Please change the documentation on AWS Actions Conditions EC2 for CreateNatGateway

0

In the documentation for EC2 for CreateNatGateway, it is mentioned that the natgateway and the subnet are required, but that the elastic-ip is optional. In reality, elastic-ip is also mandatory: when you don't add it, it will not work.

Can you please add a * behind elastic-ip, to save time for other people in the future?

===details=== This is the CloudFormation code: NATGatewayPublicWrite: Type: AWS::EC2::NatGateway Properties: ConnectivityType: public AllocationId: !GetAtt EIPNATGatewayPublicWrite.AllocationId SubnetId: !Ref PublicSubnetWrite

Relevant part of IAM permissions: - Sid: CreateNatGateway Effect: Allow Action: - ec2:CreateNatGateway - ec2:CreateTags Resource: - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:natgateway/" - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:subnet/"

When you don't add - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:elastic-ip/*" to the resources, the CloudFormation code will fail.

Thx in advance,

Frederique

1 回答
0

Elastic Ip would be required for public nat gateway only, it's not required when you create private nat gateway, hence it's not mandatory.

NAT Gateway with connectivity type set to private a.k.a. private nat gateway, does not require EIP and you do not need to attach an internet gateway with your VPC, hence elastic ip wouldn't be required for private nat gateway.

In your case, EIP is required, because you are creating public nat gateway.

Please refer for more details.

Enter image description here

Hope this explanation helps.

Comment here if you have additional questions, happy to help.

Abhishek

profile pictureAWS
专家
已回答 10 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容