找不到vgw的Cloudformation错误,超时

时间:2018-03-31 00:53:07

标签: amazon-cloudformation

以下是创建VPC VPN连接的模板,但它会在尝试查找VGW时保持超时。有人可以帮助修改它或指出错误吗?

AWSTemplateFormatVersion: 2010-09-09
Description: aws vpc-vpn connection for AGERO by ekumar
Outputs:
  PrivateSubnet:
    Description: SubnetId of the VPN connected subnet
    Value: !Ref PrivateSubnet
  VPCId:
    Description: VPCId of the newly created VPC
    Value: !Ref VPC
Parameters:
  OnPremiseCIDR:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: 10.0.0.0/24
    Description: IP Address range for your existing infrastructure
    MaxLength: '18'
    MinLength: '9'
    Type: String
  SubnetCIDR:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: 10.1.0.0/24
    Description: IP Address range for the VPN connected Subnet
    MaxLength: '18'
    MinLength: '9'
    Type: String
  VPCCIDR:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: 10.1.0.0/16
    Description: IP Address range for the VPN connected VPC
    MaxLength: '18'
    MinLength: '9'
    Type: String
  VPNAddress:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})'
    ConstraintDescription: must be a valid IP address of the form x.x.x.x
    Default: 98.216.131.178
    Description: IP Address of your VPN device
    MaxLength: '15'
    MinLength: '7'
    Type: String
Resources:
  CustomerGateway:
    Properties:
      BgpAsn: '65000'
      IpAddress: !Ref VPNAddress
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: VPN
          Value: !Join 
            - ''
            - - 'Gateway to '
              - !Ref VPNAddress
      Type: ipsec.1
    Type: 'AWS::EC2::CustomerGateway'
  InboundPrivateNetworkAclEntry:
    Properties:
      CidrBlock: 0.0.0.0/0
      Egress: 'false'
      NetworkAclId: !Ref PrivateNetworkAcl
      PortRange:
        From: '0'
        To: '65535'
      Protocol: '6'
      RuleAction: allow
      RuleNumber: '100'
    Type: 'AWS::EC2::NetworkAclEntry'
  OutBoundPrivateNetworkAclEntry:
    Properties:
      CidrBlock: 0.0.0.0/0
      Egress: 'true'
      NetworkAclId: !Ref PrivateNetworkAcl
      PortRange:
        From: '0'
        To: '65535'
      Protocol: '6'
      RuleAction: allow
      RuleNumber: '100'
    Type: 'AWS::EC2::NetworkAclEntry'
  PrivateNetworkAcl:
    Properties:
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: Private
      VpcId: !Ref VPC
    Type: 'AWS::EC2::NetworkAcl'
  PrivateRoute:
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref VPNGateway
      RouteTableId: !Ref PrivateRouteTable
    Type: 'AWS::EC2::Route'
    DependsOn: VPNGateway
  PrivateRouteTable:
    Properties:
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: VPN Connected Subnet
      VpcId: !Ref VPC
    Type: 'AWS::EC2::RouteTable'
  PrivateSubnet:
    Properties:
      CidrBlock: !Ref SubnetCIDR
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: VPN Connected Subnet
      VpcId: !Ref VPC
    Type: 'AWS::EC2::Subnet'
  PrivateSubnetNetworkAclAssociation:
    Properties:
      NetworkAclId: !Ref PrivateNetworkAcl
      SubnetId: !Ref PrivateSubnet
    Type: 'AWS::EC2::SubnetNetworkAclAssociation'
  PrivateSubnetRouteTableAssociation:
    Properties:
      RouteTableId: !Ref PrivateRouteTable
      SubnetId: !Ref PrivateSubnet
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
  VPC:
    Properties:
      CidrBlock: !Ref VPCCIDR
      EnableDnsHostnames: 'true'
      EnableDnsSupport: 'true'
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: VPN Connected VPC
    Type: 'AWS::EC2::VPC' 
    DependsOn: VPNConnection
  VPNConnection:
    Properties:
      CustomerGatewayId: !Ref CustomerGateway
      StaticRoutesOnly: 'true'
      Type: ipsec.1
      VpnGatewayId: !Ref VPNGateway
    Type: 'AWS::EC2::VPNConnection'
  VPNConnectionRoute:
    Properties:
      DestinationCidrBlock: !Ref OnPremiseCIDR
      VpnConnectionId: !Ref VPNConnection
    Type: 'AWS::EC2::VPNConnectionRoute'  
  VPNGateway:
    Properties:
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
      Type: ipsec.1
    Type: 'AWS::EC2::VPNGateway'
  VPNGatewayAttachment:
    Properties:
      VpcId: !Ref VPC
      VpnGatewayId: !Ref VPNGateway
    Type: 'AWS::EC2::VPCGatewayAttachment'

返回的错误是:

**20:23:22 UTC-0400 CREATE_FAILED   AWS::EC2::Route PrivateRoute    The gateway ID 'vgw-a359aeca' does not exist**

1 个答案:

答案 0 :(得分:0)

