在 2 个 AWS 区域之间进行 VPC 对等,通过 cloudformation 进行 VPC 对等。

问题描述 投票:0回答:1

我正在尝试在两个不同的区域之间进行vpc peering。在这里我已经创建了资源,现在我只想把它们的ID作为参数传递。在同一个区域,我可以在两个VPC之间进行对等。但是我在两个不同的区域收到错误信息,因为route_id不存在。

Error logs

我的模板如下。

AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Parameters:
  PeerVPCAccountId:
    Type: String
    Description: "Peer VPC Account ID"
    Default: (Acc_id)
  PeerVPCRegion:
    Type: String
    Description: "Peer Region"
    Default: (region)
  VPC1:
    Description: VPC Id of DataPipeline
    Type: AWS::EC2::VPC::Id
    Default: (vpc_id)
  VPC1CIDRRange:
    Description: The IP address range of DataPipeline VPC.
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: (vpc_range)
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
  VPC1PrivateSubnet1CIDRRange:
    Description: The IP address range for Private Subnet 1 in DataPipeline.
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: (vpc_subnet_range)
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

  VPC1Private1Route:
    Description: RouteTableId of Private Subnet 1 for DataPipeline
    Type: String
    Default: (vpc_subnet_route_id)


  VPC2:
    Description: VPC Id of PII-Isolation Pipeline
    Type: String
    Default: (vpc_id)
  VPC2CIDRRange:
    Description: The IP address range of PII Pipeline VPC.
    Type: String
    MinLength: '9'
    MaxLength: '18'
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: (vpc_range)
  VPC2PrivateSubnet1CIDRRange:
    Description: The IP address range for Private Subnet 1 in PII Pipeline.
    Type: String
    MinLength: '9'
    MaxLength: '18'
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: (vpc_subnet_range)

  VPC2Private1Route:
    Description: RouteTableId of Private Subnet 1 for PII Pipeline
    Type: String
    Default: (vpc_subnet_route_id)

Resources:
  peerRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Principal:
              AWS: !Ref PeerVPCAccountId
            Action:
              - 'sts:AssumeRole'
            Effect: Allow
      Path: /
      Policies:
        - PolicyName: root
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action: 'ec2:AcceptVpcPeeringConnection'
                Resource: '*'

  VPC1Private1PeeringRoute1:
    Type: AWS::EC2::Route
    Properties:
      DestinationCidrBlock:
        Ref: VPC2PrivateSubnet1CIDRRange
      RouteTableId:
        Ref: VPC1Private1Route
      VpcPeeringConnectionId:
        Ref: myVPCPeeringConnection




  VPC2Private1PeeringRoute1:
    Type: AWS::EC2::Route
    Properties:
      DestinationCidrBlock:
        Ref: VPC1PrivateSubnet1CIDRRange
      RouteTableId:
        Ref: VPC2Private1Route
      VpcPeeringConnectionId:
        Ref: myVPCPeeringConnection


  myVPCPeeringConnection:
    Type: AWS::EC2::VPCPeeringConnection
    Properties:
      VpcId:
        Ref: VPC1
      PeerVpcId:
        Ref: VPC2
      PeerOwnerId:
        Ref: PeerVPCAccountId
      PeerRegion:
        Ref: PeerVPCRegion
      PeerRoleArn: !GetAtt
              - peerRole
              - Arn

我已经给了所有模板想要的东西,但还是显示出这个错误.谁能帮我修改一下或者指出错误?

amazon-cloudformation amazon-vpc subnet
1个回答
0
投票

CloudFormation仅在特定区域内部署资源。要在不同区域部署相同的资源,您可以使用CloudFormation StackSet。关于您的方案,我建议使用CloudFormation在一个区域中创建必要的资源,同时部署一个Lambda,该Lambda将在第二个区域中部署资源并执行对等--请求、接受和改变RouteTable.除了Lambda,您还需要部署一个自定义资源来执行Lambda,并为Lambda部署一个Role+Policy(Lambda将进行的操作的权限)。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.