cdk/cloudformation 如何理解哪个子网是私有子网或 PUBLIC?
How cdk/cloudformation understand which subnet is PRIVATE OR PUBLIC?
我在 AWS 中有三个子网。
一个是 public 因为它有 internet-gateway
另外两个不是。
但是cdk合成时,有模板cdk.context.json
判断每三个子网是Public
然而另外两个实际上是Isolated(没有NAT网关和public IP)
为什么cdk认为他们是Public??
"vpc-provider:account=678100XXXXXX:filter.vpc-id=vpc-0867d6797e62dd78b:region=ap-northeast-1:returnAsymmetricSubnets=true": {
"vpcId": "vpc-0867d6797e62dd78b",
"vpcCidrBlock": "10.0.0.0/24",
"availabilityZones": [],
"subnetGroups": [
{
"name": "Public",
"type": "Public",
"subnets": [
{
"subnetId": "subnet-0b5985476dee1f20c",
"cidr": "10.0.0.0/25",
"availabilityZone": "ap-northeast-1c",
"routeTableId": "rtb-02a749d8d4415bbfb"
},
{
"subnetId": "subnet-0fdd37150bfff91f0",
"cidr": "10.0.0.128/26",
"availabilityZone": "ap-northeast-1c",
"routeTableId": "rtb-02a749d8d4415bbfb"
},
{
"subnetId": "subnet-085c85398f27adbfd",
"cidr": "10.0.0.192/26",
"availabilityZone": "ap-northeast-1d",
"routeTableId": "rtb-02a749d8d4415bbfb"
}
]
}
]
}
}
子网是 public 还是私有子网 仅由其路由表 决定。 Public 子网将具有到 互联网网关 的路由表,而私有子网则没有。相反,私有子网可能有到 NAT 网关的路由,但这仍然不能使它们成为 public 个子网。
我在 AWS 中有三个子网。
一个是 public 因为它有 internet-gateway
另外两个不是。
但是cdk合成时,有模板cdk.context.json
判断每三个子网是Public
然而另外两个实际上是Isolated(没有NAT网关和public IP)
为什么cdk认为他们是Public??
"vpc-provider:account=678100XXXXXX:filter.vpc-id=vpc-0867d6797e62dd78b:region=ap-northeast-1:returnAsymmetricSubnets=true": {
"vpcId": "vpc-0867d6797e62dd78b",
"vpcCidrBlock": "10.0.0.0/24",
"availabilityZones": [],
"subnetGroups": [
{
"name": "Public",
"type": "Public",
"subnets": [
{
"subnetId": "subnet-0b5985476dee1f20c",
"cidr": "10.0.0.0/25",
"availabilityZone": "ap-northeast-1c",
"routeTableId": "rtb-02a749d8d4415bbfb"
},
{
"subnetId": "subnet-0fdd37150bfff91f0",
"cidr": "10.0.0.128/26",
"availabilityZone": "ap-northeast-1c",
"routeTableId": "rtb-02a749d8d4415bbfb"
},
{
"subnetId": "subnet-085c85398f27adbfd",
"cidr": "10.0.0.192/26",
"availabilityZone": "ap-northeast-1d",
"routeTableId": "rtb-02a749d8d4415bbfb"
}
]
}
]
}
}
子网是 public 还是私有子网 仅由其路由表 决定。 Public 子网将具有到 互联网网关 的路由表,而私有子网则没有。相反,私有子网可能有到 NAT 网关的路由,但这仍然不能使它们成为 public 个子网。