Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Creating AWS PrivateLink connections using AWS CloudFormation

0

I'm setting up infrastructure with CloudFormation including a VPC with subnets and an interface VPC endpoint.

The endpoint is meant to be deployed using the subnets created as part of the stack but when I start the deployment I get the following error:

The VPC endpoint service X does not support the availability zone of the subnet: subnet-Y

The endpoint service is deployed in subnets in the following AZs:

  • us-east-1a (use1-az1)
  • us-east-1b (use1-az2)
  • us-east-1c (use1-az4)

And the VPC in which I'm testing the CloudFormation stack have the subnets in the following AZs:

  • us-east-1a (use1-az2)
  • us-east-1b (use1-az4)
  • us-east-1c (use1-az6)

The only matching are use1-az2 and use1-az4.

I would like to know if there's a way to automatically lookup the supported AZs by the service and match them with my subnets' AZs.

The idea is to create 4 different environments with the same setup (VPC subnets, endpoint) so as to avoid hard coding the values.

Argomenti
Networking e distribuzione di contenutiGestione e amministrazione
Tag
Amazon VPCAWS CloudFormationAWS PrivateLink
Lingua
English
AWS
Xavier_N
posta 3 anni fa788 visualizzazioni
1 Risposta
0
Risposta accettata

You can call DescribeVpcEndpointServices API via custom resource lambda in your CloudFormation, filtering for the specific service and then get the list of availability zones available to that service. You can then use this information in your other resources within the stack. Example output snippet via the AWS CLI:

{
    "ServiceDetails": [
        {
            "ServiceName": "aws.sagemaker.us-east-1.notebook",
            "ServiceId": "vpce-svc-0e123abc123198abc",
            "ServiceType": [
                {
                    "ServiceType": "Interface"
                }
            ],
            "AvailabilityZones": [
                "us-east-1a",
                "us-east-1b",
                "us-east-1c",
                "us-east-1d",
                "us-east-1e",
                "us-east-1f"
            ],
            "Owner": "amazon",
            "BaseEndpointDnsNames": [
                "vpce-svc-0e123abc123198abc.us-east-1.vpce.amazonaws.com",
                "notebook.us-east-1.vpce.sagemaker.aws"
            ],
            "PrivateDnsName": "*.notebook.us-east-1.sagemaker.aws",
            "VpcEndpointPolicySupported": true,
            "AcceptanceRequired": false,
            "ManagesVpcEndpoints": false,
            "Tags": [],
            "PrivateDnsNameVerificationState": "verified"
        },
...
}
AWS
cloudy2024
con risposta 3 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente