英文:
AWS CDK: NaN.NaN.NaN.NaN is not a valid IP Address when creating Client VPN Endpoint
问题
当尝试创建客户端 VPN 资源时,我遇到以下错误:
Error: NaN.NaN.NaN.NaN 不是有效的 IP 地址
at NetworkUtils.numToIp (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:80:19)
at CidrBlock.minIp (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:202:29)
at new CidrBlock (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:189:29)
at new ClientVpnEndpoint (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\client-vpn-endpoint.js:133:29)
上述异常是以下异常的直接原因:
Traceback (most recent call last):
File "C:\Users\user\cdk\networking\client_vpn_stack.py", line 95, in __init__
client_vpn = ec2.ClientVpnEndpoint(
^^^^^^^^^^^^^^^^^^^^^^
这是代码(所有其他资源,如 VPC,都在代码中较早地创建):
from aws_cdk import aws_ec2 as ec2
client_vpn = ec2.ClientVpnEndpoint(
self,
id='ClientVPNEndpoint',
description=f'Client VPN in VPC - {vpc.attr_vpc_id}',
# Networking
split_tunnel=True,
cidr='172.16.0.0/16',
vpc=vpc,
port=ec2.VpnPort.HTTPS,
session_timeout=ec2.ClientVpnSessionTimeout.TEN_HOURS,
# Security
server_certificate_arn=f'arn:aws:acm:eu-west-1:{self.account}:certificate/{certificate_id}',
security_groups=[sg],
user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(
saml_provider=saml_provider
)
)
我能想到的唯一 IP 地址是 CIDR,但根据文档,它们期望的 CIDR 块格式应为 X.X.X.X/X。
我尝试用其他值替换 CIDR,但没有帮助...
有人可以帮我看看这里缺少什么吗?
提前感谢。
英文:
When trying to create a client vpn resource, I get the following error:
Error: NaN.NaN.NaN.NaN is not a valid IP Address
at NetworkUtils.numToIp (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:80:19)
at CidrBlock.minIp (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:202:29)
at new CidrBlock (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\network-util.js:189:29)
at new ClientVpnEndpoint (C:\Users\user\AppData\Local\Temp\jsii-kernel-mj0Ij1\node_modules\aws-cdk-lib\aws-ec2\lib\client-vpn-endpoint.js:133:29)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "C:\Users\user\cdk\networking\client_vpn_stack.py", line 95, in __init__
client_vpn = ec2.ClientVpnEndpoint(
^^^^^^^^^^^^^^^^^^^^^^
This is the code (all the other resources such as the VPC are created earlier in the code):
from aws_cdk import aws_ec2 as ec2
client_vpn = ec2.ClientVpnEndpoint(
self,
id='ClientVPNEndpoint',
description=f'Client VPN in VPC - {vpc.attr_vpc_id}',
# Networking
split_tunnel=True,
cidr='172.16.0.0/16',
vpc=vpc,
port=ec2.VpnPort.HTTPS,
session_timeout=ec2.ClientVpnSessionTimeout.TEN_HOURS,
# Security
server_certificate_arn=f'arn:aws:acm:eu-west-1:{self.account}:certificate/{certificate_id}',
security_groups=[sg],
user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(
saml_provider=saml_provider
)
)
The only IP I can think of is the cidr but from the documentation they except a cidr block of the format X.X.X.X/X.
I tried to replace the cidr with other values, but nothing helped...
Can anyone help me what is missing here?
Thanks in advance.
Edit
VPC range: 10.1.0.0/16 (defined in another stack but passed by value in the same app)
I tried using /22 and /16 for the client VPN CIDR block, this didn't change anything.
答案1
得分: 0
我的错误...
