AWS CDK:部署 Redis ElastiCache 时出错:子网组与 CacheCluster 属于不同的 VPC
AWS CDK: Error when deploying Redis ElastiCache: Subnet group belongs to a different VPC than CacheCluster
总结
我正在尝试使用 CDK 在 AWS 上部署 Redis ElastiCache 集群。
出于安全原因,我希望集群位于 VPC 中。
我的代码(见上文)定义了一个 VPC、一个安全组、一个缓存子网组(链接到 vpc 私有子网)和缓存集群(链接到缓存子网组和安全组)。
使用 cdk deploy
,部署进行得很顺利,直到我收到此错误:
ACL_redis (ACLredis) Subnet group [default] belongs to a different VPC [vpc-326ce55b] than [vpc-0c45b593f3a5fdc4d] (Service: AmazonElastiCache; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 901398f4-c355-418d-921b-65e6c52dfe3a)
我试过的
在禁用回滚时,缓存集群似乎是在该区域的默认 VPC 中创建的,而不是在我的堆栈中定义的 VPC 中创建的。
我不明白为什么 Cloud Formation 这样做,因为安全组和缓存子网组都链接到堆栈的 VPC。
根本没有引用区域默认 VPC。
一些代码
这是CDK代码
from aws_cdk import (
core,
aws_stepfunctions,
aws_lambda,
aws_stepfunctions_tasks,
aws_sqs,
aws_elasticache,
aws_ec2,
)
PROJECT_CODE = 'ACL'
class AclAwsCdkLearningStack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = aws_ec2.Vpc(self, f"{PROJECT_CODE}_vpc",
cidr="10.0.0.0/16"
)
security_group = aws_ec2.SecurityGroup(
scope=self,
id=f"{PROJECT_CODE}_security_group",
vpc=vpc,
)
private_subnets_ids = [ps.subnet_id for ps in vpc.private_subnets]
cache_subnet_group = aws_elasticache.CfnSubnetGroup(
scope=self,
id=f"{PROJECT_CODE}_cache_subnet_group",
subnet_ids=private_subnets_ids, # todo: add list of subnet ids here
description="subnet group for redis",
)
redis_cluster = aws_elasticache.CfnCacheCluster(
scope=self,
id=f"{PROJECT_CODE}_redis",
engine="redis",
cache_node_type="cache.t2.small",
num_cache_nodes=1,
cache_subnet_group_name=cache_subnet_group.cache_subnet_group_name,
vpc_security_group_ids=[security_group.security_group_id],
)
redis_cluster.add_depends_on(cache_subnet_group)
这是生成的 JSON CloudFormation 代码:
{
"Resources": {
"ACLvpcAC1CD0C2": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"InstanceTenancy": "default",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/Resource"
}
},
"ACLvpcPublicSubnet1SubnetAB5536F8": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3a",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/Subnet"
}
},
"ACLvpcPublicSubnet1RouteTable973DCC99": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/RouteTable"
}
},
"ACLvpcPublicSubnet1RouteTableAssociation07D70069": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet1RouteTable973DCC99"
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet1SubnetAB5536F8"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/RouteTableAssociation"
}
},
"ACLvpcPublicSubnet1DefaultRoute5F1B7BC7": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet1RouteTable973DCC99"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"DependsOn": [
"ACLvpcVPCGWA01262F1"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/DefaultRoute"
}
},
"ACLvpcPublicSubnet1EIP0233C01E": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/EIP"
}
},
"ACLvpcPublicSubnet1NATGateway7D889FAC": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ACLvpcPublicSubnet1EIP0233C01E",
"AllocationId"
]
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet1SubnetAB5536F8"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/NATGateway"
}
},
"ACLvpcPublicSubnet2Subnet1243F1B8": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.32.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3b",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/Subnet"
}
},
"ACLvpcPublicSubnet2RouteTableBFA33E2A": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/RouteTable"
}
},
"ACLvpcPublicSubnet2RouteTableAssociation0E367E2F": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet2RouteTableBFA33E2A"
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet2Subnet1243F1B8"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/RouteTableAssociation"
}
},
"ACLvpcPublicSubnet2DefaultRoute6918C2C0": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet2RouteTableBFA33E2A"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"DependsOn": [
"ACLvpcVPCGWA01262F1"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/DefaultRoute"
