以下是创建VPC VPN连接的模板,但它会在尝试查找VGW时保持超时。有人可以帮助修改它或指出错误吗?
AWSTemplateFormatVersion: 2010-09-09
Description: aws vpc-vpn connection for AGERO by ekumar
Outputs:
PrivateSubnet:
Description: SubnetId of the VPN connected subnet
Value: !Ref PrivateSubnet
VPCId:
Description: VPCId of the newly created VPC
Value: !Ref VPC
Parameters:
OnPremiseCIDR:
AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Default: 10.0.0.0/24
Description: IP Address range for your existing infrastructure
MaxLength: '18'
MinLength: '9'
Type: String
SubnetCIDR:
AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Default: 10.1.0.0/24
Description: IP Address range for the VPN connected Subnet
MaxLength: '18'
MinLength: '9'
Type: String
VPCCIDR:
AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Default: 10.1.0.0/16
Description: IP Address range for the VPN connected VPC
MaxLength: '18'
MinLength: '9'
Type: String
VPNAddress:
AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})'
ConstraintDescription: must be a valid IP address of the form x.x.x.x
Default: 98.216.131.178
Description: IP Address of your VPN device
MaxLength: '15'
MinLength: '7'
Type: String
Resources:
CustomerGateway:
Properties:
BgpAsn: '65000'
IpAddress: !Ref VPNAddress
Tags:
- Key: Application
Value: !Ref 'AWS::StackName'
- Key: VPN
Value: !Join
- ''
- - 'Gateway to '
- !Ref VPNAddress
Type: ipsec.1
Type: 'AWS::EC2::CustomerGateway'
InboundPrivateNetworkAclEntry:
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'false'
NetworkAclId: !Ref PrivateNetworkAcl
PortRange:
From: '0'
To: '65535'
Protocol: '6'
RuleAction: allow
RuleNumber: '100'
Type: 'AWS::EC2::NetworkAclEntry'
OutBoundPrivateNetworkAclEntry:
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'true'
NetworkAclId: !Ref PrivateNetworkAcl
PortRange:
From: '0'
To: '65535'
Protocol: '6'
RuleAction: allow
RuleNumber: '100'
Type: 'AWS::EC2::NetworkAclEntry'
PrivateNetworkAcl:
Properties:
Tags:
- Key: Application
Value: !Ref 'AWS::StackName'
- Key: Network
Value: Private
VpcId: !Ref VPC
Type: 'AWS::EC2::NetworkAcl'
PrivateRoute:
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref VPNGateway
RouteTableId: !Ref PrivateRouteTable
Type: 'AWS::EC2::Route'
DependsOn: VPNGateway
PrivateRouteTable:
Properties:
Tags:
- Key: Application
Value: !Ref 'AWS::StackName'
- Key: Network
Value: VPN Connected Subnet
VpcId: !Ref VPC
Type: 'AWS::EC2::RouteTable'
PrivateSubnet:
Properties:
CidrBlock: !Ref SubnetCIDR
Tags:
- Key: Application
Value: !Ref 'AWS::StackName'
- Key: Network
Value: VPN Connected Subnet
VpcId: !Ref VPC
Type: 'AWS::EC2::Subnet'
PrivateSubnetNetworkAclAssociation:
Properties:
NetworkAclId: !Ref PrivateNetworkAcl
SubnetId: !Ref PrivateSubnet
Type: 'AWS::EC2::SubnetNetworkAclAssociation'
PrivateSubnetRouteTableAssociation:
Properties:
RouteTableId: !Ref PrivateRouteTable
SubnetId: !Ref PrivateSubnet
Type: 'AWS::EC2::SubnetRouteTableAssociation'
VPC:
Properties:
CidrBlock: !Ref VPCCIDR
EnableDnsHostnames: 'true'
EnableDnsSupport: 'true'
Tags:
- Key: Application
Value: !Ref 'AWS::StackName'
- Key: Network
Value: VPN Connected VPC
Type: 'AWS::EC2::VPC'
DependsOn: VPNConnection
VPNConnection:
Properties:
CustomerGatewayId: !Ref CustomerGateway
StaticRoutesOnly: 'true'
Type: ipsec.1
VpnGatewayId: !Ref VPNGateway
Type: 'AWS::EC2::VPNConnection'
VPNConnectionRoute:
Properties:
DestinationCidrBlock: !Ref OnPremiseCIDR
VpnConnectionId: !Ref VPNConnection
Type: 'AWS::EC2::VPNConnectionRoute'
VPNGateway:
Properties:
Tags:
- Key: Application
Value: !Ref 'AWS::StackName'
Type: ipsec.1
Type: 'AWS::EC2::VPNGateway'
VPNGatewayAttachment:
Properties:
VpcId: !Ref VPC
VpnGatewayId: !Ref VPNGateway
Type: 'AWS::EC2::VPCGatewayAttachment'
返回的错误是:
**20:23:22 UTC-0400 CREATE_FAILED AWS::EC2::Route PrivateRoute The gateway ID 'vgw-a359aeca' does not exist**
答案 0 :(得分:0)