使用的vpc变量的类型为ec2.CfnVPC。编译器找不到ec2.IVpc中包含的必需字段,并返回错误。
虽然我应该更仔细地阅读文档,但错误消息并不十分清晰。
这是文档中的构造函数:
class ClientVpnEndpoint(
scope: Construct,
id: str,
*,
vpc: IVpc,
cidr: str,
server_certificate_arn: str,
authorize_all_users_to_vpc_cidr: bool | None = None,
client_certificate_arn: str | None = None,
client_connection_handler: IClientVpnConnectionHandler | None = None,
client_login_banner: str | None = None,
description: str | None = None,
dns_servers: Sequence[str] | None = None,
logging: bool | None = None,
log_group: ILogGroup | None = None,
log_stream: ILogStream | None = None,
port: VpnPort | None = None,
security_groups: Sequence[ISecurityGroup] | None = None,
self_service_portal: bool | None = None,
session_timeout: ClientVpnSessionTimeout | None = None,
split_tunnel: bool | None = None,
transport_protocol: TransportProtocol | None = None,
user_based_authentication: ClientVpnUserBasedAuthentication | None = None,
vpc_subnets: SubnetSelection | Dict[str, Any] | None = None
)
如果有兴趣,以下是完整的堆栈:
from aws_cdk import (
Tags,
aws_ec2 as ec2,
aws_iam as iam
)
# Client VPN Endpoint
saml_provider = iam.SamlProvider.from_saml_provider_arn(
self,
id='IdP',
saml_provider_arn=f'arn:aws:iam::{self.account}:saml-provider/{identity_provider_id}'
)
client_vpn = ec2.ClientVpnEndpoint(
self,
id='ClientVpn',
description=f'Client VPN Endpoint',
# Networking
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnets=clientvpn_subnets
),
cidr=clientvpn_cidr_block,
port=ec2.VpnPort.HTTPS,
split_tunnel=True,
transport_protocol=ec2.TransportProtocol.TCP,
session_timeout=ec2.ClientVpnSessionTimeout.TEN_HOURS,
# Security
server_certificate_arn=f'arn:aws:acm:eu-west-1:{self.account}:certificate/{certificate_id}',
security_groups=[sg],
user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(
saml_provider=saml_provider
),
authorize_all_users_to_vpc_cidr=False,
# Logging
logging=True,
log_group=log_group,
log_stream=log_stream
)
client_vpn.add_authorization_rule(
id='AuthorizationRule',
description='Authorize all private ip range to everyone',
cidr='10.0.0.0/8'
)
英文:
My bad...
The vpc variable in use was of type ec2.CfnVPC. The compiler couldn't find required fields contained in ec2.IVpc and returned an error.
Although I should have read the documentation more carefully, the error message wasn't quite clear.
This is the constructor from the documentation:
> python
> class ClientVpnEndpoint(
> scope: Construct,
> id: str,
> *,
> vpc: IVpc,
> cidr: str,
> server_certificate_arn: str,
> authorize_all_users_to_vpc_cidr: bool | None = None,
> client_certificate_arn: str | None = None,
> client_connection_handler: IClientVpnConnectionHandler | None = None,
> client_login_banner: str | None = None,
> description: str | None = None,
> dns_servers: Sequence[str] | None = None,
> logging: bool | None = None,
> log_group: ILogGroup | None = None,
> log_stream: ILogStream | None = None,
> port: VpnPort | None = None,
> security_groups: Sequence[ISecurityGroup] | None = None,
> self_service_portal: bool | None = None,
> session_timeout: ClientVpnSessionTimeout | None = None,
> split_tunnel: bool | None = None,
> transport_protocol: TransportProtocol | None = None,
> user_based_authentication: ClientVpnUserBasedAuthentication | None = None,
> vpc_subnets: SubnetSelection | Dict[str, Any] | None = None
> )
>
This is the full stack if someone is interested:
from aws_cdk import (
Tags,
aws_ec2 as ec2,
aws_iam as iam
)
# Client VPN Endpoint
saml_provider = iam.SamlProvider.from_saml_provider_arn(
self,
id='IdP',
saml_provider_arn=f'arn:aws:iam::{self.account}:saml-provider/{identity_provider_id}'
)
client_vpn = ec2.ClientVpnEndpoint(
self,
id='ClientVpn',
description=f'Client VPN Endpoint',
# Networking
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnets=clientvpn_subnets
),
cidr=clientvpn_cidr_block,
port=ec2.VpnPort.HTTPS,
split_tunnel=True,
transport_protocol=ec2.TransportProtocol.TCP,
session_timeout=ec2.ClientVpnSessionTimeout.TEN_HOURS,
# Security
server_certificate_arn=f'arn:aws:acm:eu-west-1:{self.account}:certificate/{certificate_id}',
security_groups=[sg],
user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(
saml_provider=saml_provider
),
authorize_all_users_to_vpc_cidr=False,
# Logging
logging=True,
log_group=log_group,
log_stream=log_stream
)
client_vpn.add_authorization_rule(
id='AuthorizationRule',
description='Authorize all private ip range to everyone',
cidr='10.0.0.0/8'
)
</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论