AWS::EC2::VPCPeeringConnection - AWS CloudFormation
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

AWS::EC2::VPCPeeringConnection

在两个 VPC 之间请求 VPC 对等连接:一个是您拥有的请求者 VPC,一个是要与其建立连接的接收者 VPC。接受者 VPC 可以属于其他 AWS 账户,并且可以在与请求者 VPC 不同的区域中。请求者 VPC 和接受者 VPC 不能有重叠的 CIDR 块。

注意

限制和规则适用于 VPC 对等连接。有关更多信息,请参阅 VPC 对等连接指南 中的限制部分。

接受者 VPC 的拥有者必须接受对等连接请求才能激活对等连接。VPC 对等连接请求在 7 天后过期,之后将无法接受或拒绝该请求。

如果在具有重叠 CIDR 块的 VPC 之间创建 VPC 对等连接请求,则 VPC 对等连接的状态为 failed。如果您收到 VpcPeeringConnection failed to stabilize 错误,请查看本知识中心文章内的疑难解答步骤。

语法

要在 AWS CloudFormation 模板中声明此实体,请使用以下语法:

JSON

{ "Type" : "AWS::EC2::VPCPeeringConnection", "Properties" : { "PeerOwnerId" : String, "PeerRegion" : String, "PeerRoleArn" : String, "PeerVpcId" : String, "Tags" : [ Tag, ... ], "VpcId" : String } }

YAML

Type: AWS::EC2::VPCPeeringConnection Properties: PeerOwnerId: String PeerRegion: String PeerRoleArn: String PeerVpcId: String Tags: - Tag VpcId: String

属性

PeerOwnerId

接受方 VPC 的拥有者的 AWS 账户 ID。

默认值:AWS 账户 ID

必需:否

类型:字符串

Update requires: Replacement

PeerRegion

接受方 VPC 的区域代码 - 如果接受方 VPC 位于您发出请求的区域以外的区域。

默认值:您发出请求的区域。

必需:否

类型:字符串

Update requires: Replacement

PeerRoleArn

另一个 AWS 账户中的对等连接的 VPC 对等角色的 Amazon 资源名称 (ARN)。

当您在另一个 AWS 账户中创建对等 VPC 时,这是必需的。

必需:条件

类型:字符串

Update requires: Replacement

PeerVpcId

您用于创建 VPC 对等连接的 VPC 的 ID。您必须在请求中指定该参数。

必需:是

类型:字符串

Update requires: Replacement

Tags

分配给资源的任何标签。

必需:否

类型Tag 的列表

Update requires: No interruption

VpcId

VPC 的 ID。

必需:是

类型:字符串

Update requires: Replacement

返回值

Ref

在将此资源的逻辑 ID 传递给内部 Ref 函数时,Ref 返回 VPC 对等连接的 ID。

For more information about using the Ref function, see Ref.

示例

VPC 对等连接

以下示例创建两个 VPC(myVPCmyPrivateVPC),并在每个 VPC 中创建一个子网。myVPC 中的子网是公有子网。然后,该示例在 VPC 之间创建 VPC 对等连接,并在每个 VPC 中启动一个实例。您可以通过以下方法测试对等连接:连接到公有子网中的实例,并 ping 私有 VPC 子网中的实例的私有 IP 地址。私有子网中的实例的安全组规则允许传入的 ICMP 流量(因此,允许 ping 命令)。

