问题描述
我正在尝试学习 Aws cloud Formation,我正在尝试创建 VPC,如图所示。它包含三个公共子网、私有子网、natgateway 和 Internetgateway,带有公共和私有路由表。我试图通过云形成来实现它,但得到了弹性 IP 的异常。
"The elastic-ip ID 'xx.xxx.xx.xxx' is malformed (Service: AmazonEC2; Status Code: 400; Error Code: InvalidElasticIpID.Malformed; Request ID: 2e3a9f8c-5a7e-482e-869c-8a0e46a08f27; Proxy: null)"
。我正在尝试将弹性 IP 附加到 NatGateway 并出现上述错误。请指导我如何做到这一点。
{
{
"AWstemplateFormatVersion": "2010-09-09","Resources": {
"ExampleEc2Instance": {
"Type": "AWS::EC2::Instance","Properties": {
"InstanceType": "t2.micro","ImageId" : "ami-047a51fa27710816e","AvailabilityZone" : "us-east-1a","SecurityGroupIds" : [{
"Ref":"ExampleSecurityGroup"
}],"subnetId" : {
"Ref":"public2A"
}
}
},"ExampleEc2InstancePrivate": {
"Type": "AWS::EC2::Instance","subnetId" : {
"Ref":"private2A"
}
}
},"public2A":{
"Type" : "AWS::EC2::subnet","Properties":{
"AvailabilityZone" : "us-east-1a","CidrBlock" : "10.0.2.0/24","Tags" : [{"Key" : "public2A","Value" : "public2A"}],"VpcId" : {
"Ref":"ExampleVpcId"
}
}
},"public2B":{
"Type" : "AWS::EC2::subnet","CidrBlock" : "10.0.3.0/24","Tags" : [{"Key" : "public2B","Value" : "public2B"}],"public2C":{
"Type" : "AWS::EC2::subnet","CidrBlock" : "10.0.1.0/24","Tags" : [{"Key" : "public2C","Value" : "public2C"}],"private2A":{
"Type" : "AWS::EC2::subnet","CidrBlock" : "10.0.5.0/24","Tags" : [{"Key" : "private2A","Value" : "private2A"}],"private2B":{
"Type" : "AWS::EC2::subnet","CidrBlock" : "10.0.6.0/24","Tags" : [{"Key" : "private2B","Value" : "private2B"}],"private2C":{
"Type" : "AWS::EC2::subnet","CidrBlock" : "10.0.7.0/24","Tags" : [{"Key" : "private2C","Value" : "private2C"}],"privateRT":{
"Type" : "AWS::EC2::RouteTable","Properties" : {
"Tags" : [{"Key" : "privateRT","Value" : "privateRT"}],"VpcId" : {
"Ref":"ExampleVpcId"
}
}
},"publicRT":{
"Type" : "AWS::EC2::RouteTable","Properties" : {
"Tags" : [{"Key" : "publicRT","Value" : "publicRT"}],"public2ARouteTableAssociation" : {
"Type" : "AWS::EC2::subnetRouteTableAssociation","Properties" : {
"subnetId" : { "Ref" : "public2A" },"RouteTableId" : { "Ref" : "publicRT" }
}
},"public2brouteTableAssociation" : {
"Type" : "AWS::EC2::subnetRouteTableAssociation","Properties" : {
"subnetId" : { "Ref" : "public2B" },"public2CRouteTableAssociation" : {
"Type" : "AWS::EC2::subnetRouteTableAssociation","Properties" : {
"subnetId" : { "Ref" : "public2C" },"private2ARouteTableAssociation" : {
"Type" : "AWS::EC2::subnetRouteTableAssociation","Properties" : {
"subnetId" : { "Ref" : "private2A" },"RouteTableId" : { "Ref" : "privateRT" }
}
},"private2brouteTableAssociation" : {
"Type" : "AWS::EC2::subnetRouteTableAssociation","Properties" : {
"subnetId" : { "Ref" : "private2B" },"private2CRouteTableAssociation" : {
"Type" : "AWS::EC2::subnetRouteTableAssociation","Properties" : {
"subnetId" : { "Ref" : "private2C" },"myVpcInternetGateWay":{
"Type" : "AWS::EC2::InternetGateway","Properties" : {
"Tags" : [{"Key" : "myVpcInternetGateWay","Value" : "myVpcInternetGateWay"}]
}
},"myVpcInternetGateWayRoute":{
"Type" : "AWS::EC2::Route","Properties" : {
"DestinationCidrBlock" : "0.0.0.0/0","GatewayId" : {"Ref":"myVpcInternetGateWay"},"RouteTableId" : {"Ref":"publicRT"}
}
},"myVpcInternetGateWayAttachement":{
"Type" : "AWS::EC2::VPCGatewayAttachment","Properties" : {
"InternetGatewayId" : {"Ref":"myVpcInternetGateWay"},"VpcId" : {"Ref":"ExampleVpcId"}
}
},"myNatGateWay":{
"Type" : "AWS::EC2::NatGateway","Properties" : {
"AllocationId" : {"Ref":"myElasticIP"},"subnetId" :{"Ref":"public2A"},"Tags" : [{"Key" : "myNatGateWay","Value" : "myNatGateWay"}]
}
},"myVpcNatGatWayRoute":{
"Type" : "AWS::EC2::Route","GatewayId" : {"Ref":"myNatGateWay"},"RouteTableId" : {"Ref":"privateRT"}
}
},"myElasticIP":{
"Type" : "AWS::EC2::EIP","Properties" : {
"Domain" : "VPC","Tags" : [{"Key" : "myElasticIP","Value" : "myElasticIP"}]
}
},"ExampleSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup","Properties" : {
"GroupDescription" : "Allow http to client host","GroupName" : "templateSecuritygrp","Tags" : [ {"Key" : "securityGroup","Value" : "cloudformationSecurityGroup"} ],"VpcId" : {
"Ref":"ExampleVpcId"
}
}
},"ExampleSecurityGroupEgress" : {
"Type":"AWS::EC2::SecurityGroupEgress","Properties":{
"IpProtocol":"-1","FromPort":"-1","ToPort":"-1","DestinationSecurityGroupId":{
"Ref":"ExampleSecurityGroup"
},"GroupId":{
"Ref":"ExampleSecurityGroup"
}
}
},"ExampleSecurityGroupIngress" :{
"Type":"AWS::EC2::SecurityGroupIngress","SourceSecurityGroupId":{
"Ref":"ExampleSecurityGroup"
},"GroupId":{
"Ref":"ExampleSecurityGroup"
}
}
},"ExampleVpcId":{
"Type":"AWS::EC2::VPC","Properties" : {
"CidrBlock" : "10.0.0.0/16","EnablednsSupport" : "false","EnablednsHostnames" : "false","InstanceTenancy" : "default","Tags" : [ {"Key" : "tmpltVPC","Value" : "firstVpc"}]
}
}
}
}
}
解决方法
在您的 myNatGateWay 中,您应该使用 GetAtt 来获取 AllocationId:
"myNatGateWay":{
"Type" : "AWS::EC2::NatGateway","Properties" : {
"AllocationId" : { "Fn::GetAtt" : ["myElasticIP","AllocationId"]},"SubnetId" :{"Ref":"public2A"},"Tags" : [{"Key" : "myNatGateWay","Value" : "myNatGateWay"}]
}
}
您还需要在 EIP 中使用 https://jsfiddle.net/yudizsolutions/wk3scpyr/2/:
"myElasticIP":{
"Type" : "AWS::EC2::EIP","DependsOn":["myVpcInternetGateWayAttachement"],"Properties" : {
"Domain" : "VPC","Tags" : [{"Key" : "myElasticIP","Value" : "myElasticIP"}]
}
}
最后 myVpcNatGatWayRoute 应该是:
"myVpcNatGatWayRoute":{
"Type" : "AWS::EC2::Route","Properties" : {
"DestinationCidrBlock" : "0.0.0.0/0","NatGatewayId" : {"Ref":"myNatGateWay"},"RouteTableId" : {"Ref":"privateRT"}
}
}