我正在尝试在两个不同的区域之间进行vpc peering。在这里我已经创建了资源,现在我只想把它们的ID作为参数传递。在同一个区域,我可以在两个VPC之间进行对等。但是我在两个不同的区域收到错误信息,因为route_id不存在。
我的模板如下。
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Parameters:
PeerVPCAccountId:
Type: String
Description: "Peer VPC Account ID"
Default: (Acc_id)
PeerVPCRegion:
Type: String
Description: "Peer Region"
Default: (region)
VPC1:
Description: VPC Id of DataPipeline
Type: AWS::EC2::VPC::Id
Default: (vpc_id)
VPC1CIDRRange:
Description: The IP address range of DataPipeline VPC.
Type: String
MinLength: '9'
MaxLength: '18'
Default: (vpc_range)
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
VPC1PrivateSubnet1CIDRRange:
Description: The IP address range for Private Subnet 1 in DataPipeline.
Type: String
MinLength: '9'
MaxLength: '18'
Default: (vpc_subnet_range)
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
VPC1Private1Route:
Description: RouteTableId of Private Subnet 1 for DataPipeline
Type: String
Default: (vpc_subnet_route_id)
VPC2:
Description: VPC Id of PII-Isolation Pipeline
Type: String
Default: (vpc_id)
VPC2CIDRRange:
Description: The IP address range of PII Pipeline VPC.
Type: String
MinLength: '9'
MaxLength: '18'
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Default: (vpc_range)
VPC2PrivateSubnet1CIDRRange:
Description: The IP address range for Private Subnet 1 in PII Pipeline.
Type: String
MinLength: '9'
MaxLength: '18'
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Default: (vpc_subnet_range)
VPC2Private1Route:
Description: RouteTableId of Private Subnet 1 for PII Pipeline
Type: String
Default: (vpc_subnet_route_id)
Resources:
peerRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Principal:
AWS: !Ref PeerVPCAccountId
Action:
- 'sts:AssumeRole'
Effect: Allow
Path: /
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: 'ec2:AcceptVpcPeeringConnection'
Resource: '*'
VPC1Private1PeeringRoute1:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock:
Ref: VPC2PrivateSubnet1CIDRRange
RouteTableId:
Ref: VPC1Private1Route
VpcPeeringConnectionId:
Ref: myVPCPeeringConnection
VPC2Private1PeeringRoute1:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock:
Ref: VPC1PrivateSubnet1CIDRRange
RouteTableId:
Ref: VPC2Private1Route
VpcPeeringConnectionId:
Ref: myVPCPeeringConnection
myVPCPeeringConnection:
Type: AWS::EC2::VPCPeeringConnection
Properties:
VpcId:
Ref: VPC1
PeerVpcId:
Ref: VPC2
PeerOwnerId:
Ref: PeerVPCAccountId
PeerRegion:
Ref: PeerVPCRegion
PeerRoleArn: !GetAtt
- peerRole
- Arn
我已经给了所有模板想要的东西,但还是显示出这个错误.谁能帮我修改一下或者指出错误?
CloudFormation仅在特定区域内部署资源。要在不同区域部署相同的资源,您可以使用CloudFormation StackSet。关于您的方案,我建议使用CloudFormation在一个区域中创建必要的资源,同时部署一个Lambda,该Lambda将在第二个区域中部署资源并执行对等--请求、接受和改变RouteTable.除了Lambda,您还需要部署一个自定义资源来执行Lambda,并为Lambda部署一个Role+Policy(Lambda将进行的操作的权限)。