英文:
AWS CDK: NaN.NaN.NaN.NaN is not a valid IP Address when creating Client VPN Endpoint
问题
当尝试创建客户端 VPN 资源时,我遇到以下错误:
Error: NaN.NaN.NaN.NaN 不是有效的 IP 地址at NetworkUtils.numToIp (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:80:19)at CidrBlock.minIp (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:202:29)at new CidrBlock (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:189:29)at new ClientVpnEndpoint (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\client-vpn-endpoint.js:133:29)上述异常是以下异常的直接原因:Traceback (most recent call last):File "C:\Users\user\cdk\networking\client_vpn_stack.py", line 95, in __init__client_vpn = ec2.ClientVpnEndpoint(^^^^^^^^^^^^^^^^^^^^^^
这是代码(所有其他资源,如 VPC,都在代码中较早地创建):
from aws_cdk import aws_ec2 as ec2client_vpn = ec2.ClientVpnEndpoint(self,id='ClientVPNEndpoint',description=f'Client VPN in VPC - {vpc.attr_vpc_id}',# Networkingsplit_tunnel=True,cidr='172.16.0.0/16',vpc=vpc,port=ec2.VpnPort.HTTPS,session_timeout=ec2.ClientVpnSessionTimeout.TEN_HOURS,# Securityserver_certificate_arn=f'arn:aws:acm:eu-west-1:{self.account}:certificate/{certificate_id}',security_groups=[sg],user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(saml_provider=saml_provider))
我能想到的唯一 IP 地址是 CIDR,但根据文档,它们期望的 CIDR 块格式应为 X.X.X.X/X。
我尝试用其他值替换 CIDR,但没有帮助...
有人可以帮我看看这里缺少什么吗?
提前感谢。
英文:
When trying to create a client vpn resource, I get the following error:
Error: NaN.NaN.NaN.NaN is not a valid IP Addressat NetworkUtils.numToIp (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:80:19)at CidrBlock.minIp (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:202:29)at new CidrBlock (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:189:29)at new ClientVpnEndpoint (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\client-vpn-endpoint.js:133:29)The above exception was the direct cause of the following exception:Traceback (most recent call last):File "C:\Users\user\cdk\networking\client_vpn_stack.py", line 95, in __init__client_vpn = ec2.ClientVpnEndpoint(^^^^^^^^^^^^^^^^^^^^^^
This is the code (all the other resources such as the VPC are created earlier in the code):
from aws_cdk import aws_ec2 as ec2client_vpn = ec2.ClientVpnEndpoint(self,id='ClientVPNEndpoint',description=f'Client VPN in VPC - {vpc.attr_vpc_id}',# Networkingsplit_tunnel=True,cidr='172.16.0.0/16',vpc=vpc,port=ec2.VpnPort.HTTPS,session_timeout=ec2.ClientVpnSessionTimeout.TEN_HOURS,# Securityserver_certificate_arn=f'arn:aws:acm:eu-west-1:{self.account}:certificate/{certificate_id}',security_groups=[sg],user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(saml_provider=saml_provider))
The only IP I can think of is the cidr but from the documentation they except a cidr block of the format X.X.X.X/X.
I tried to replace the cidr with other values, but nothing helped...
Can anyone help me what is missing here?
Thanks in advance.
Edit
VPC range: 10.1.0.0/16 (defined in another stack but passed by value in the same app)
I tried using /22 and /16 for the client VPN CIDR block, this didn't change anything.
答案1
得分: 0
我的错误...
