Cloudformation 中的 VPC 端点 - 端点类型(网关)与可用服务类型([接口])不匹配
VPC endpoint in Cloudformation - Endpoint type (Gateway) does not match available service types ([Interface])
我正在尝试为 Cloudformation 中的 API 网关创建 VPC 端点,但出现此错误:
Endpoint type (Gateway) does not match available service types ([Interface]).
下面的模板放在资源部分:
executeApiEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal: "*"
Action:
- "execute-api:Invoke"
- "execute-api:ManageConnections"
Resource:
- "arn:aws:execute-api:*:*:*"
RouteTableIds:
- !Ref privateRouteTable
ServiceName: !Sub com.amazonaws.${AWS::Region}.execute-api
VpcId: !Ref pubPrivateVPC
这个也不行:
executeApiEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal: "*"
Action:
- "execute-api:*"
Resource:
- "*"
RouteTableIds:
- !Ref privateRouteTable
ServiceName: !Sub com.amazonaws.${AWS::Region}.execute-api
VpcId: !Ref pubPrivateVPC
然而,这个块(来自模板)能够被执行而没有任何错误:
s3Endpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal: "*"
Action:
- "s3:*"
Resource:
- "*"
RouteTableIds:
- !Ref privateRouteTable
ServiceName: !Sub com.amazonaws.${AWS::Region}.s3
VpcId: !Ref pubPrivateVPC
这里出了什么问题?
您还必须将 AWS::EC2::VPCEndpoint 资源上的 VpcEndpointType property 指定为 Interface,接口类型的 VPC 端点才能工作。默认值为“网关”,仅适用于 S3 和 DynamoDB VPC 端点。
您的解决方案使用 S3 作为端点的原因是 VpcEndpointType 属性 将“网关”作为默认值(适用于 S3)。
我正在尝试为 Cloudformation 中的 API 网关创建 VPC 端点,但出现此错误:
Endpoint type (Gateway) does not match available service types ([Interface]).
下面的模板放在资源部分:
executeApiEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal: "*"
Action:
- "execute-api:Invoke"
- "execute-api:ManageConnections"
Resource:
- "arn:aws:execute-api:*:*:*"
RouteTableIds:
- !Ref privateRouteTable
ServiceName: !Sub com.amazonaws.${AWS::Region}.execute-api
VpcId: !Ref pubPrivateVPC
这个也不行:
executeApiEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal: "*"
Action:
- "execute-api:*"
Resource:
- "*"
RouteTableIds:
- !Ref privateRouteTable
ServiceName: !Sub com.amazonaws.${AWS::Region}.execute-api
VpcId: !Ref pubPrivateVPC
然而,这个块(来自模板)能够被执行而没有任何错误:
s3Endpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal: "*"
Action:
- "s3:*"
Resource:
- "*"
RouteTableIds:
- !Ref privateRouteTable
ServiceName: !Sub com.amazonaws.${AWS::Region}.s3
VpcId: !Ref pubPrivateVPC
这里出了什么问题?
您还必须将 AWS::EC2::VPCEndpoint 资源上的 VpcEndpointType property 指定为 Interface,接口类型的 VPC 端点才能工作。默认值为“网关”,仅适用于 S3 和 DynamoDB VPC 端点。
您的解决方案使用 S3 作为端点的原因是 VpcEndpointType 属性 将“网关”作为默认值(适用于 S3)。