Please change the documentation on AWS Actions Conditions EC2 for CreateNatGateway

0

In the documentation for EC2 for CreateNatGateway, it is mentioned that the natgateway and the subnet are required, but that the elastic-ip is optional. In reality, elastic-ip is also mandatory: when you don't add it, it will not work.

Can you please add a * behind elastic-ip, to save time for other people in the future?

===details=== This is the CloudFormation code: NATGatewayPublicWrite: Type: AWS::EC2::NatGateway Properties: ConnectivityType: public AllocationId: !GetAtt EIPNATGatewayPublicWrite.AllocationId SubnetId: !Ref PublicSubnetWrite

Relevant part of IAM permissions: - Sid: CreateNatGateway Effect: Allow Action: - ec2:CreateNatGateway - ec2:CreateTags Resource: - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:natgateway/" - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:subnet/"

When you don't add - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:elastic-ip/*" to the resources, the CloudFormation code will fail.

Thx in advance,

Frederique

1 個回答
0

Elastic Ip would be required for public nat gateway only, it's not required when you create private nat gateway, hence it's not mandatory.

NAT Gateway with connectivity type set to private a.k.a. private nat gateway, does not require EIP and you do not need to attach an internet gateway with your VPC, hence elastic ip wouldn't be required for private nat gateway.

In your case, EIP is required, because you are creating public nat gateway.

Please refer for more details.

Enter image description here

Hope this explanation helps.

Comment here if you have additional questions, happy to help.

Abhishek

profile pictureAWS
專家
已回答 10 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南