AWS CDK: NaN.NaN.NaN.NaN 在创建客户端 VPN 端点时不是有效的 IP 地址

huangapple go评论78阅读模式
英文:

AWS CDK: NaN.NaN.NaN.NaN is not a valid IP Address when creating Client VPN Endpoint

问题

当尝试创建客户端 VPN 资源时,我遇到以下错误:

Error: NaN.NaN.NaN.NaN 不是有效的 IP 地址
      at NetworkUtils.numToIp (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:80:19)
      at CidrBlock.minIp (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:202:29)
      at new CidrBlock (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:189:29)
      at new ClientVpnEndpoint (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\client-vpn-endpoint.js:133:29)

上述异常是以下异常的直接原因:

Traceback (most recent call last):
  File "C:\Users\user\cdk\networking\client_vpn_stack.py", line 95, in __init__        
    client_vpn = ec2.ClientVpnEndpoint(
                 ^^^^^^^^^^^^^^^^^^^^^^

这是代码(所有其他资源,如 VPC,都在代码中较早地创建):

from aws_cdk import aws_ec2 as ec2

client_vpn = ec2.ClientVpnEndpoint(
    self,
    id='ClientVPNEndpoint',
    description=f'Client VPN in VPC - {vpc.attr_vpc_id}',

    # Networking
    split_tunnel=True,
    cidr='172.16.0.0/16',
    vpc=vpc,
    port=ec2.VpnPort.HTTPS,
    session_timeout=ec2.ClientVpnSessionTimeout.TEN_HOURS,

    # Security
    server_certificate_arn=f'arn:aws:acm:eu-west-1:{self.account}:certificate/{certificate_id}',
    security_groups=[sg],
    user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(
        saml_provider=saml_provider
    )
)

我能想到的唯一 IP 地址是 CIDR,但根据文档,它们期望的 CIDR 块格式应为 X.X.X.X/X。

我尝试用其他值替换 CIDR,但没有帮助...

有人可以帮我看看这里缺少什么吗?

提前感谢。

英文:

When trying to create a client vpn resource, I get the following error:

Error: NaN.NaN.NaN.NaN is not a valid IP Address
      at NetworkUtils.numToIp (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:80:19)
      at CidrBlock.minIp (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:202:29)
      at new CidrBlock (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:189:29)
      at new ClientVpnEndpoint (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\client-vpn-endpoint.js:133:29)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "C:\Users\user\cdk\networking\client_vpn_stack.py", line 95, in __init__        
    client_vpn = ec2.ClientVpnEndpoint(
                 ^^^^^^^^^^^^^^^^^^^^^^

This is the code (all the other resources such as the VPC are created earlier in the code):

from aws_cdk import aws_ec2 as ec2

client_vpn = ec2.ClientVpnEndpoint(
    self,
    id='ClientVPNEndpoint',
    description=f'Client VPN in VPC - {vpc.attr_vpc_id}',

    # Networking
    split_tunnel=True,
    cidr='172.16.0.0/16',
    vpc=vpc,
    port=ec2.VpnPort.HTTPS,
    session_timeout=ec2.ClientVpnSessionTimeout.TEN_HOURS,

    # Security
    server_certificate_arn=f'arn:aws:acm:eu-west-1:{self.account}:certificate/{certificate_id}',
    security_groups=[sg],
    user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(
        saml_provider=saml_provider
    )
)

The only IP I can think of is the cidr but from the documentation they except a cidr block of the format X.X.X.X/X.

I tried to replace the cidr with other values, but nothing helped...

Can anyone help me what is missing here?

Thanks in advance.


Edit

VPC range: 10.1.0.0/16 (defined in another stack but passed by value in the same app)

I tried using /22 and /16 for the client VPN CIDR block, this didn't change anything.

答案1

得分: 0

我的错误...

使用的vpc变量的类型为ec2.CfnVPC。编译器找不到ec2.IVpc中包含的必需字段,并返回错误。

虽然我应该更仔细地阅读文档,但错误消息并不十分清晰。

这是文档中的构造函数:

class ClientVpnEndpoint(
    scope: Construct,
    id: str,
    *,
    vpc: IVpc,
    cidr: str,
    server_certificate_arn: str,
    authorize_all_users_to_vpc_cidr: bool | None = None,
    client_certificate_arn: str | None = None,
    client_connection_handler: IClientVpnConnectionHandler | None = None,
    client_login_banner: str | None = None,
    description: str | None = None,
    dns_servers: Sequence[str] | None = None,
    logging: bool | None = None,
    log_group: ILogGroup | None = None,
    log_stream: ILogStream | None = None,
    port: VpnPort | None = None,
    security_groups: Sequence[ISecurityGroup] | None = None,
    self_service_portal: bool | None = None,
    session_timeout: ClientVpnSessionTimeout | None = None,
    split_tunnel: bool | None = None,
    transport_protocol: TransportProtocol | None = None,
    user_based_authentication: ClientVpnUserBasedAuthentication | None = None,
    vpc_subnets: SubnetSelection | Dict[str, Any] | None = None
)

