Please change the documentation on AWS Actions Conditions EC2 for CreateNatGateway

0

In the documentation for EC2 for CreateNatGateway, it is mentioned that the natgateway and the subnet are required, but that the elastic-ip is optional. In reality, elastic-ip is also mandatory: when you don't add it, it will not work.

Can you please add a * behind elastic-ip, to save time for other people in the future?

===details=== This is the CloudFormation code: NATGatewayPublicWrite: Type: AWS::EC2::NatGateway Properties: ConnectivityType: public AllocationId: !GetAtt EIPNATGatewayPublicWrite.AllocationId SubnetId: !Ref PublicSubnetWrite

Relevant part of IAM permissions: - Sid: CreateNatGateway Effect: Allow Action: - ec2:CreateNatGateway - ec2:CreateTags Resource: - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:natgateway/" - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:subnet/"

When you don't add - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:elastic-ip/*" to the resources, the CloudFormation code will fail.

Thx in advance,

Frederique

1 Antwort
0

Elastic Ip would be required for public nat gateway only, it's not required when you create private nat gateway, hence it's not mandatory.

NAT Gateway with connectivity type set to private a.k.a. private nat gateway, does not require EIP and you do not need to attach an internet gateway with your VPC, hence elastic ip wouldn't be required for private nat gateway.

In your case, EIP is required, because you are creating public nat gateway.

Please refer for more details.

Enter image description here

Hope this explanation helps.

Comment here if you have additional questions, happy to help.

Abhishek

profile pictureAWS
EXPERTE
beantwortet vor 10 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen