AWS和CloudFormation:如何将虚拟专用网关附加到路由表?

时间:2020-05-29 10:46:16

标签: amazon-web-services amazon-cloudformation

我正在尝试使用CloudFormation将虚拟专用网关附加到路由表

以下是我拥有的路线表JSON ... 

 "PrivateRouteTable": {
            "Type": "AWS::EC2::RouteTable",
            "Properties": {
                "VpcId": {
                    "Ref": "VPC"
                },
                "Tags": [{
                    "Key": "Name",
                    "Value": "Private_RouteTable-AZ-A"
                }]
            }
        },
        "DefaultPrivateRoute": {
            "Type": "AWS::EC2::Route",
            "Properties": {
                "RouteTableId": {
                    "Ref": "PrivateRouteTable"
                },
                "DestinationCidrBlock": "0.0.0.0/0",
                "NatGatewayId": {
                    "Ref": "NatGateway"
                }
            }
        },
        "PrivateSubnetRouteTableAssociation": {
            "Type": "AWS::EC2::SubnetRouteTableAssociation",
            "Properties": {
                "RouteTableId": {
                    "Ref": "PrivateRouteTable"
                },
                "SubnetId": {
                    "Ref": "PrivateSN"
                }
            }
        }

这是我拥有的虚拟专用网关JSON。

"VirtualPrivateGateway": {
            "Type": "AWS::EC2::VPNGateway",
            "Properties": {
                "Type": "ipsec.1",
                "Tags": [{
                    "Key": "Name",
                    "Value": "Virtual Private Gateway"
                }]
            }
        },
        "AttachmentVPNGateway": {
            "Type": "AWS::EC2::VPCGatewayAttachment",
            "Properties": {
                "VpcId": {
                    "Ref": "VPC"
                },
                "VpnGatewayId": {
                    "Ref": "VirtualPrivateGateway"
                }
            }
        },
        "VPNConnection": {
            "Type": "AWS::EC2::VPNConnection",
            "Properties": {
                "Type": "ipsec.1",
                "CustomerGatewayId": {
                    "Ref": "CustomerGateway"
                },
                "StaticRoutesOnly": true,
                "Tags": [{
                    "Key": "Name",
                    "Value": "VPN_Connection"
                }],
                "VpnGatewayId": {
                    "Ref": "VirtualPrivateGateway"
                }
            }
        }

还有更多创建VPC,子网等的内容,但为简单起见,我将其省略。 如果我尝试使用以下JSON将VPG附加到Route表,则会发生错误... 

        "VPGPrivateRoute": {
            "Type": "AWS::EC2::Route",
            "Properties": {
                "RouteTableId": {
                    "Ref": "PrivateRouteTable"
                },
                "DestinationCidrBlock": "0.0.0.0/0",
                "GatewayId": {
                    "Ref": "VirtualPrivateGateway"
                }
            }
        }

我从CloudFormation收到的错误... 

The gateway ID 'vgw-xxxxxxxxxxx' does not exist (Service: AmazonEC2; Status Code: 400; Error Code: InvalidGatewayID.NotFound; Request ID: e29700b2-2d76-4e19-9d13-b6f84e22b01c)

文档确实说我应该使用“ GatewayId”将VPG关联到路由表。

1 个答案:

答案 0 :(得分:1)

我认为路由表上应该有DependsOn

VPN网关路由传播取决于,如果您具有VPN网关,则取决于VPC网关附件。

以下内容可能会有所帮助:

    "VPGPrivateRoute": {
        "Type": "AWS::EC2::Route",
        "DependsOn" : "AttachmentVPNGateway",
        "Properties": {
            "RouteTableId": {
                "Ref": "PrivateRouteTable"
            },
            "DestinationCidrBlock": "0.0.0.0/0",
            "GatewayId": {
                "Ref": "VirtualPrivateGateway"
            }
        }
    }
相关问题
最新问题