如果有兴趣,以下是完整的堆栈:

from aws_cdk import (
    Tags,
    aws_ec2 as ec2,
    aws_iam as iam
)

# Client VPN Endpoint
saml_provider = iam.SamlProvider.from_saml_provider_arn(
    self,
    id='IdP',
    saml_provider_arn=f'arn:aws:iam::{self.account}:saml-provider/{identity_provider_id}'
)

client_vpn = ec2.ClientVpnEndpoint(
    self,
    id='ClientVpn',
    description=f'Client VPN Endpoint',

    # Networking
    vpc=vpc,
    vpc_subnets=ec2.SubnetSelection(
        subnets=clientvpn_subnets
    ),
    cidr=clientvpn_cidr_block,
    port=ec2.VpnPort.HTTPS,
    split_tunnel=True,
    transport_protocol=ec2.TransportProtocol.TCP,
    session_timeout=ec2.ClientVpnSessionTimeout.TEN_HOURS,

    # Security
    server_certificate_arn=f'arn:aws:acm:eu-west-1:{self.account}:certificate/{certificate_id}',
    security_groups=[sg],
    user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(
        saml_provider=saml_provider
    ),
    authorize_all_users_to_vpc_cidr=False,

    # Logging
    logging=True,
    log_group=log_group,
    log_stream=log_stream
)

client_vpn.add_authorization_rule(
    id='AuthorizationRule',
    description='Authorize all private ip range to everyone',
    cidr='10.0.0.0/8'
)
英文:

My bad...

The vpc variable in use was of type ec2.CfnVPC. The compiler couldn't find required fields contained in ec2.IVpc and returned an error.
Although I should have read the documentation more carefully, the error message wasn't quite clear.

This is the constructor from the documentation:
> python
> class ClientVpnEndpoint(
> scope: Construct,
> id: str,
> *,
> vpc: IVpc,
> cidr: str,
> server_certificate_arn: str,
> authorize_all_users_to_vpc_cidr: bool | None = None,
> client_certificate_arn: str | None = None,
> client_connection_handler: IClientVpnConnectionHandler | None = None,
> client_login_banner: str | None = None,
> description: str | None = None,
> dns_servers: Sequence[str] | None = None,
> logging: bool | None = None,
> log_group: ILogGroup | None = None,
> log_stream: ILogStream | None = None,
> port: VpnPort | None = None,
> security_groups: Sequence[ISecurityGroup] | None = None,
> self_service_portal: bool | None = None,
> session_timeout: ClientVpnSessionTimeout | None = None,
> split_tunnel: bool | None = None,
> transport_protocol: TransportProtocol | None = None,
> user_based_authentication: ClientVpnUserBasedAuthentication | None = None,
> vpc_subnets: SubnetSelection | Dict[str, Any] | None = None
> )
>

This is the full stack if someone is interested:

from aws_cdk import (
    Tags,
    aws_ec2 as ec2,
    aws_iam as iam
)

# Client VPN Endpoint
saml_provider = iam.SamlProvider.from_saml_provider_arn(
    self,
    id='IdP',
    saml_provider_arn=f'arn:aws:iam::{self.account}:saml-provider/{identity_provider_id}'
)

client_vpn = ec2.ClientVpnEndpoint(
    self,
    id='ClientVpn',
    description=f'Client VPN Endpoint',

    # Networking
    vpc=vpc,
    vpc_subnets=ec2.SubnetSelection(
        subnets=clientvpn_subnets
    ),
    cidr=clientvpn_cidr_block,
    port=ec2.VpnPort.HTTPS,
    split_tunnel=True,
    transport_protocol=ec2.TransportProtocol.TCP,
    session_timeout=ec2.ClientVpnSessionTimeout.TEN_HOURS,

    # Security
    server_certificate_arn=f'arn:aws:acm:eu-west-1:{self.account}:certificate/{certificate_id}',
    security_groups=[sg],
    user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(
        saml_provider=saml_provider
    ),
    authorize_all_users_to_vpc_cidr=False,

    # Logging
    logging=True,
    log_group=log_group,
    log_stream=log_stream
)

client_vpn.add_authorization_rule(
    id='AuthorizationRule',
    description='Authorize all private ip range to everyone',
    cidr='10.0.0.0/8'
)

</details>



huangapple
  • 本文由 发表于 2023年4月7日 04:39:41
  • 转载请务必保留本文链接:https://go.coder-hub.com/75953592.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定