这里的问题是vgw永远不会与您的VPC相关联,因此路由表中的任何关联都会失败,因为vgw根本不存在于您的VPC中。
以下是模板上的一个小修改,等待完成vgwattachment,然后执行其他任务。
AWSTemplateFormatVersion: 2010-09-09
Description: aws vpc-vpn connection for XYZ by ekumar
Outputs:
PrivateSubnet:
Description: SubnetId of the VPN connected subnet
Value: !Ref PrivateSubnet
VPCId:
Description: VPCId of the newly created VPC
Value: !Ref VPC
Parameters:
OnPremiseCIDR:
AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Default: 10.0.0.0/24
Description: IP Address range for your existing infrastructure
MaxLength: '18'
MinLength: '9'
Type: String
SubnetCIDR:
AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Default: 10.1.0.0/24
Description: IP Address range for the VPN connected Subnet
MaxLength: '18'
MinLength: '9'
Type: String
VPCCIDR:
AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Default: 10.1.0.0/16
Description: IP Address range for the VPN connected VPC
MaxLength: '18'
MinLength: '9'
Type: String
VPNAddress:
AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})'
ConstraintDescription: must be a valid IP address of the form x.x.x.x
Default: 98.216.131.178
Description: IP Address of your VPN device
MaxLength: '15'
MinLength: '7'
Type: String
Resources:
VPC:
Properties:
CidrBlock: !Ref VPCCIDR
EnableDnsHostnames: 'true'
EnableDnsSupport: 'true'
Tags:
- Key: Application
Value: !Ref 'AWS::StackName'
- Key: Network
Value: VPN Connected VPC
Type: 'AWS::EC2::VPC'
DependsOn: VPNConnection
CustomerGateway:
Properties:
BgpAsn: '65000'
IpAddress: !Ref VPNAddress
Tags:
- Key: Application
Value: !Ref 'AWS::StackName'
- Key: VPN
Value: !Join
- ''
- - 'Gateway to '
- !Ref VPNAddress
Type: ipsec.1
Type: 'AWS::EC2::CustomerGateway'
PrivateNetworkAcl:
Properties:
Tags:
- Key: Application
Value: !Ref 'AWS::StackName'
- Key: Network
Value: Private
VpcId: !Ref VPC
Type: 'AWS::EC2::NetworkAcl'
InboundPrivateNetworkAclEntry:
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'false'
NetworkAclId: !Ref PrivateNetworkAcl
PortRange:
From: '0'
To: '65535'
Protocol: '6'
RuleAction: allow
RuleNumber: '100'
Type: 'AWS::EC2::NetworkAclEntry'
OutBoundPrivateNetworkAclEntry:
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'true'
NetworkAclId: !Ref PrivateNetworkAcl
PortRange:
From: '0'
To: '65535'
Protocol: '6'
RuleAction: allow
RuleNumber: '100'
Type: 'AWS::EC2::NetworkAclEntry'
VPNConnection:
Properties:
CustomerGatewayId: !Ref CustomerGateway
StaticRoutesOnly: 'true'
Type: ipsec.1
VpnGatewayId: !Ref VPNGateway
Type: 'AWS::EC2::VPNConnection'
VPNConnectionRoute:
Properties:
DestinationCidrBlock: !Ref OnPremiseCIDR
VpnConnectionId: !Ref VPNConnection
Type: 'AWS::EC2::VPNConnectionRoute'
VPNGateway:
Properties:
Tags:
- Key: Application
Value: !Ref 'AWS::StackName'
Type: ipsec.1
Type: 'AWS::EC2::VPNGateway'
VPNGatewayAttachment:
Properties:
VpcId: !Ref VPC
VpnGatewayId: !Ref VPNGateway
Type: 'AWS::EC2::VPCGatewayAttachment'
PrivateRoute:
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref VPNGateway
RouteTableId: !Ref PrivateRouteTable
Type: 'AWS::EC2::Route'
DependsOn: VPNGateway
PrivateRouteTable:
Properties:
Tags:
- Key: Application
Value: !Ref 'AWS::StackName'
- Key: Network
Value: VPN Connected Subnet
VpcId: !Ref VPC
Type: 'AWS::EC2::RouteTable'
DependsOn: VPNGatewayAttachment
PrivateSubnet:
Properties:
CidrBlock: !Ref SubnetCIDR
Tags:
- Key: Application
Value: !Ref 'AWS::StackName'
- Key: Network
Value: VPN Connected Subnet
VpcId: !Ref VPC
Type: 'AWS::EC2::Subnet'
PrivateSubnetNetworkAclAssociation:
Properties:
NetworkAclId: !Ref PrivateNetworkAcl
SubnetId: !Ref PrivateSubnet
Type: 'AWS::EC2::SubnetNetworkAclAssociation'
PrivateSubnetRouteTableAssociation:
Properties:
RouteTableId: !Ref PrivateRouteTable
SubnetId: !Ref PrivateSubnet
Type: 'AWS::EC2::SubnetRouteTableAssociation'
另外为了便于阅读,请在结尾处保留输出部分。并记下需要创建资源的顺序。
P.S。 :不要将公司名称置于问题中:)