3

我正在使用 ECS-CLI (0.4.5) 启动 CFN 模板,现在我正在尝试将 Aurora 集群放入 CFN 模板并通过 CFN SDK 使用变更集更新堆栈。

我不明白为什么它对我的子网感到不安。子网由初始的“ecs-cli up”调用创建。它们与堆栈的其余部分位于同一个 vpc 中,在我尝试部署变更集之前它们已经存在,并且它们位于不同的可用区(us-west-2b 和 us-west-2c)。

CFN 给我的唯一信息是“某些输入子网无效”。

CFN 故障: CFN 故障

子网: 子网

我可以通过管理控制台创建一个具有完全相同子网的 DBSubnetGroup,没有任何问题。

关于可能出现问题的任何想法?这是 CloudFormation 中的错误吗?让我知道是否需要更多信息来解决这个问题......老实说,我很茫然

这是我最初的模板归结为(它内置在 ecs-cli 中):

 "PubSubnetAz1": {
        "Type": "AWS::EC2::Subnet",
        "Properties": {
            "VpcId": {
                "Ref": "Vpc"
            },
            "CidrBlock": "10.0.0.0/24",
            "AvailabilityZone": "us-west-2b"
        }
},
"PubSubnetAz2": {
        "Type": "AWS::EC2::Subnet",
        "Properties": {
            "VpcId": {
                "Ref": "Vpc"
            },
            "CidrBlock": "10.0.1.0/24",
            "AvailabilityZone": "us-west-2c"
        }
},
"InternetGateway": {
    "Type": "AWS::EC2::InternetGateway"
},
"AttachGateway": {
    "Type": "AWS::EC2::VPCGatewayAttachment",
    "Properties": {
        "VpcId": {
            "Ref": "Vpc"
        },
        "InternetGatewayId": {
            "Ref": "InternetGateway"
        }
    }
},
"RouteViaIgw": {
    "Type": "AWS::EC2::RouteTable",
    "Properties": {
        "VpcId": {
            "Ref": "Vpc"
        }
    }
},
"PublicRouteViaIgw": {
    "DependsOn": "AttachGateway",
    "Type": "AWS::EC2::Route",
    "Properties": {
        "RouteTableId": {
            "Ref": "RouteViaIgw"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "GatewayId": {
            "Ref": "InternetGateway"
        }
    }
},
"PubSubnet1RouteTableAssociation": {
    "Type": "AWS::EC2::SubnetRouteTableAssociation",
    "Properties": {
        "SubnetId": {
            "Ref": "PubSubnetAz1"
        },
        "RouteTableId": {
            "Ref": "RouteViaIgw"
        }
    }
},
"PubSubnet2RouteTableAssociation": {
    "Type": "AWS::EC2::SubnetRouteTableAssociation",
    "Properties": {
        "SubnetId": {
            "Ref": "PubSubnetAz2"
        },
        "RouteTableId": {
            "Ref": "RouteViaIgw"
        }
    }
},

然后当我去更新它时,我添加了这个:

"DBSubnetGroup": {
    "Type": "AWS::RDS::DBSubnetGroup",
    "Properties": {
        "DBSubnetGroupDescription": "Aurora Subnet Group using subnets from 2 AZs",
        "SubnetIds": {
             "Fn::Join": [
                    ",", [{
                            "Ref": "pubSubnetAz1"
                        },
                        {
                            "Ref": "pubSubnetAz2"
                        }
                    ]
                ]
            }]
        }
    }
}

变更集应该足够简单......

"Changes": [
    {
      "Type": "Resource",
      "ResourceChange": {
        "Action": "Add",
        "LogicalResourceId": "DBSubnetGroup",
        "ResourceType": "AWS::RDS::DBSubnetGroup",
        "Scope": [],
        "Details": []
      }
    }
]

我正在使用 AWSTemplateFormatVersion 2010-09-09 和 JavaScript aws-sdk "^2.7.21"

4

2 回答 2

4

问题是您将子网 ID 连接成一个字符串。相反,您应该将它们传递到一个数组中。尝试这个:

  "PrivateSubnetGroup": {
    "Type": "AWS::RDS::DBSubnetGroup",
    "Properties": {
      "SubnetIds": [
        {
          "Ref": "PubSubnetAz1"
        },
        {
          "Ref": "PubSubnetAz2"
        }
      ],
      "DBSubnetGroupDescription": "Aurora Subnet Group using subnets from 2 AZs"
    }
  }

另外,我强烈建议尝试使用 yaml 而不是 json。Cloudformation 现在本机支持这一点,以及一些简化使用引用的快捷功能,我认为从长远来看,您会发现它更容易阅读和编写。

这是一个如何在 yaml 中编写等效 json 的示例:

PrivateSubnetGroup:
  Type: AWS::RDS::DBSubnetGroup
  Properties:
    DBSubnetGroupDescription: Subnet group for Aurora Database
    SubnetIds:
    - !Ref PubSubnetAz1
    - !Ref PubSubnetAz2
于 2017-01-18T23:58:26.873 回答
2

根据AWS::RDS::DBSubnetGroup文档,该SubnetIDs参数接受字符串列表,而不是CommaDelimitedList您在示例中提供的内容。您应该直接在 JSON 数组中传递子网,而不使用Fn::Join

"SubnetIds": [
  {"Ref": "pubSubnetAz1"},
  {"Ref": "pubSubnetAz2"}
]
于 2017-01-19T00:00:39.783 回答