收到错误“用户 XXXXXXXXX 不拥有资源 nvirgi-acl2-15txjsljshg15”(nvirgi-acl2-15txjsljshg15 是创建的 acl 的名称),下面是我的 vpc、子网、acl 和 networkacl 的云形成 JSON 。我该如何克服这个错误?
"VPC1": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.10.0.0/16",
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "false",
"Tags": [
{
"Key": "Name",
"Value": "My Dashboard"
}
]
}
},
"subnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "172.31.48.0/20",
"AvailabilityZone": "us-east-2a",
"VpcId": {
"Ref": "VPC1"
}
}
},
"subnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "172.31.0.0/20",
"AvailabilityZone": "us-east-2b",
"VpcId": {
"Ref": "VPC1"
},
"Tags": [
{
"Key": "Name",
"Value": "MyDashboard"
}
]
}
},
"subnet3": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "172.31.32.0/20",
"AvailabilityZone": "us-east-2a",
"VpcId": {
"Ref": "VPC1"
}
}
},
"acl1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "NetworkAcl1"
}
}
},
"acl2": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "101",
"NetworkAclId": {
"Ref": "NetworkAcl2"
}
}
},
"acl3": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "102",
"NetworkAclId": {
"Ref": "NetworkAcl3"
}
}
},
"subnetacl1": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "acl1"
},
"SubnetId": {
"Ref": "subnet1"
}
}
},
"subnetacl2": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "acl2"
},
"SubnetId": {
"Ref": "subnet2"
}
}
},
"subnetacl3": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "acl3"
},
"SubnetId": {
"Ref": "subnet3"
}
}
},
"NetworkAcl1": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "VPC1"
}
}
},
"NetworkAcl2": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "VPC1"
}
}
},
"NetworkAcl3": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "VPC1"
}
}
}
最佳答案
问题是 NetworkAclId
AWS::EC2::SubnetNetworkAclAssociation
资源中的属性 ("subnetacl[1-3]"
) 必须引用 AWS::EC2::NetworkAcl
code> 资源 ("NetworkAcl[1-3]"
),而不是 AWS::EC2::NetworkAclEntry
资源 ("acl[1-3]"
),就像现在一样。
关于amazon-web-services - CloudFormation - 用户不拥有网络 ACL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41153225/