英文:
Routes are not added in Private Subnets using AWS CDK
问题
我正在尝试将私有子网的路由指向我已创建的NAT实例。
VPC已经创建。
在执行cdk deploy后,私有子网没有我添加的路由。
我认为这可能是由于在natInstance或eIPAssociation尚未创建时存在依赖性问题。所以我甚至添加了依赖关系,但似乎从未添加过。
如何在AWS CDK中成功添加路由到私有子网?
// NAT instanceconst natInstance = new ec2.Instance(this, "nat-instance", {vpc,vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC },instanceType: new ec2.InstanceType("t3.micro"),machineImage: new ec2.NatInstanceImage(),securityGroup: natSG,// Helps SSH into the instance// You need to create a key pair in AWS console and download the .pem file in named seungho-key-pair.pemkeyName: "seungho-key-pair",// Need this for NAT instancesourceDestCheck: false,});// Attach Elastic IP to NAT instanceconst eIPAssociation = new ec2.CfnEIPAssociation(this,"Nat EIP Association",{instanceId: natInstance.instanceId,eip: new ec2.CfnEIP(this, "Nat EIP", {}).ref,});// Update Private Subnet Route Tablevpc.privateSubnets.forEach((subnet, index) => {const route = new ec2.CfnRoute(this, `NAT ROUTE${index + 1}`, {routeTableId: subnet.routeTable.routeTableId,destinationCidrBlock: "0.0.0.0/0",instanceId: natInstance.instanceId,});// Make sure NAT instance is created before creating routeroute.addDependsOn(natInstance.instance);route.addDependsOn(eIPAssociation);});
英文:
I am trying to point Private Subnets' Route to the NAT instance I have.
The VPC is already created.
After doing cdk deploy, the private subnets don't have the route that I added.
I thought it could be due to the dependency issue when natInstance or eIPAssociation is not yet created. So I even added dependency but it never seems to be added.
How can I add the route successfully to the private subnets in AWS CDK?
// NAT instanceconst natInstance = new ec2.Instance(this, "nat-instance", {vpc,vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC },instanceType: new ec2.InstanceType("t3.micro"),machineImage: new ec2.NatInstanceImage(),securityGroup: natSG,// Helps SSH into the instance// You need to create a key pair in AWS console and download the .pem file in named seungho-key-pair.pemkeyName: "seungho-key-pair",// Need this for NAT instancesourceDestCheck: false,});// Attach Elastic IP to NAT instanceconst eIPAssociation = new ec2.CfnEIPAssociation(this,"Nat EIP Association",{instanceId: natInstance.instanceId,eip: new ec2.CfnEIP(this, "Nat EIP", {}).ref,});// Update Private Subnet Route Tablevpc.privateSubnets.forEach((subnet, index) => {const route = new ec2.CfnRoute(this, `NAT ROUTE${index + 1}`, {routeTableId: subnet.routeTable.routeTableId,destinationCidrBlock: "0.0.0.0/0",instanceId: natInstance.instanceId,});// Make sure NAT instance is created before creating routeroute.addDependsOn(natInstance.instance);route.addDependsOn(eIPAssociation);});
答案1
得分: 1
根据评论,未创建路由的原因是因为您正在对一个空列表进行迭代 - 您的VPC没有私有子网。
私有子网是具有指向NAT网关的路由的子网。
没有出口的子网被称为隔离子网,您应该对isolatedSubnets属性进行迭代。
英文:
As per the comments, the reason no routes were created is because you are iterating on an empty list - your VPC does not have Private subnets.
Private subnets are those that have a route to a NAT gateway.
Subnets without egress are called Isolated and you should be iterating over the isolatedSubnets prop instead.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论