英文:
Routes are not added in Private Subnets using AWS CDK
问题
我正在尝试将私有子网的路由指向我已创建的NAT实例。
VPC已经创建。
在执行cdk deploy后,私有子网没有我添加的路由。
我认为这可能是由于在natInstance或eIPAssociation尚未创建时存在依赖性问题。所以我甚至添加了依赖关系,但似乎从未添加过。
如何在AWS CDK中成功添加路由到私有子网?
// NAT instance
const natInstance = new ec2.Instance(this, "nat-instance", {
vpc,
vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC },
instanceType: new ec2.InstanceType("t3.micro"),
machineImage: new ec2.NatInstanceImage(),
securityGroup: natSG,
// Helps SSH into the instance
// You need to create a key pair in AWS console and download the .pem file in named seungho-key-pair.pem
keyName: "seungho-key-pair",
// Need this for NAT instance
sourceDestCheck: false,
});
// Attach Elastic IP to NAT instance
const eIPAssociation = new ec2.CfnEIPAssociation(
this,
"Nat EIP Association",
{
instanceId: natInstance.instanceId,
eip: new ec2.CfnEIP(this, "Nat EIP", {}).ref,
}
);
// Update Private Subnet Route Table
vpc.privateSubnets.forEach((subnet, index) => {
const route = new ec2.CfnRoute(this, `NAT ROUTE${index + 1}`, {
routeTableId: subnet.routeTable.routeTableId,
destinationCidrBlock: "0.0.0.0/0",
instanceId: natInstance.instanceId,
});
// Make sure NAT instance is created before creating route
route.addDependsOn(natInstance.instance);
route.addDependsOn(eIPAssociation);
});
英文:
I am trying to point Private Subnets' Route to the NAT instance I have.
The VPC is already created.
After doing cdk deploy, the private subnets don't have the route that I added.
I thought it could be due to the dependency issue when natInstance or eIPAssociation is not yet created. So I even added dependency but it never seems to be added.
How can I add the route successfully to the private subnets in AWS CDK?
// NAT instance
const natInstance = new ec2.Instance(this, "nat-instance", {
vpc,
vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC },
instanceType: new ec2.InstanceType("t3.micro"),
machineImage: new ec2.NatInstanceImage(),
securityGroup: natSG,
// Helps SSH into the instance
// You need to create a key pair in AWS console and download the .pem file in named seungho-key-pair.pem
keyName: "seungho-key-pair",
// Need this for NAT instance
sourceDestCheck: false,
});
// Attach Elastic IP to NAT instance
const eIPAssociation = new ec2.CfnEIPAssociation(
this,
"Nat EIP Association",
{
instanceId: natInstance.instanceId,
eip: new ec2.CfnEIP(this, "Nat EIP", {}).ref,
}
);
// Update Private Subnet Route Table
vpc.privateSubnets.forEach((subnet, index) => {
const route = new ec2.CfnRoute(this, `NAT ROUTE${index + 1}`, {
routeTableId: subnet.routeTable.routeTableId,
destinationCidrBlock: "0.0.0.0/0",
instanceId: natInstance.instanceId,
});
// Make sure NAT instance is created before creating route
route.addDependsOn(natInstance.instance);
route.addDependsOn(eIPAssociation);
});
答案1
得分: 1
根据评论,未创建路由的原因是因为您正在对一个空列表进行迭代 - 您的VPC没有私有子网。
私有子网是具有指向NAT网关的路由的子网。
没有出口的子网被称为隔离子网,您应该对isolatedSubnets属性进行迭代。
英文:
As per the comments, the reason no routes were created is because you are iterating on an empty list - your VPC does not have Private subnets.
Private subnets are those that have a route to a NAT gateway.
Subnets without egress are called Isolated and you should be iterating over the isolatedSubnets prop instead.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论