}
},
"ACLvpcPublicSubnet2EIPBB2E0F7F": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/EIP"
}
},
"ACLvpcPublicSubnet2NATGatewayA823B2BD": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ACLvpcPublicSubnet2EIPBB2E0F7F",
"AllocationId"
]
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet2Subnet1243F1B8"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/NATGateway"
}
},
"ACLvpcPublicSubnet3Subnet74DB8A91": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.64.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3c",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/Subnet"
}
},
"ACLvpcPublicSubnet3RouteTable48D5C590": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/RouteTable"
}
},
"ACLvpcPublicSubnet3RouteTableAssociation6304EEEC": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet3RouteTable48D5C590"
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet3Subnet74DB8A91"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/RouteTableAssociation"
}
},
"ACLvpcPublicSubnet3DefaultRoute5ED7E66D": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet3RouteTable48D5C590"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"DependsOn": [
"ACLvpcVPCGWA01262F1"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/DefaultRoute"
}
},
"ACLvpcPublicSubnet3EIP2A75DA44": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/EIP"
}
},
"ACLvpcPublicSubnet3NATGateway88BC6345": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ACLvpcPublicSubnet3EIP2A75DA44",
"AllocationId"
]
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet3Subnet74DB8A91"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/NATGateway"
}
},
"ACLvpcPrivateSubnet1SubnetB88404CC": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.96.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3a",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/Subnet"
}
},
"ACLvpcPrivateSubnet1RouteTable52EFE8B4": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/RouteTable"
}
},
"ACLvpcPrivateSubnet1RouteTableAssociation07BBA734": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet1RouteTable52EFE8B4"
},
"SubnetId": {
"Ref": "ACLvpcPrivateSubnet1SubnetB88404CC"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/RouteTableAssociation"
}
},
"ACLvpcPrivateSubnet1DefaultRoute1D5645F3": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet1RouteTable52EFE8B4"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ACLvpcPublicSubnet1NATGateway7D889FAC"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/DefaultRoute"
}
},
"ACLvpcPrivateSubnet2Subnet63321773": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.128.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3b",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/Subnet"
}
},
"ACLvpcPrivateSubnet2RouteTable66EECACC": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/RouteTable"
}
},
"ACLvpcPrivateSubnet2RouteTableAssociationB47D85D6": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet2RouteTable66EECACC"
},
"SubnetId": {
"Ref": "ACLvpcPrivateSubnet2Subnet63321773"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/RouteTableAssociation"
}
},
"ACLvpcPrivateSubnet2DefaultRoute692EE131": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet2RouteTable66EECACC"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ACLvpcPublicSubnet2NATGatewayA823B2BD"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/DefaultRoute"
}
},
"ACLvpcPrivateSubnet3SubnetC5349B6D": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.160.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3c",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/Subnet"
}
},
"ACLvpcPrivateSubnet3RouteTableFCCC4D72": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/RouteTable"
}
},
"ACLvpcPrivateSubnet3RouteTableAssociationD5EEF6F8": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet3RouteTableFCCC4D72"
},
"SubnetId": {
"Ref": "ACLvpcPrivateSubnet3SubnetC5349B6D"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/RouteTableAssociation"
