup" ],
          "VpcId" :  
                "Ref":"ExampleVpcId"
            
        
    ,
    "ExampleSecurityGroupEgress" : 
        "Type":"AWS::EC2::SecurityGroupEgress",
        "Properties":
                "IpProtocol":"-1",
                "FromPort":"-1",
                "ToPort":"-1",
                "DestinationSecurityGroupId":
                   "Ref":"ExampleSecurityGroup"
                ,
                "GroupId":
                   "Ref":"ExampleSecurityGroup"
                
             
         ,
    "ExampleSecurityGroupIngress" :
         "Type":"AWS::EC2::SecurityGroupIngress",
         "Properties":
                "IpProtocol":"-1",
                "FromPort":"-1",
                "ToPort":"-1",
                "SourceSecurityGroupId":
                   "Ref":"ExampleSecurityGroup"
                ,
                "GroupId":
                   "Ref":"ExampleSecurityGroup"
                
            
         ,
    "ExampleVpcId":
       "Type":"AWS::EC2::VPC",
       "Properties" : 
          "CidrBlock" : "10.0.0.0/16",
          "EnableDnsSupport" : "false",
          "EnableDnsHostnames" : "false",
          "InstanceTenancy" : "default",
          "Tags" : [ "Key" : "tmpltVPC", "Value" : "firstVpc"]
       
    
  

【问题讨论】:

嗨。我还注意到您有很多问题的答案,但没有一个答案被接受。接受有用的答案不仅是一种好习惯,而且还可以减少重复问题的数量,对未来的读者有所帮助,并将您的问题从 unanswered 列表中删除。 对不起,我不知道我需要接受答案。今后我会接受答案。 谢谢。这有帮助。您可以查看您的history 并查看可能被接受的答案。 顺便问一下,我为这个问题提供的答案如何。您没有评论它是否有效,也没有被接受,因此不清楚它是否解决了您的问题? 【参考方案1】:

在您的myNatGateWay 中,您应该使用GetAtt 来获取AllocationId

    "myNatGateWay":
        "Type" : "AWS::EC2::NatGateway",
        "Properties" : 
             "AllocationId" :  "Fn::GetAtt" : ["myElasticIP", "AllocationId"],
             "SubnetId" :"Ref":"public2A",
             "Tags" : ["Key" : "myNatGateWay", "Value" : "myNatGateWay"]
        
    

您还需要在 EIP 中使用DependsOn:

    "myElasticIP":
        "Type" : "AWS::EC2::EIP",
        "DependsOn":["myVpcInternetGateWayAttachement"] ,
        "Properties" : 
              "Domain" : "VPC",
              "Tags" : ["Key" : "myElasticIP", "Value" : "myElasticIP"]
         
    

最后myVpcNatGatWayRoute应该是:

"myVpcNatGatWayRoute":
        "Type" : "AWS::EC2::Route",
            "Properties" : 
              "DestinationCidrBlock" : "0.0.0.0/0",
              "NatGatewayId" : "Ref":"myNatGateWay",
              "RouteTableId" : "Ref":"privateRT"
            
    

【讨论】:

谢谢马尔辛。我不知道依赖和 getAttn 函数。它起作用了 你有什么好的资源可以让我找到更多的实践实践吗? @Jordan 遗憾的是,我没有任何单一的参考可推荐。但是 AWS 文档有很好的 beginners 教程。这将是一个好的开始。

以上是关于如何通过 Cloudformation 将弹性 IP 附加到 Nat 网关的主要内容,如果未能解决你的问题,请参考以下文章

aws cloudformation 弹性搜索堆栈

无法在 cloudformation 中使用 https 设置我的弹性负载均衡器

云形成的弹性豆茎上的 SSL 证书

Terraform 资源弹性负载均衡器 - 减少 ConnectionDrainingPolicy 超时

如何在 Cloudformation 模板中将 EIP 分配给 VPC 的 Autoscaling Group

如何使用 cloudformation 模板为不同的 elasticbeanstalk 应用环境使用相同的应用负载均衡器?