使用的vpc变量的类型为ec2.CfnVPC。编译器找不到ec2.IVpc中包含的必需字段,并返回错误。
虽然我应该更仔细地阅读文档,但错误消息并不十分清晰。
这是文档中的构造函数:
class ClientVpnEndpoint(scope: Construct,id: str,*,vpc: IVpc,cidr: str,server_certificate_arn: str,authorize_all_users_to_vpc_cidr: bool | None = None,client_certificate_arn: str | None = None,client_connection_handler: IClientVpnConnectionHandler | None = None,client_login_banner: str | None = None,description: str | None = None,dns_servers: Sequence[str] | None = None,logging: bool | None = None,log_group: ILogGroup | None = None,log_stream: ILogStream | None = None,port: VpnPort | None = None,security_groups: Sequence[ISecurityGroup] | None = None,self_service_portal: bool | None = None,session_timeout: ClientVpnSessionTimeout | None = None,split_tunnel: bool | None = None,transport_protocol: TransportProtocol | None = None,user_based_authentication: ClientVpnUserBasedAuthentication | None = None,vpc_subnets: SubnetSelection | Dict[str, Any] | None = None)
如果有兴趣,以下是完整的堆栈:
from aws_cdk import (Tags,aws_ec2 as ec2,aws_iam as iam)# Client VPN Endpointsaml_provider = iam.SamlProvider.from_saml_provider_arn(self,id='IdP',saml_provider_arn=f'arn:aws:iam::{self.account}:saml-provider/{identity_provider_id}')client_vpn = ec2.ClientVpnEndpoint(self,id='ClientVpn',description=f'Client VPN Endpoint',# Networkingvpc=vpc,vpc_subnets=ec2.SubnetSelection(subnets=clientvpn_subnets),cidr=clientvpn_cidr_block,port=ec2.VpnPort.HTTPS,split_tunnel=True,transport_protocol=ec2.TransportProtocol.TCP,session_timeout=ec2.ClientVpnSessionTimeout.TEN_HOURS,# Securityserver_certificate_arn=f'arn:aws:acm:eu-west-1:{self.account}:certificate/{certificate_id}',security_groups=[sg],user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(saml_provider=saml_provider),authorize_all_users_to_vpc_cidr=False,# Logginglogging=True,log_group=log_group,log_stream=log_stream)client_vpn.add_authorization_rule(id='AuthorizationRule',description='Authorize all private ip range to everyone',cidr='10.0.0.0/8')
英文:
My bad...
The vpc variable in use was of type ec2.CfnVPC. The compiler couldn't find required fields contained in ec2.IVpc and returned an error.
Although I should have read the documentation more carefully, the error message wasn't quite clear.
This is the constructor from the documentation:
> python
> class ClientVpnEndpoint(
> scope: Construct,
> id: str,
> *,
> vpc: IVpc,
> cidr: str,
> server_certificate_arn: str,
> authorize_all_users_to_vpc_cidr: bool | None = None,
> client_certificate_arn: str | None = None,
> client_connection_handler: IClientVpnConnectionHandler | None = None,
> client_login_banner: str | None = None,
> description: str | None = None,
> dns_servers: Sequence[str] | None = None,
> logging: bool | None = None,
> log_group: ILogGroup | None = None,
> log_stream: ILogStream | None = None,
> port: VpnPort | None = None,
> security_groups: Sequence[ISecurityGroup] | None = None,
> self_service_portal: bool | None = None,
> session_timeout: ClientVpnSessionTimeout | None = None,
> split_tunnel: bool | None = None,
> transport_protocol: TransportProtocol | None = None,
> user_based_authentication: ClientVpnUserBasedAuthentication | None = None,
> vpc_subnets: SubnetSelection | Dict[str, Any] | None = None
> )
>
This is the full stack if someone is interested:
from aws_cdk import (Tags,aws_ec2 as ec2,aws_iam as iam)# Client VPN Endpointsaml_provider = iam.SamlProvider.from_saml_provider_arn(self,id='IdP',saml_provider_arn=f'arn:aws:iam::{self.account}:saml-provider/{identity_provider_id}')client_vpn = ec2.ClientVpnEndpoint(self,id='ClientVpn',description=f'Client VPN Endpoint',# Networkingvpc=vpc,vpc_subnets=ec2.SubnetSelection(subnets=clientvpn_subnets),cidr=clientvpn_cidr_block,port=ec2.VpnPort.HTTPS,split_tunnel=True,transport_protocol=ec2.TransportProtocol.TCP,session_timeout=ec2.ClientVpnSessionTimeout.TEN_HOURS,# Securityserver_certificate_arn=f'arn:aws:acm:eu-west-1:{self.account}:certificate/{certificate_id}',security_groups=[sg],user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(saml_provider=saml_provider),authorize_all_users_to_vpc_cidr=False,# Logginglogging=True,log_group=log_group,log_stream=log_stream)client_vpn.add_authorization_rule(id='AuthorizationRule',description='Authorize all private ip range to everyone',cidr='10.0.0.0/8')</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论