}
},
"ACLvpcPrivateSubnet3DefaultRoute6D60CB6B": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet3RouteTableFCCC4D72"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ACLvpcPublicSubnet3NATGateway88BC6345"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/DefaultRoute"
}
},
"ACLvpcIGWA284CC51": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/IGW"
}
},
"ACLvpcVPCGWA01262F1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"InternetGatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/VPCGW"
}
},
"ACLsecuritygroupF744FA96": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "acl-aws-cdk-learning/ACL_security_group",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow all outbound traffic by default",
"IpProtocol": "-1"
}
],
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_security_group/Resource"
}
},
"ACLcachesubnetgroup": {
"Type": "AWS::ElastiCache::SubnetGroup",
"Properties": {
"Description": "subnet group for redis",
"SubnetIds": [
{
"Ref": "ACLvpcPrivateSubnet1SubnetB88404CC"
},
{
"Ref": "ACLvpcPrivateSubnet2Subnet63321773"
},
{
"Ref": "ACLvpcPrivateSubnet3SubnetC5349B6D"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_cache_subnet_group"
}
},
"ACLredis": {
"Type": "AWS::ElastiCache::CacheCluster",
"Properties": {
"CacheNodeType": "cache.t2.small",
"Engine": "redis",
"NumCacheNodes": 1,
"VpcSecurityGroupIds": [
{
"Fn::GetAtt": [
"ACLsecuritygroupF744FA96",
"GroupId"
]
}
]
},
"DependsOn": [
"ACLcachesubnetgroup"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_redis"
}
}
}
}
Bash 东西:
(.env) acl-aws-cdk-learning % cdk deploy
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:
Security Group Changes
┌───┬───────────────────────────────┬─────┬────────────┬─────────────────┐
│ │ Group │ Dir │ Protocol │ Peer │
├───┼───────────────────────────────┼─────┼────────────┼─────────────────┤
│ + │ ${ACL_security_group.GroupId} │ Out │ Everything │ Everyone (IPv4) │
└───┴───────────────────────────────┴─────┴────────────┴─────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
Do you wish to deploy these changes (y/n)? y
acl-aws-cdk-learning: deploying...
acl-aws-cdk-learning: creating CloudFormation changeset...
0/38 | 11:00:17 | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata
0/38 | 11:00:17 | CREATE_IN_PROGRESS | AWS::EC2::InternetGateway | ACL_vpc/IGW (ACLvpcIGWA284CC51)
(...)
20/38 | 11:00:53 | CREATE_IN_PROGRESS | AWS::ElastiCache::SubnetGroup | ACL_cache_subnet_group (ACLcachesubnetgroup) Resource creation Initiated
21/38 | 11:00:53 | CREATE_COMPLETE | AWS::ElastiCache::SubnetGroup | ACL_cache_subnet_group (ACLcachesubnetgroup)
21/38 | 11:00:55 | CREATE_IN_PROGRESS | AWS::ElastiCache::CacheCluster | ACL_redis (ACLredis)
22/38 | 11:00:56 | CREATE_FAILED | AWS::ElastiCache::CacheCluster | ACL_redis (ACLredis) Subnet group [default] belongs to a different VPC [vpc-326ce55b] than [vpc-0c45b593f3a5fdc4d] (Service: AmazonElastiCache; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 901398f4-c355-418d-921b-65e6c52dfe3a)
obj._wrapSandboxCode (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7761:49)
\_ Kernel._wrapSandboxCode (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8221:20)
\_ Kernel._create (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7761:26)
\_ Kernel.create (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7508:21)
\_ KernelHost.processRequest (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7296:28)
\_ KernelHost.run (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7236:14)
\_ Immediate.setImmediate [as _onImmediate] (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7239:37)
\_ runCallback (timers.js:694:18)
\_ tryOnImmediate (timers.js:665:5)
\_ processImmediate (timers.js:647:5)
我可以看到生成的模板中的 CacheCluster 定义中缺少 CacheSubnetGroupName。这就是缓存使用默认 VPC 的原因。
CDK 遗漏了您的子网组定义,因为您分配的不正确。
使用 Cfn 资源时,您应该使用 ref
在代码中引用其他资源,而不是像您那样直接分配资源。
只需更新以下代码行,您的代码就可以正常工作。
redis_cluster = aws_elasticache.CfnCacheCluster(
...
