由于子网无效,无法在 AWS 中创建 VPC
failure to create VPC in AWS due to invalid subnets
我正在使用云形成来创建 VPC。当它开始创建子网时它失败了。我检查过,我相信子网是有效的。虽然我的网络知识有些缺乏。
这是我得到的错误:
00:46:49 UTC-0400 CREATE_FAILED AWS::EC2::Subnet SubnetA The CIDR '172.16.64.0/16' is invalid.
00:46:49 UTC-0400 CREATE_IN_PROGRESS AWS::EC2::RouteTable RouteTable 资源创建已启动
00:46:49 UTC-0400 CREATE_FAILED AWS::EC2::Subnet SubnetB CIDR '197.16.128.0/16' 无效。
这是我正在尝试使用的模板:
---
AWSTemplateFormatVersion: 2010-09-09
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.16.0.0/18
EnableDnsSupport: true
EnableDnsHostnames: true
InstanceTenancy: default
Tags:
- Key: Name
Value: JF-Staging-VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
SubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a
VpcId: !Ref VPC
CidrBlock: 172.16.64.0/16
MapPublicIpOnLaunch: False
SubnetB:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1b
VpcId: !Ref VPC
CidrBlock: 197.16.128.0/16
MapPublicIpOnLaunch: False
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
InternetRoute:
Type: AWS::EC2::Route
DependsOn: InternetGateway
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
RouteTableId: !Ref RouteTable
SubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetA
SubnetBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetB
SecurityGroupSSH:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "SSH Group"
GroupDescription: "SSH traffic in, all traffic out."
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupWeb:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "Web Group"
GroupDescription: "Web traffic in, all traffic out."
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '443'
ToPort: '443'
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
Metadata:
VPC:
Description: "Creating the JF Staging VPC"
InternetGateway:
Description: "Creating an Internet Gateway"
谁能告诉我哪里出错了以及如何改正?
问题出在 197.16.128.0/16,这是一个 public IP 地址,无法分配给 VPC 或子网。
我认为你真的想使用地址:
172.16.128.0/16
[编辑]
将您的 VPC 更改为 172.16.0.0/16
然后更改每个子网以使用 /16 的一部分,例如/24
示例:
172.16.0.0/24
172.16.1.0/24
172.16.2.0/24
等等
您当前实施的问题是您的 VPC 是 /18,它小于您尝试创建的子网 /16。您想要相反的方式,VPC 为 /16,子网为 /24 或任何小于 /16 的值。
根据错误消息,您的 IP 地址 (CIDR) 范围无效。
它设置以下 CIDR 范围:
- 专有网络:172.16.0.0/18
- 子网A:172.16.64.0/16
- 子网B:197.16.128.0/16
这些子网范围都不属于 VPC 范围。所有子网范围都必须在 VPC 指定的范围内。事实上,您的两个子网都比 VPC (/18) 大 (/16)。
例如,这里是工作正常的范围:
- 专有网络:172.16.0.0/16
- 子网A:172.16.64.0/24
- 子网B:172.16.128.0/24
如果您不了解 CIDR 范围,请参阅:Understanding IP Addresses, Subnets, and CIDR Notation for Networking
我正在使用云形成来创建 VPC。当它开始创建子网时它失败了。我检查过,我相信子网是有效的。虽然我的网络知识有些缺乏。
这是我得到的错误:
00:46:49 UTC-0400 CREATE_FAILED AWS::EC2::Subnet SubnetA The CIDR '172.16.64.0/16' is invalid.
00:46:49 UTC-0400 CREATE_IN_PROGRESS AWS::EC2::RouteTable RouteTable 资源创建已启动 00:46:49 UTC-0400 CREATE_FAILED AWS::EC2::Subnet SubnetB CIDR '197.16.128.0/16' 无效。
这是我正在尝试使用的模板:
---
AWSTemplateFormatVersion: 2010-09-09
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.16.0.0/18
EnableDnsSupport: true
EnableDnsHostnames: true
InstanceTenancy: default
Tags:
- Key: Name
Value: JF-Staging-VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
SubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a
VpcId: !Ref VPC
CidrBlock: 172.16.64.0/16
MapPublicIpOnLaunch: False
SubnetB:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1b
VpcId: !Ref VPC
CidrBlock: 197.16.128.0/16
MapPublicIpOnLaunch: False
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
InternetRoute:
Type: AWS::EC2::Route
DependsOn: InternetGateway
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
RouteTableId: !Ref RouteTable
SubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetA
SubnetBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetB
SecurityGroupSSH:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "SSH Group"
GroupDescription: "SSH traffic in, all traffic out."
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupWeb:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "Web Group"
GroupDescription: "Web traffic in, all traffic out."
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '443'
ToPort: '443'
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
Metadata:
VPC:
Description: "Creating the JF Staging VPC"
InternetGateway:
Description: "Creating an Internet Gateway"
谁能告诉我哪里出错了以及如何改正?
问题出在 197.16.128.0/16,这是一个 public IP 地址,无法分配给 VPC 或子网。
我认为你真的想使用地址:
172.16.128.0/16
[编辑]
将您的 VPC 更改为 172.16.0.0/16 然后更改每个子网以使用 /16 的一部分,例如/24 示例:
172.16.0.0/24
172.16.1.0/24
172.16.2.0/24
等等
您当前实施的问题是您的 VPC 是 /18,它小于您尝试创建的子网 /16。您想要相反的方式,VPC 为 /16,子网为 /24 或任何小于 /16 的值。
根据错误消息,您的 IP 地址 (CIDR) 范围无效。
它设置以下 CIDR 范围:
- 专有网络:172.16.0.0/18
- 子网A:172.16.64.0/16
- 子网B:197.16.128.0/16
这些子网范围都不属于 VPC 范围。所有子网范围都必须在 VPC 指定的范围内。事实上,您的两个子网都比 VPC (/18) 大 (/16)。
例如,这里是工作正常的范围:
- 专有网络:172.16.0.0/16
- 子网A:172.16.64.0/24
- 子网B:172.16.128.0/24
如果您不了解 CIDR 范围,请参阅:Understanding IP Addresses, Subnets, and CIDR Notation for Networking