CloudFormation - 用户不拥有网络ACL

时间:2016-12-14 22:19:11

标签: amazon-web-services acl amazon-cloudformation

获取错误'用户XXXXXXXXX不拥有资源nvirgi-acl2-15txjsljshg15'(nvirgi-acl2-15txjsljshg15是创建的acl的名称),下面是我的vpc,subnets,acl和networkacl的云形成JSON 。我如何通过此错误?

"VPC1": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "10.10.0.0/16",
        "InstanceTenancy": "default",
        "EnableDnsSupport": "true",
        "EnableDnsHostnames": "false",
        "Tags": [
          {
            "Key": "Name",
            "Value": "My Dashboard"
          }
        ]
      }
    },
    "subnet1": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock": "172.31.48.0/20",
        "AvailabilityZone": "us-east-2a",
        "VpcId": {
          "Ref": "VPC1"
        }
      }          
    },
    "subnet2": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock": "172.31.0.0/20",
        "AvailabilityZone": "us-east-2b",
        "VpcId": {
          "Ref": "VPC1"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "MyDashboard"
          }
        ]
      }
    },
    "subnet3": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock": "172.31.32.0/20",
        "AvailabilityZone": "us-east-2a",
        "VpcId": {
          "Ref": "VPC1"
        }
      }
    },
 "acl1": {
      "Type": "AWS::EC2::NetworkAclEntry",
      "Properties": {
        "CidrBlock": "0.0.0.0/0",
        "Egress": "true",
        "Protocol": "-1",
        "RuleAction": "allow",
        "RuleNumber": "100",
        "NetworkAclId": {
          "Ref": "NetworkAcl1"
        }
      }
    },
    "acl2": {
      "Type": "AWS::EC2::NetworkAclEntry",
      "Properties": {
        "CidrBlock": "0.0.0.0/0",
        "Protocol": "-1",
        "RuleAction": "allow",
        "RuleNumber": "101",
        "NetworkAclId": {
          "Ref": "NetworkAcl2"
        }
      }
    },
    "acl3": {
      "Type": "AWS::EC2::NetworkAclEntry",
      "Properties": {
        "CidrBlock": "0.0.0.0/0",
        "Egress": "true",
        "Protocol": "-1",
        "RuleAction": "allow",
        "RuleNumber": "102",
        "NetworkAclId": {
          "Ref": "NetworkAcl3"
        }
      }
    },  
    "subnetacl1": {
      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
      "Properties": {
        "NetworkAclId": {
          "Ref": "acl1"
        },
        "SubnetId": {
          "Ref": "subnet1"
        }
      }
    },
    "subnetacl2": {
      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
      "Properties": {
        "NetworkAclId": {
          "Ref": "acl2"
        },
        "SubnetId": {
          "Ref": "subnet2"
        }
      }
    },
    "subnetacl3": {
      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
      "Properties": {
        "NetworkAclId": {
          "Ref": "acl3"
        },
        "SubnetId": {
          "Ref": "subnet3"
        }
      }
    },
"NetworkAcl1": {
      "Type": "AWS::EC2::NetworkAcl",
      "Properties": {
        "VpcId": {
          "Ref": "VPC1"
        }
      }
    },
    "NetworkAcl2": {
      "Type": "AWS::EC2::NetworkAcl",
      "Properties": {
        "VpcId": {
          "Ref": "VPC1"
        }
      }
    },
    "NetworkAcl3": {
      "Type": "AWS::EC2::NetworkAcl",
      "Properties": {
        "VpcId": {
          "Ref": "VPC1"
        }
      }
    }

1 个答案:

答案 0 :(得分:2)

问题是AWS::EC2::SubnetNetworkAclAssociation资源("subnetacl[1-3]")中的NetworkAclId属性必须引用AWS::EC2::NetworkAcl资源("NetworkAcl[1-3]"),而不是{AWS::EC2::NetworkAclEntry 1}}资源("acl[1-3]"),因为它们当前。

相关问题
最新问题