cache_subnet_group_name=cache_subnet_group.ref
)
总结
我正在尝试使用 CDK 在 AWS 上部署 Redis ElastiCache 集群。
出于安全原因,我希望集群位于 VPC 中。
我的代码(见上文)定义了一个 VPC、一个安全组、一个缓存子网组(链接到 vpc 私有子网)和缓存集群(链接到缓存子网组和安全组)。
使用 cdk deploy
,部署进行得很顺利,直到我收到此错误:
ACL_redis (ACLredis) Subnet group [default] belongs to a different VPC [vpc-326ce55b] than [vpc-0c45b593f3a5fdc4d] (Service: AmazonElastiCache; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 901398f4-c355-418d-921b-65e6c52dfe3a)
我试过的
在禁用回滚时,缓存集群似乎是在该区域的默认 VPC 中创建的,而不是在我的堆栈中定义的 VPC 中创建的。 我不明白为什么 Cloud Formation 这样做,因为安全组和缓存子网组都链接到堆栈的 VPC。
根本没有引用区域默认 VPC。
一些代码
这是CDK代码
from aws_cdk import (
core,
aws_stepfunctions,
aws_lambda,
aws_stepfunctions_tasks,
aws_sqs,
aws_elasticache,
aws_ec2,
)
PROJECT_CODE = 'ACL'
class AclAwsCdkLearningStack(core.Stack):
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
vpc = aws_ec2.Vpc(self, f"{PROJECT_CODE}_vpc",
cidr="10.0.0.0/16"
)
security_group = aws_ec2.SecurityGroup(
scope=self,
id=f"{PROJECT_CODE}_security_group",
vpc=vpc,
)
private_subnets_ids = [ps.subnet_id for ps in vpc.private_subnets]
cache_subnet_group = aws_elasticache.CfnSubnetGroup(
scope=self,
id=f"{PROJECT_CODE}_cache_subnet_group",
subnet_ids=private_subnets_ids, # todo: add list of subnet ids here
description="subnet group for redis",
)
redis_cluster = aws_elasticache.CfnCacheCluster(
scope=self,
id=f"{PROJECT_CODE}_redis",
engine="redis",
cache_node_type="cache.t2.small",
num_cache_nodes=1,
cache_subnet_group_name=cache_subnet_group.cache_subnet_group_name,
vpc_security_group_ids=[security_group.security_group_id],
)
redis_cluster.add_depends_on(cache_subnet_group)
这是生成的 JSON CloudFormation 代码:
{
"Resources": {
"ACLvpcAC1CD0C2": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"InstanceTenancy": "default",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/Resource"
}
},
"ACLvpcPublicSubnet1SubnetAB5536F8": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3a",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/Subnet"
}
},
"ACLvpcPublicSubnet1RouteTable973DCC99": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/RouteTable"
}
},
"ACLvpcPublicSubnet1RouteTableAssociation07D70069": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet1RouteTable973DCC99"
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet1SubnetAB5536F8"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/RouteTableAssociation"
}
},
"ACLvpcPublicSubnet1DefaultRoute5F1B7BC7": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet1RouteTable973DCC99"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"DependsOn": [
"ACLvpcVPCGWA01262F1"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/DefaultRoute"
}
},
"ACLvpcPublicSubnet1EIP0233C01E": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/EIP"
}
},
"ACLvpcPublicSubnet1NATGateway7D889FAC": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ACLvpcPublicSubnet1EIP0233C01E",
"AllocationId"
]
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet1SubnetAB5536F8"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet1/NATGateway"
}
},
"ACLvpcPublicSubnet2Subnet1243F1B8": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.32.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3b",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/Subnet"
}
},
"ACLvpcPublicSubnet2RouteTableBFA33E2A": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/RouteTable"
}
},
"ACLvpcPublicSubnet2RouteTableAssociation0E367E2F": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet2RouteTableBFA33E2A"
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet2Subnet1243F1B8"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/RouteTableAssociation"
}
},
"ACLvpcPublicSubnet2DefaultRoute6918C2C0": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet2RouteTableBFA33E2A"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"DependsOn": [
"ACLvpcVPCGWA01262F1"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/DefaultRoute"
}
},
"ACLvpcPublicSubnet2EIPBB2E0F7F": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/EIP"
}
},
"ACLvpcPublicSubnet2NATGatewayA823B2BD": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ACLvpcPublicSubnet2EIPBB2E0F7F",
