Amazon-Web-Services
CloudFormation 中的 Aws vpc 預設路由表
我是否遺漏了什麼,但無法通過 CloudFormation 將路由添加到 VPC 預置的預設路由表中?
不,你不能,反正沒有什麼可參考的(例如邏輯ID)。只需創建自己的主表;-)。
這可能是它無法使用的原因之一:
保護您的 VPC 的一種方法是將主路由表保留為其原始預設狀態(僅具有本地路由),並將 您創建的每個新子網與您創建的自定義路由表之一顯式關聯。這確保您必須明確控制每個子網的出站流量的路由方式。
您可以自己定義每個組件,以防您需要通過 CloudFormation 實現該設置。只需創建您自己的 VPC、Internet 網關、子網和路由表。然後,您需要為特定子網顯式聲明 RouteTableAssociation 並為該表創建公共路由。這是一個例子
AWSTemplateFormatVersion: '2010-09-09' Description: Example Resources: myInternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: "Name" Value: "a_gateway" myVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/24 EnableDnsSupport: true EnableDnsHostnames: true InstanceTenancy: default # Attach Internet gateway to created VPC AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: Ref: myVPC InternetGatewayId: Ref: myInternetGateway # Create public routes table for VPC myPublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref myVPC Tags: - Key: "Name" Value: "public_routes" # Create a route for the table which will forward the traffic # from the gateway myDefaultPublicRoute: Type: AWS::EC2::Route DependsOn: AttachGateway Properties: RouteTableId: !Ref myPublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref myInternetGateway # Subnet within VPC which will use route table (with default route) # from Internet gateway mySubnet: Type: AWS::EC2::Subnet Properties: AvailabilityZone: "" CidrBlock: 10.0.0.0/25 MapPublicIpOnLaunch: true VpcId: Ref: myVPC # Associate route table (which contains default route) to newly created subnet myPublicRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref myPublicRouteTable SubnetId: !Ref mySubnet這樣您就可以使用創建的路由表(在上面的範例中,它用於轉發來自 Internet 網關的流量)