Create Subnets on VPC with CDK.

huangapple go评论55阅读模式
英文:

CDK Create Subnets on VPC

问题

I'm trying to create 2 subnets on AWS in CDK.

I originally followed the post here but I ran out of IP Addresses.

The error I'm getting is:

Resource handler returned message: "The CIDR '12.0.0.0/25' conflicts with another subnet.

This error is returned for each of the subnets.

const vpc = new ec2.Vpc(this, name, {
  ipAddresses: IpAddresses.cidr('12.0.0.0/23'),
});    

const publicOneSubnet = new ec2.Subnet(this, 'PublicOneSubnet', {
  availabilityZone: 'eu-west-1a',
  vpcId: vpc.vpcId,
  cidrBlock: '12.0.0.0/25',
})

let publicOneSubnetRouteTable = publicOneSubnet.routeTable;
const publicTwoSubnet = new ec2.Subnet(this, 'PublicTwoSubnet', {
  availabilityZone: 'eu-west-1b',
  vpcId: vpc.vpcId,
  cidrBlock: '12.0.0.128/25'
})

const privateOneSubnet = new ec2.Subnet(this, 'PrivateOneSubnet', {
  availabilityZone: 'eu-west-1a',
  vpcId: vpc.vpcId,
  cidrBlock: '12.0.1.0/25'
})

const privateTwoSubnet = new ec2.Subnet(this, 'PrivateTwoSubnet', {
  availabilityZone: 'eu-west-1b',
  vpcId: vpc.vpcId,
  cidrBlock: '12.0.1.128/25'
})

Could somebody tell me please what I'm doing wrong… this is making me want to cry! As far as I can tell, the '12.0.0.0/23' should mean there's '12.0.1.0-255' and '12.0.0.0-255'. The '12.0.0.0/25' should mean '12.0.0.0-127' and so on, so I'm a bit confused as to how these conflict. I've never done this sort of VPC setup before, so apologies if these are stupid questions!

英文:

I'm trying to create 2 subnets on AWS in CDK.

I originally followed the post here but I ran out of IP Addresses

The error I'm getting is

> Resource handler returned message: "The CIDR '12.0.0.0/25' conflicts with another subnet

This error is returned for each of the subnets.

const vpc = new ec2.Vpc(this, name, {
  ipAddresses: IpAddresses.cidr('12.0.0.0/23'),
});    

const publicOneSubnet = new ec2.Subnet(this, 'PublicOneSubnet', {
  availabilityZone: 'eu-west-1a',
  vpcId: vpc.vpcId,
  cidrBlock: '12.0.0.0/25',
})

let publicOneSubnetRouteTable = publicOneSubnet.routeTable;
const publicTwoSubnet = new ec2.Subnet(this, 'PublicTwoSubnet', {
  availabilityZone: 'eu-west-1b',
  vpcId: vpc.vpcId,
  cidrBlock: '12.0.0.128/25'
})

const privateOneSubnet = new ec2.Subnet(this, 'PrivateOneSubnet', {
  availabilityZone: 'eu-west-1a',
  vpcId: vpc.vpcId,
  cidrBlock: '12.0.1.0/25'
})

const privateTwoSubnet = new ec2.Subnet(this, 'PrivateTwoSubnet', {
  availabilityZone: 'eu-west-1b',
  vpcId: vpc.vpcId,
  cidrBlock: '12.0.1.128/25'
})

Could somebody tell me please what I'm doing wrong… this is making me want to cry!
As far as I can tell, the 12.0.0.0/23 should mean theres 12.0.1.0-255 and 12.0.0.0-255.

The 12.0.0.0/25 should mean 12.0.0.0-127 and so on, so I'm a bit confused as to how these conflict, I've never done this sort of VPC setup before so apologies if these are stupid questions!

答案1

得分: 0

默认情况下,您的VPC CIDR将被等分,每个可用区将创建1个公共子网和1个私有子网(来源)。

因为您没有在VPC上指定除CIDR以外的任何内容,maxAzs将为3,您将在这些可用区总共创建6个子网。

如果您想对VPC的子网进行控制,只需放弃手动子网创建并使用subnetConfiguration属性,同时指定您只想要2个可用区:

const vpc = new ec2.Vpc(this, name, {
  ipAddresses: IpAddresses.cidr('12.0.0.0/23'),
  maxAzs: 2,
  subnetConfiguration: [
    {
      cidrMask: 25,
      name: 'public',
      subnetType: ec2.SubnetType.PUBLIC,
    },
    {
      cidrMask: 25,
      name: 'private',
      subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
    }
  ]
})
英文:

By default your VPC CIDR will be equally divided, 1 public and 1 private subnets will be created per AZ (source).

As you're not specifying anything beside the CIDR on your VPC, maxAzs will be 3 and you'll have a total of 6 subnets created over these availability zones.

If you want to have control over a VPC's subnets, just drop manual subnet creation and use the subnetConfiguration property, while specifying you only want 2 AZs:

const vpc = new ec2.Vpc(this, name, {
  ipAddresses: IpAddresses.cidr('12.0.0.0/23'),
  maxAzs: 2,
  subnetConfiguration: [
    {
      cidrMask: 25,
      name: 'public',
      subnetType: ec2.SubnetType.PUBLIC,
    },
    {
      cidrMask: 25,
      name: 'private',
      subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,
    }
  ]
})

答案2

得分: 0

这不是我尝试过的,但似乎有很好的工作机会,假设可以检索验证DNS记录的详细信息 - 请参见以下内容。

这是对CertificateValidation.fromDns方法的评论。

/**

  • 使用DNS验证证书
  • 重要提示:如果未指定hostedZone,必须手动添加DNS记录,并且在添加记录之前,堆栈将无法完成创建。
  • @param hostedZone 必须创建DNS记录的托管区域
    */
    static fromDns(hostedZone?:route53.IHostedZone):CertificateValidation;

请注意,如果不传入托管区域,DNS记录将不会创建。如果DNS记录作为CloudFormation堆栈的一部分创建,则删除它不应该有任何问题。

关键是要检索应该从证书创建的验证DNS记录的详细信息。不幸的是,这些信息似乎未在CDK证书对象中公开。

英文:

This is not something that I have tried but it seems like it has a good chance of working assuming that the details of the validation DNS record can be retrieved - see below.

This is the comment on the CertificateValidation.fromDns method.

/**
* Validate the certificate with DNS
*
* IMPORTANT: If `hostedZone` is not specified, DNS records must be added
* manually and the stack will not complete creating until the records are
* added.
*
* @param hostedZone the hosted zone where DNS records must be created
*/
static fromDns(hostedZone?: route53.IHostedZone): CertificateValidation;

Note that the DNS record will not be created if no hostedZone is passed in. If the DNS record is created as part of the CloudFormation Stack, then it should not have any problems deleting it.

The trick will be to retrieve the details of the validation DNS record that should be created from the certificate. These did not seem to be exposed in the CDK Certificate object unfortunately.

huangapple
  • 本文由 发表于 2023年4月13日 23:25:31
  • 转载请务必保留本文链接:https://go.coder-hub.com/76007235.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定