"AllocationId"
]
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet2Subnet1243F1B8"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet2/NATGateway"
}
},
"ACLvpcPublicSubnet3Subnet74DB8A91": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.64.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3c",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Public"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/Subnet"
}
},
"ACLvpcPublicSubnet3RouteTable48D5C590": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/RouteTable"
}
},
"ACLvpcPublicSubnet3RouteTableAssociation6304EEEC": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet3RouteTable48D5C590"
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet3Subnet74DB8A91"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/RouteTableAssociation"
}
},
"ACLvpcPublicSubnet3DefaultRoute5ED7E66D": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPublicSubnet3RouteTable48D5C590"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"DependsOn": [
"ACLvpcVPCGWA01262F1"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/DefaultRoute"
}
},
"ACLvpcPublicSubnet3EIP2A75DA44": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/EIP"
}
},
"ACLvpcPublicSubnet3NATGateway88BC6345": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ACLvpcPublicSubnet3EIP2A75DA44",
"AllocationId"
]
},
"SubnetId": {
"Ref": "ACLvpcPublicSubnet3Subnet74DB8A91"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PublicSubnet3/NATGateway"
}
},
"ACLvpcPrivateSubnet1SubnetB88404CC": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.96.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3a",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/Subnet"
}
},
"ACLvpcPrivateSubnet1RouteTable52EFE8B4": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/RouteTable"
}
},
"ACLvpcPrivateSubnet1RouteTableAssociation07BBA734": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet1RouteTable52EFE8B4"
},
"SubnetId": {
"Ref": "ACLvpcPrivateSubnet1SubnetB88404CC"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/RouteTableAssociation"
}
},
"ACLvpcPrivateSubnet1DefaultRoute1D5645F3": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet1RouteTable52EFE8B4"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ACLvpcPublicSubnet1NATGateway7D889FAC"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet1/DefaultRoute"
}
},
"ACLvpcPrivateSubnet2Subnet63321773": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.128.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3b",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/Subnet"
}
},
"ACLvpcPrivateSubnet2RouteTable66EECACC": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/RouteTable"
}
},
"ACLvpcPrivateSubnet2RouteTableAssociationB47D85D6": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet2RouteTable66EECACC"
},
"SubnetId": {
"Ref": "ACLvpcPrivateSubnet2Subnet63321773"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/RouteTableAssociation"
}
},
"ACLvpcPrivateSubnet2DefaultRoute692EE131": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet2RouteTable66EECACC"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ACLvpcPublicSubnet2NATGatewayA823B2BD"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet2/DefaultRoute"
}
},
"ACLvpcPrivateSubnet3SubnetC5349B6D": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.160.0/19",
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"AvailabilityZone": "eu-west-3c",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3"
},
{
"Key": "aws-cdk:subnet-name",
"Value": "Private"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/Subnet"
}
},
"ACLvpcPrivateSubnet3RouteTableFCCC4D72": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/RouteTable"
}
},
"ACLvpcPrivateSubnet3RouteTableAssociationD5EEF6F8": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet3RouteTableFCCC4D72"
},
"SubnetId": {
"Ref": "ACLvpcPrivateSubnet3SubnetC5349B6D"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/RouteTableAssociation"
}
},