这里的问题是vgw永远不会与您的VPC相关联,因此路由表中的任何关联都会失败,因为vgw根本不存在于您的VPC中。

以下是模板上的一个小修改,等待完成vgwattachment,然后执行其他任务。

AWSTemplateFormatVersion: 2010-09-09
Description: aws vpc-vpn connection for XYZ by ekumar
Outputs:
  PrivateSubnet:
    Description: SubnetId of the VPN connected subnet
    Value: !Ref PrivateSubnet
  VPCId:
    Description: VPCId of the newly created VPC
    Value: !Ref VPC
Parameters:
  OnPremiseCIDR:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: 10.0.0.0/24
    Description: IP Address range for your existing infrastructure
    MaxLength: '18'
    MinLength: '9'
    Type: String
  SubnetCIDR:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: 10.1.0.0/24
    Description: IP Address range for the VPN connected Subnet
    MaxLength: '18'
    MinLength: '9'
    Type: String
  VPCCIDR:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
    Default: 10.1.0.0/16
    Description: IP Address range for the VPN connected VPC
    MaxLength: '18'
    MinLength: '9'
    Type: String
  VPNAddress:
    AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})'
    ConstraintDescription: must be a valid IP address of the form x.x.x.x
    Default: 98.216.131.178
    Description: IP Address of your VPN device
    MaxLength: '15'
    MinLength: '7'
    Type: String
Resources:
  VPC:
    Properties:
      CidrBlock: !Ref VPCCIDR
      EnableDnsHostnames: 'true'
      EnableDnsSupport: 'true'
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: VPN Connected VPC
    Type: 'AWS::EC2::VPC'  
    DependsOn: VPNConnection
  CustomerGateway:
    Properties:
      BgpAsn: '65000'
      IpAddress: !Ref VPNAddress
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: VPN
          Value: !Join 
            - ''
            - - 'Gateway to '
              - !Ref VPNAddress
      Type: ipsec.1
    Type: 'AWS::EC2::CustomerGateway'
  PrivateNetworkAcl:
    Properties:
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: Private
      VpcId: !Ref VPC
    Type: 'AWS::EC2::NetworkAcl'
  InboundPrivateNetworkAclEntry:
    Properties:
      CidrBlock: 0.0.0.0/0
      Egress: 'false'
      NetworkAclId: !Ref PrivateNetworkAcl
      PortRange:
        From: '0'
        To: '65535'
      Protocol: '6'
      RuleAction: allow
      RuleNumber: '100'
    Type: 'AWS::EC2::NetworkAclEntry'
  OutBoundPrivateNetworkAclEntry:
    Properties:
      CidrBlock: 0.0.0.0/0
      Egress: 'true'
      NetworkAclId: !Ref PrivateNetworkAcl
      PortRange:
        From: '0'
        To: '65535'
      Protocol: '6'
      RuleAction: allow
      RuleNumber: '100'
    Type: 'AWS::EC2::NetworkAclEntry'
  VPNConnection:
    Properties:
      CustomerGatewayId: !Ref CustomerGateway
      StaticRoutesOnly: 'true'
      Type: ipsec.1
      VpnGatewayId: !Ref VPNGateway
    Type: 'AWS::EC2::VPNConnection'
  VPNConnectionRoute:
    Properties:
      DestinationCidrBlock: !Ref OnPremiseCIDR
      VpnConnectionId: !Ref VPNConnection
    Type: 'AWS::EC2::VPNConnectionRoute'  
  VPNGateway:
    Properties:
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
      Type: ipsec.1
    Type: 'AWS::EC2::VPNGateway'
  VPNGatewayAttachment:
    Properties:
      VpcId: !Ref VPC
      VpnGatewayId: !Ref VPNGateway
    Type: 'AWS::EC2::VPCGatewayAttachment'
  PrivateRoute:
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref VPNGateway
      RouteTableId: !Ref PrivateRouteTable
    Type: 'AWS::EC2::Route'
    DependsOn: VPNGateway
  PrivateRouteTable:
    Properties:
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: VPN Connected Subnet
      VpcId: !Ref VPC
    Type: 'AWS::EC2::RouteTable'
    DependsOn: VPNGatewayAttachment
  PrivateSubnet:
    Properties:
      CidrBlock: !Ref SubnetCIDR
      Tags:
        - Key: Application
          Value: !Ref 'AWS::StackName'
        - Key: Network
          Value: VPN Connected Subnet
      VpcId: !Ref VPC
    Type: 'AWS::EC2::Subnet'
  PrivateSubnetNetworkAclAssociation:
    Properties:
      NetworkAclId: !Ref PrivateNetworkAcl
      SubnetId: !Ref PrivateSubnet
    Type: 'AWS::EC2::SubnetNetworkAclAssociation'
  PrivateSubnetRouteTableAssociation:
    Properties:
      RouteTableId: !Ref PrivateRouteTable
      SubnetId: !Ref PrivateSubnet
    Type: 'AWS::EC2::SubnetRouteTableAssociation'

另外为了便于阅读,请在结尾处保留输出部分。并记下需要创建资源的顺序。

P.S。 :不要将公司名称置于问题中:)