时间戳

首页 > 解决方案 > AWS 和 CloudFormation:如何将虚拟私有网关附加到路由表?

amazon-web-services - AWS 和 CloudFormation:如何将虚拟私有网关附加到路由表?

问题描述

我正在尝试使用 CloudFormation 将虚拟专用网关附加到路由表

以下是我拥有的路由表 JSON...

 "PrivateRouteTable": {
            "Type": "AWS::EC2::RouteTable",
            "Properties": {
                "VpcId": {
                    "Ref": "VPC"
                },
                "Tags": [{
                    "Key": "Name",
                    "Value": "Private_RouteTable-AZ-A"
                }]
            }
        },
        "DefaultPrivateRoute": {
            "Type": "AWS::EC2::Route",
            "Properties": {
                "RouteTableId": {
                    "Ref": "PrivateRouteTable"
                },
                "DestinationCidrBlock": "0.0.0.0/0",
                "NatGatewayId": {
                    "Ref": "NatGateway"
                }
            }
        },
        "PrivateSubnetRouteTableAssociation": {
            "Type": "AWS::EC2::SubnetRouteTableAssociation",
            "Properties": {
                "RouteTableId": {
                    "Ref": "PrivateRouteTable"
                },
                "SubnetId": {
                    "Ref": "PrivateSN"
                }
            }
        }

这是我拥有的虚拟专用网关 JSON..

"VirtualPrivateGateway": {
            "Type": "AWS::EC2::VPNGateway",
            "Properties": {
                "Type": "ipsec.1",
                "Tags": [{
                    "Key": "Name",
                    "Value": "Virtual Private Gateway"
                }]
            }
        },
        "AttachmentVPNGateway": {
            "Type": "AWS::EC2::VPCGatewayAttachment",
            "Properties": {
                "VpcId": {
                    "Ref": "VPC"
                },
                "VpnGatewayId": {
                    "Ref": "VirtualPrivateGateway"
                }
            }
        },
        "VPNConnection": {
            "Type": "AWS::EC2::VPNConnection",
            "Properties": {
                "Type": "ipsec.1",
                "CustomerGatewayId": {
                    "Ref": "CustomerGateway"
                },
                "StaticRoutesOnly": true,
                "Tags": [{
                    "Key": "Name",
                    "Value": "VPN_Connection"
                }],
                "VpnGatewayId": {
                    "Ref": "VirtualPrivateGateway"
                }
            }
        }

还有更多可以创建 VPC、子网等,但为了简单起见,我将其省略了。如果我尝试使用以下 JSON 将 VPG 附加到路由表,则会发生错误...

        "VPGPrivateRoute": {
            "Type": "AWS::EC2::Route",
            "Properties": {
                "RouteTableId": {
                    "Ref": "PrivateRouteTable"
                },
                "DestinationCidrBlock": "0.0.0.0/0",
                "GatewayId": {
                    "Ref": "VirtualPrivateGateway"
                }
            }
        }

我从 CloudFormation 收到的错误...

The gateway ID 'vgw-xxxxxxxxxxx' does not exist (Service: AmazonEC2; Status Code: 400; Error Code: InvalidGatewayID.NotFound; Request ID: e29700b2-2d76-4e19-9d13-b6f84e22b01c)

文档确实说我应该使用“GatewayId”将 VPG 关联到路由表。

标签: amazon-web-servicesamazon-cloudformation

解决方案

我认为路由表上应该有DependsOn :

当您拥有 VPN 网关时,VPN 网关路由传播取决于VPC 网关附件。

也许以下内容会有所帮助:

    "VPGPrivateRoute": {
        "Type": "AWS::EC2::Route",
        "DependsOn" : "AttachmentVPNGateway",
        "Properties": {
            "RouteTableId": {
                "Ref": "PrivateRouteTable"
            },
            "DestinationCidrBlock": "0.0.0.0/0",
            "GatewayId": {
                "Ref": "VirtualPrivateGateway"
            }
        }
    }

推荐阅读