- 新しい順
- 投票が多い順
- コメントが多い順
The Ipv4IpamPoolId resource is not yet supported/deployed as a part of CloudFormation (though exists in the documentation). It is part of the roadmap to have this released.
The latest aws -cli seems to work as expected, but the example from AWS documentation fails, as it should do, because using IPAM pool and cird-block together doesn't make sense :-)
% aws --version
aws-cli/2.0.61 Python/3.7.4 Darwin/21.2.0 exe/x86_64
Example from documentation doesn't just fail, but also produces a misleading error msg. There is nothing wrong with netmask of /24 as I can later provision VPC with /24 from IPAM pool. Instead it should point that I'm trying to use a combination of cmd-line options that doesn't make sense.
% aws ec2 create-vpc --ipv4-ipam-pool-id ipam-pool-xxxxxxxxxxxxxxxxx --cidr-block 10.2.0.0/24
An error occurred (InvalidParameterValue) when calling the CreateVpc operation: The allocation size is too big for the pool.
If I just drop --cidr-block
, and use default CIDR of my IPAM pool (/21) it works as expected
% aws ec2 create-vpc --ipv4-ipam-pool-id ipam-pool-xxxxxxxxxxxxxxxxx
{
"Vpc": {
"CidrBlock": "10.2.16.0/21",
"DhcpOptionsId": "dopt-01234567",
"State": "pending",
"VpcId": "vpc-xxxxxxxxxxxxxxxxx",
"OwnerId": "123456789012",
"InstanceTenancy": "default",
"Ipv6CidrBlockAssociationSet": [],
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-xxxxxxxxxxxxxxxxx",
"CidrBlock": "10.2.16.0/21",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false
}
}
I can also specify a CIDR of /24, or any other that is valid for the IPAM pool.
% aws ec2 create-vpc --ipv4-ipam-pool-id ipam-pool-xxxxxxxxxxxxxxxxx --ipv4-netmask-length 24
{
"Vpc": {
"CidrBlock": "10.2.24.0/24",
"DhcpOptionsId": "dopt-700ae019",
"State": "pending",
"VpcId": "vpc-xxxxxxxxxxxxxxxxx",
"OwnerId": "123456789012",
"InstanceTenancy": "default",
"Ipv6CidrBlockAssociationSet": [],
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-xxxxxxxxxxxxxxxxx",
"CidrBlock": "10.2.24.0/24",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false
}
}
So, it seems that Cloudformation just isn't up-to-date with documentation and VPC API :-(
Good question. You're right.
Try the combination of Ipv4IpamPoolId and CidrBlock. Like you said, CidrBlock shows as a required field today.
From AWS's other (non-CloudFormation documentation), I see this command:
aws ec2 create-vpc --region us-east-1 --ipv4-ipam-pool-id
ipam-pool-04111dca0d960186e --cidr-block 10.0.0.0/24
Which omits the Ipv4NetmaskLength property, but uses both --ipv4-ipam-pool-id and --cidr-block.
Reference: https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-create-vpc-ipam.html
Example doesn't work. I think this is just a bug in documentation as it doesn't make sense to specify both cidr-block and ipv4-ipam-pool-id. If I drop, --cidr-block it creates the VPC using default mask of ipam-pool, just like you would expect.
関連するコンテンツ
- AWS公式更新しました 2年前
FYI; Cloudformation AWS::EC2::VPC does now support IPAM and documentation is also updated with CirdBlock being conditional.