如何使用 CloudFormation 为 VPC 中的主路由表添加线路?
3 分钟阅读
0
我想在 AWS CloudFormation 中创建 Amazon Virtual Private Cloud (Amazon VPC) 时向主路由表添加路由。
简短描述
当您使用 CloudFormation 创建 Amazon VPC 时,CloudFormation 无法识别默认创建的主路由表。因此,有关路由表的信息不能在 Amazon VPC 和 CloudFormation 之间传递。因此,您无法在主路由表中添加或移除路由,因为您无法从 CloudFormation 模板中引用路由表。
解决方法
**注意:**如果您在运行 AWS 命令行界面(AWS CLI)命令时遇到错误,请确保您使用的是最新版本的 AWS CLI。
要解决此问题,您可以在 CloudFormation 模板中使用 AWS Lambda 支持的自定义资源。CloudFormation 堆栈创建了一个 Amazon VPC。然后,自定义资源使用 AWS Lambda 函数检索与您的 Amazon VPC 关联的主路由表 ID。
使用以下 RouteTable-template.yml 模板创建 CloudFormation 堆栈:
AWSTemplateFormatVersion: 2010-09-09 Description: Template to add routes to default/main routetable of VPC Resources: MyVPC: Type: 'AWS::EC2::VPC' Properties: CidrBlock: 10.0.0.0/16 Tags: - Key: Env Value: Test LambdaIAMRole: Type: 'AWS::IAM::Role' DependsOn: MyVPC Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: root PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - 'ec2:Describe*' Resource: '*' - Effect: Allow Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: 'arn:aws:logs:*:*:*' LambdaFunction: Type: 'AWS::Lambda::Function' Properties: Handler: index.lambda_handler Role: !GetAtt LambdaIAMRole.Arn Runtime: python3.9 Timeout: 50 Code: ZipFile: | from __future__ import print_function import json import boto3 import urllib3 import cfnresponse SUCCESS = "SUCCESS" FAILED = "FAILED" http = urllib3.PoolManager() print('Loading function') ec2 = boto3.client('ec2') def lambda_handler(event, context): print("Received event: " + json.dumps(event, indent=2)) responseData={} try: if event['RequestType'] == 'Delete': print("Request Type:",event['RequestType']) print("Delete Request - No Physical resources to delete") elif event['RequestType'] == 'Create': print("Request Type:",event['RequestType']) VPCID=event['ResourceProperties']['VPCID'] RouteTableID=get_vpc(VPCID) responseData={'RouteTableID':RouteTableID} print("Sending response to custom resource") elif event['RequestType'] == 'Update': print("Request Type:",event['RequestType']) VPCID=event['ResourceProperties']['VPCID'] RouteTableID=get_vpc(VPCID) responseData={'RouteTableID':RouteTableID} print("Sending response to custom resource") responseStatus = 'SUCCESS' print("responseStatus: " + responseStatus) cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, "CustomResourcePhysicalID") except Exception as e: print('Failed to process:', e) responseStatus = 'FAILURE' responseData = {'Failure': 'Something bad happened.'} cfnresponse.send(event, context, cfnresponse.FAILURE, responseData, "CustomResourcePhysicalID") def get_vpc(VPCID): response = ec2.describe_route_tables ( Filters=[ { 'Name': 'association.main', 'Values': [ 'true' ] }, { 'Name': 'vpc-id', 'Values': [ VPCID ] } ] ) print("Printing the VPC Route Table ID ....") RouteTableID=response['RouteTables'][0]['RouteTableId'] print(RouteTableID) return RouteTableID def send(event, context, responseStatus, responseData, physicalResourceId=None, noEcho=False): responseUrl = event['ResponseURL'] print(responseUrl) responseBody = {'Status': responseStatus, 'Reason': 'See the details in CloudWatch Log Stream: ' + context.log_stream_name, 'PhysicalResourceId': physicalResourceId or context.log_stream_name, 'StackId': event['StackId'], 'RequestId': event['RequestId'], 'LogicalResourceId': event['LogicalResourceId'], 'Data': responseData} json_responseBody = json.dumps(responseBody) print("Response body:\n" + json_responseBody) headers = { 'content-type' : '', 'content-length' : str(len(json_responseBody)) } try: response = http.request('PUT', responseUrl, headers=headers, body=json_responseBody) print("Status code: " + response.reason) except Exception as e: print("send(..) failed executing requests.put(..): " + str(e)) Lambdatrigger: Type: 'Custom::RouteTableLambda' Properties: ServiceToken: !GetAtt LambdaFunction.Arn VPCID: !Ref MyVPC MyInternetGateway: Type: 'AWS::EC2::InternetGateway' Properties: Tags: - Key: Env Value: Test AttachGateway: Type: 'AWS::EC2::VPCGatewayAttachment' Properties: VpcId: !Ref MyVPC InternetGatewayId: !Ref MyInternetGateway MyRoute: Type: 'AWS::EC2::Route' Properties: RouteTableId: !GetAtt Lambdatrigger.RouteTableID DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref MyInternetGateway Outputs: RouteTableID: Value: !GetAtt Lambdatrigger.RouteTableID
自定义资源返回的数据包含主路由表 ID。您可以使用 AWS::EC2::Route 中的 GetAtt 引用 ID,以将路由添加到主路由表中。此外,堆栈的输出显示路由表 ID。
以下是自定义资源发送到 CloudFormation 堆栈的 SUCCESS 响应正文的示例:
{ "Status": "SUCCESS", "Reason": "See the details in CloudWatch Log Stream: 2022/08/31/[$LATEST]c48b90efb3944c11ad3fb6e1ce5e1f45", "PhysicalResourceId": "CustomResourcePhysicalID", "StackId": "arn:aws:cloudformation:us-west-1:XXXX:stack/VPC-RT/06c957b0-297e-11ed-afb5-02ca6fd67f8d", "RequestId": "55c0f2b8-3044-47f7-aba4-84502b4ef632", "LogicalResourceId": "Lambdatrigger", "NoEcho": false, "Data": { "RouteTableID": "rtb-0fba8d15701234567a" } }
AWS 官方已更新 2 年前
没有评论
相关内容
- AWS 官方已更新 3 年前
- AWS 官方已更新 10 个月前
