通过cloudformation在2个AWS区域VPC之间建立对等VPC

时间:2019-03-20 06:29:40

标签: amazon-cloudformation amazon-vpc subnet

我正在尝试在两个不同区域之间进行vpc对等。 在这里,我已经创建了资源,现在我只想将其id作为参数传递。在同一区域中,我可以在两个VPC之间进行对等。但是由于route_id不存在,我在两个不同的区域出现错误。

Error logs

我的模板如下:

AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Parameters:
  PeerVPCAccountId:
    Type: String
    Description: "Peer VPC Account ID"
    Default: (Acc_id)
  PeerVPCRegion:
    Type: String
    Description: "Peer Region"
    Default: (region)
  VPC1:
    Description: VPC Id of DataPipeline
    Type: AWS::EC2::VPC::Id
    Default: (vpc_id)
  VPC1CIDRRange:
    Description: The IP address range of DataPipeline VPC.
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: (vpc_range)
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
  VPC1PrivateSubnet1CIDRRange:
    Description: The IP address range for Private Subnet 1 in DataPipeline.
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: (vpc_subnet_range)
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

  VPC1Private1Route:
    Description: RouteTableId of Private Subnet 1 for DataPipeline
    Type: String
    Default: (vpc_subnet_route_id)


  VPC2:
    Description: VPC Id of PII-Isolation Pipeline
    Type: String
    Default: (vpc_id)
  VPC2CIDRRange:
    Description: The IP address range of PII Pipeline VPC.
    Type: String
    MinLength: '9'
    MaxLength: '18'
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: (vpc_range)
  VPC2PrivateSubnet1CIDRRange:
    Description: The IP address range for Private Subnet 1 in PII Pipeline.
    Type: String
    MinLength: '9'
    MaxLength: '18'
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: (vpc_subnet_range)

  VPC2Private1Route:
    Description: RouteTableId of Private Subnet 1 for PII Pipeline
    Type: String
    Default: (vpc_subnet_route_id)

Resources:
  peerRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Principal:
              AWS: !Ref PeerVPCAccountId
            Action:
              - 'sts:AssumeRole'
            Effect: Allow
      Path: /
      Policies:
        - PolicyName: root
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action: 'ec2:AcceptVpcPeeringConnection'
                Resource: '*'

  VPC1Private1PeeringRoute1:
    Type: AWS::EC2::Route
    Properties:
      DestinationCidrBlock:
        Ref: VPC2PrivateSubnet1CIDRRange
      RouteTableId:
        Ref: VPC1Private1Route
      VpcPeeringConnectionId:
        Ref: myVPCPeeringConnection




  VPC2Private1PeeringRoute1:
    Type: AWS::EC2::Route
    Properties:
      DestinationCidrBlock:
        Ref: VPC1PrivateSubnet1CIDRRange
      RouteTableId:
        Ref: VPC2Private1Route
      VpcPeeringConnectionId:
        Ref: myVPCPeeringConnection


  myVPCPeeringConnection:
    Type: AWS::EC2::VPCPeeringConnection
    Properties:
      VpcId:
        Ref: VPC1
      PeerVpcId:
        Ref: VPC2
      PeerOwnerId:
        Ref: PeerVPCAccountId
      PeerRegion:
        Ref: PeerVPCRegion
      PeerRoleArn: !GetAtt
              - peerRole
              - Arn

我已经提供了模板所需的所有内容,仍然显示了此错误。 有人可以帮忙修改它或指出错误吗?

2 个答案:

答案 0 :(得分:0)

CloudFormation仅在特定区域中部署资源。要在不同区域中部署相同的资源,可以使用CloudFormation StackSet。 对于您的方案,id建议使用CloudFormation在一个区域中创建必要的资源,并部署一个lambda,它将在第二个区域中部署资源并执行对等操作-请求,接受和更改RouteTable。 除了Lambda,您还需要部署自定义资源来执行Lambda和Lambda的角色+政策(允许执行的操作)

答案 1 :(得分:0)

Impurshu,我认为对于Cloudformation模板只能应用于单个区域的理解肯定存在一些困惑。但是,Cloudformation堆栈集可以应用于多个区域,我什至找到了一个适用于您的问题VPC Peering across regions

的示例
相关问题
最新问题