"ACLvpcPrivateSubnet3DefaultRoute6D60CB6B": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ACLvpcPrivateSubnet3RouteTableFCCC4D72"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "ACLvpcPublicSubnet3NATGateway88BC6345"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/PrivateSubnet3/DefaultRoute"
}
},
"ACLvpcIGWA284CC51": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "acl-aws-cdk-learning/ACL_vpc"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/IGW"
}
},
"ACLvpcVPCGWA01262F1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
},
"InternetGatewayId": {
"Ref": "ACLvpcIGWA284CC51"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_vpc/VPCGW"
}
},
"ACLsecuritygroupF744FA96": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "acl-aws-cdk-learning/ACL_security_group",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow all outbound traffic by default",
"IpProtocol": "-1"
}
],
"VpcId": {
"Ref": "ACLvpcAC1CD0C2"
}
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_security_group/Resource"
}
},
"ACLcachesubnetgroup": {
"Type": "AWS::ElastiCache::SubnetGroup",
"Properties": {
"Description": "subnet group for redis",
"SubnetIds": [
{
"Ref": "ACLvpcPrivateSubnet1SubnetB88404CC"
},
{
"Ref": "ACLvpcPrivateSubnet2Subnet63321773"
},
{
"Ref": "ACLvpcPrivateSubnet3SubnetC5349B6D"
}
]
},
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_cache_subnet_group"
}
},
"ACLredis": {
"Type": "AWS::ElastiCache::CacheCluster",
"Properties": {
"CacheNodeType": "cache.t2.small",
"Engine": "redis",
"NumCacheNodes": 1,
"VpcSecurityGroupIds": [
{
"Fn::GetAtt": [
"ACLsecuritygroupF744FA96",
"GroupId"
]
}
]
},
"DependsOn": [
"ACLcachesubnetgroup"
],
"Metadata": {
"aws:cdk:path": "acl-aws-cdk-learning/ACL_redis"
}
}
}
}
Bash 东西:
(.env) acl-aws-cdk-learning % cdk deploy
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:
Security Group Changes
┌───┬───────────────────────────────┬─────┬────────────┬─────────────────┐
│ │ Group │ Dir │ Protocol │ Peer │
├───┼───────────────────────────────┼─────┼────────────┼─────────────────┤
│ + │ ${ACL_security_group.GroupId} │ Out │ Everything │ Everyone (IPv4) │
└───┴───────────────────────────────┴─────┴────────────┴─────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
Do you wish to deploy these changes (y/n)? y
acl-aws-cdk-learning: deploying...
acl-aws-cdk-learning: creating CloudFormation changeset...
0/38 | 11:00:17 | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata
0/38 | 11:00:17 | CREATE_IN_PROGRESS | AWS::EC2::InternetGateway | ACL_vpc/IGW (ACLvpcIGWA284CC51)
(...)
20/38 | 11:00:53 | CREATE_IN_PROGRESS | AWS::ElastiCache::SubnetGroup | ACL_cache_subnet_group (ACLcachesubnetgroup) Resource creation Initiated
21/38 | 11:00:53 | CREATE_COMPLETE | AWS::ElastiCache::SubnetGroup | ACL_cache_subnet_group (ACLcachesubnetgroup)
21/38 | 11:00:55 | CREATE_IN_PROGRESS | AWS::ElastiCache::CacheCluster | ACL_redis (ACLredis)
22/38 | 11:00:56 | CREATE_FAILED | AWS::ElastiCache::CacheCluster | ACL_redis (ACLredis) Subnet group [default] belongs to a different VPC [vpc-326ce55b] than [vpc-0c45b593f3a5fdc4d] (Service: AmazonElastiCache; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 901398f4-c355-418d-921b-65e6c52dfe3a)
obj._wrapSandboxCode (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7761:49)
\_ Kernel._wrapSandboxCode (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8221:20)
\_ Kernel._create (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7761:26)
\_ Kernel.create (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7508:21)
\_ KernelHost.processRequest (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7296:28)
\_ KernelHost.run (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7236:14)
\_ Immediate.setImmediate [as _onImmediate] (/Users/private/Git/acl-aws-cdk-learning/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7239:37)
\_ runCallback (timers.js:694:18)
\_ tryOnImmediate (timers.js:665:5)
\_ processImmediate (timers.js:647:5)
我可以看到生成的模板中的 CacheCluster 定义中缺少 CacheSubnetGroupName。这就是缓存使用默认 VPC 的原因。
CDK 遗漏了您的子网组定义,因为您分配的不正确。
使用 Cfn 资源时,您应该使用 ref
在代码中引用其他资源,而不是像您那样直接分配资源。
只需更新以下代码行,您的代码就可以正常工作。
redis_cluster = aws_elasticache.CfnCacheCluster(
...
cache_subnet_group_name=cache_subnet_group.ref
)