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Creates two VPCs, peers the VPCs, and launches an instance in each VPC.", "Parameters": { "EC2KeyPairName": { "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances", "Type": "AWS::EC2::KeyPair::KeyName", "ConstraintDescription" : "must be the name of an existing EC2 KeyPair." }, "myVPCIDCIDRRange": { "Description": "The IP address range for your new VPC.", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "10.1.0.0/16", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "myPrivateVPCIDCIDRRange": { "Description": "The IP address range for your new Private VPC.", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "10.0.0.0/16", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "EC2SubnetCIDRRange": { "Description": "The IP address range for a subnet in myPrivateVPC.", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "10.0.0.0/24", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "EC2PublicSubnetCIDRRange": { "Description": "The IP address range for a subnet in myVPC.", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "10.1.0.0/24", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." } }, "Mappings": { "AWSRegionToAMI": { "us-east-1": { "64": "ami-0ff8a91507f77f867" }, "us-west-2": { "64": "ami-a0cfeed8" }, "us-west-1": { "64": "ami-0bdb828fd58c52235" }, "eu-west-1": { "64": "ami-047bb4163c506cd98" }, "ap-southeast-1": { "64": "ami-08569b978cc4dfa10" }, "ap-southeast-2": { "64": "ami-09b42976632b27e9b" }, "ap-northeast-2": { "64": "ami-0d097db2fb6e0f05e" }, "ap-northeast-1": { "64": "ami-06cd52961ce9f0d85" }, "sa-east-1": { "64": "ami-07b14488da8ea02a0" } } }, "Resources": { "myPrivateVPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": {"Ref": "myPrivateVPCIDCIDRRange"}, "EnableDnsSupport": false, "EnableDnsHostnames": false, "InstanceTenancy": "default" } }, "myPrivateEC2Subnet" : { "Type" : "AWS::EC2::Subnet", "Properties" : { "VpcId" : { "Ref" : "myPrivateVPC" }, "CidrBlock" : {"Ref": "EC2SubnetCIDRRange"} } }, "RouteTable" : { "Type" : "AWS::EC2::RouteTable", "Properties" : { "VpcId" : {"Ref" : "myPrivateVPC"} } }, "PeeringRoute1" : { "Type" : "AWS::EC2::Route", "Properties" : { "DestinationCidrBlock": "0.0.0.0/0", "RouteTableId" : { "Ref" : "RouteTable" }, "VpcPeeringConnectionId" : { "Ref" : "myVPCPeeringConnection" } } }, "SubnetRouteTableAssociation" : { "Type" : "AWS::EC2::SubnetRouteTableAssociation", "Properties" : { "SubnetId" : { "Ref" : "myPrivateEC2Subnet" }, "RouteTableId" : { "Ref" : "RouteTable" } } }, "myVPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": {"Ref": "myVPCIDCIDRRange"}, "EnableDnsSupport": true, "EnableDnsHostnames": true, "InstanceTenancy": "default" } }, "PublicSubnet": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": {"Ref": "EC2PublicSubnetCIDRRange"}, "VpcId": { "Ref": "myVPC" } } }, "myInternetGateway": { "Type": "AWS::EC2::InternetGateway" }, "AttachGateway": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "myVPC" }, "InternetGatewayId": { "Ref": "myInternetGateway" } } }, "PublicRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "myVPC" } } }, "PeeringRoute2" : { "Type" : "AWS::EC2::Route", "Properties" : { "DestinationCidrBlock": { "Ref" : "myPrivateVPCIDCIDRRange" }, "RouteTableId" : { "Ref" : "PublicRouteTable" }, "VpcPeeringConnectionId" : { "Ref" : "myVPCPeeringConnection" } } }, "PublicRoute": { "Type": "AWS::EC2::Route", "DependsOn": "AttachGateway", "Properties": { "RouteTableId": { "Ref": "PublicRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "myInternetGateway" } } }, "PublicSubnetRouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "PublicSubnet" }, "RouteTableId": { "Ref": "PublicRouteTable" } } }, "myPrivateVPCEC2SecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription": "Private instance security group", "VpcId" : { "Ref" : "myPrivateVPC" }, "SecurityGroupIngress" : [ {"IpProtocol" : "icmp", "FromPort" : "-1", "ToPort" : "-1", "CidrIp" : "0.0.0.0/0"} ] } }, "myVPCEC2SecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription": "Public instance security group", "VpcId" : { "Ref" : "myVPC" }, "SecurityGroupIngress" : [ {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0"} ] } }, "myPrivateInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "SecurityGroupIds" : [{ "Ref" : "myPrivateVPCEC2SecurityGroup" }], "InstanceType" : "t2.micro", "SubnetId" : { "Ref" : "myPrivateEC2Subnet" }, "KeyName": { "Ref": "EC2KeyPairName" }, "ImageId": { "Fn::FindInMap": [ "AWSRegionToAMI", {"Ref": "AWS::Region"}, "64" ] } } }, "myInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "NetworkInterfaces": [ { "AssociatePublicIpAddress": "true", "DeviceIndex": "0", "GroupSet": [{ "Ref" : "myVPCEC2SecurityGroup" }], "SubnetId": { "Ref" : "PublicSubnet" } } ], "InstanceType" : "t2.micro", "KeyName": { "Ref": "EC2KeyPairName" }, "ImageId": { "Fn::FindInMap": [ "AWSRegionToAMI", {"Ref": "AWS::Region"}, "64" ] } } }, "myVPCPeeringConnection": { "Type": "AWS::EC2::VPCPeeringConnection", "Properties": { "VpcId": {"Ref": "myVPC"}, "PeerVpcId": {"Ref": "myPrivateVPC"} } } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Description: 'Creates two VPCs, peers the VPCs, and launches an instance in each VPC.' Parameters: EC2KeyPairName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instances Type: 'AWS::EC2::KeyPair::KeyName' ConstraintDescription: must be the name of an existing EC2 KeyPair. myVPCIDCIDRRange: Description: The IP address range for your new VPC. Type: String MinLength: '9' MaxLength: '18' Default: 10.1.0.0/16 AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. myPrivateVPCIDCIDRRange: Description: The IP address range for your new Private VPC. Type: String MinLength: '9' MaxLength: '18' Default: 10.0.0.0/16 AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. EC2SubnetCIDRRange: Description: The IP address range for a subnet in myPrivateVPC. Type: String MinLength: '9' MaxLength: '18' Default: 10.0.0.0/24 AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. EC2PublicSubnetCIDRRange: Description: The IP address range for a subnet in myVPC. Type: String MinLength: '9' MaxLength: '18' Default: 10.1.0.0/24 AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. Mappings: AWSRegionToAMI: us-east-1: '64': ami-0ff8a91507f77f867 us-west-2: '64': ami-a0cfeed8 us-west-1: '64': ami-0bdb828fd58c52235 eu-west-1: '64': ami-047bb4163c506cd98 ap-southeast-1: '64': ami-08569b978cc4dfa10 ap-southeast-2: '64': ami-09b42976632b27e9b ap-northeast-2: '64': ami-0d097db2fb6e0f05e ap-northeast-1: '64': ami-06cd52961ce9f0d85 sa-east-1: '64': ami-07b14488da8ea02a0 Resources: myPrivateVPC: Type: 'AWS::EC2::VPC' Properties: CidrBlock: !Ref myPrivateVPCIDCIDRRange EnableDnsSupport: false EnableDnsHostnames: false InstanceTenancy: default myPrivateEC2Subnet: Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref myPrivateVPC CidrBlock: !Ref EC2SubnetCIDRRange RouteTable: Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref myPrivateVPC PeeringRoute1: Type: 'AWS::EC2::Route' Properties: DestinationCidrBlock: 0.0.0.0/0 RouteTableId: !Ref RouteTable VpcPeeringConnectionId: !Ref myVPCPeeringConnection SubnetRouteTableAssociation: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref myPrivateEC2Subnet RouteTableId: !Ref RouteTable myVPC: Type: 'AWS::EC2::VPC' Properties: CidrBlock: !Ref myVPCIDCIDRRange EnableDnsSupport: true EnableDnsHostnames: true InstanceTenancy: default PublicSubnet: Type: 'AWS::EC2::Subnet' Properties: CidrBlock: !Ref EC2PublicSubnetCIDRRange VpcId: !Ref myVPC myInternetGateway: Type: 'AWS::EC2::InternetGateway' AttachGateway: Type: 'AWS::EC2::VPCGatewayAttachment' Properties: VpcId: !Ref myVPC InternetGatewayId: !Ref myInternetGateway PublicRouteTable: Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref myVPC PeeringRoute2: Type: 'AWS::EC2::Route' Properties: DestinationCidrBlock: !Ref myPrivateVPCIDCIDRRange RouteTableId: !Ref PublicRouteTable VpcPeeringConnectionId: !Ref myVPCPeeringConnection PublicRoute: Type: 'AWS::EC2::Route' DependsOn: AttachGateway Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref myInternetGateway PublicSubnetRouteTableAssociation: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref PublicSubnet RouteTableId: !Ref PublicRouteTable myPrivateVPCEC2SecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Private instance security group VpcId: !Ref myPrivateVPC SecurityGroupIngress: - IpProtocol: icmp FromPort: '-1' ToPort: '-1' CidrIp: 0.0.0.0/0 myVPCEC2SecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Public instance security group VpcId: !Ref myVPC SecurityGroupIngress: - IpProtocol: tcp FromPort: '22' ToPort: '22' CidrIp: 0.0.0.0/0 myPrivateInstance: Type: 'AWS::EC2::Instance' Properties: SecurityGroupIds: - !Ref myPrivateVPCEC2SecurityGroup InstanceType: t2.micro SubnetId: !Ref myPrivateEC2Subnet KeyName: !Ref EC2KeyPairName ImageId: !FindInMap - AWSRegionToAMI - !Ref 'AWS::Region' - '64' myInstance: Type: 'AWS::EC2::Instance' Properties: NetworkInterfaces: - AssociatePublicIpAddress: 'true' DeviceIndex: '0' GroupSet: - !Ref myVPCEC2SecurityGroup SubnetId: !Ref PublicSubnet InstanceType: t2.micro KeyName: !Ref EC2KeyPairName ImageId: !FindInMap - AWSRegionToAMI - !Ref 'AWS::Region' - '64' myVPCPeeringConnection: Type: 'AWS::EC2::VPCPeeringConnection' Properties: VpcId: !Ref myVPC PeerVpcId: !Ref myPrivateVPC