个人中心
gpt4 book ai didi

amazon-web-services - 如何在 AWS 中使用 cloudformation 设置 "Remote IPv4 Network CIDR"VPN 属性

转载 作者:行者123 更新时间:2023-12-03 07:13:20 25 4
gpt4 key购买 nike

我们使用 cloudformation 作为基础设施即代码,用于本地和 AWS 账户之间的 VPN 连接。我们需要设置一个参数记录为( complete docs ):

Remote IPv4 Network CIDR  (IPv4 VPN connection only) The IPv4 CIDR range on the AWS side that is allowed to communicate over the VPN tunnels. Default: 0.0.0.0/0

我们在互联网上搜索过,但没有关于 cloudformation 如何设置该变量的真正语法。

我们希望将该值从默认值 0.0.0.0/0 设置为另一个更具体的/24 范围。

在某些 VPN 软件中,这称为流量选择器、代理 ID 或加密域。

最佳答案

可以使用 sdk 更改远程 IPv4 网络 CIDR。下面的云结构将更改远程 IPv4 网络 CIDR。

    lambdaExecutionRole:
        Type: AWS::IAM::Role
        Properties:
          AssumeRolePolicyDocument:
            Version: '2012-10-17'
            Statement:
            - Effect: Allow
              Principal:
                Service:
                - lambda.amazonaws.com
              Action:
              - sts:AssumeRole
          Path: "/"
          Policies:
          - PolicyName: root
            PolicyDocument:
              Version: '2012-10-17'
              Statement:
              - Effect: Allow
                Action:
                 - logs:*
                Resource: arn:aws:logs:*:*:* // Set appropriate value
              - Effect: Allow
                Action:
                 - ec2:ModifyVpnConnectionOptions
                Resource: !Sub "arn:aws:ec2:*:..." // Refere to your AWS::EC2::VPNConnection

    # A Lambda that changes the remote Ipv4 property of VPN using the aws sdk.
    # Asynchronous, so it will finish before the modification of the VPN is done.
    customResourceSetRemoteIp:
        Type: AWS::Lambda::Function
        Properties:
          Runtime: nodejs14.x
          Role: !GetAtt lambdaExecutionRole.Arn
          Handler: index.handler
          Code:
            ZipFile: |
                var response = require('cfn-response')
                var aws = require('aws-sdk')
                exports.handler = function (event, context) {
                    console.log("REQUEST RECEIVED:\n" + JSON.stringify(event))
                    
                    // For Delete requests, immediately send a SUCCESS response.
                    // You need to run this job with the new value if you want a rollback. 
                    if (event.RequestType == "Delete") {
                        response.send(event, context, "SUCCESS")
                        return
                    }
                    var responseStatus = "FAILED"
                    var responseData = {}
                    var vpnConnection = event.ResourceProperties.VpnConnection;
                    var remoteIpv4NetworkCidr = event.ResourceProperties.RemoteIpv4NetworkCidr;
                    
                    console.log("Set remote ipv4 cidr to '" + remoteIpv4NetworkCidr + 
                        "' at vpn connection '" + vpnConnection + "'");
                    
                    var ec2 = new aws.EC2();
                    var params = {
                      VpnConnectionId: vpnConnection, /* required */
                      DryRun: false,
                      RemoteIpv4NetworkCidr: remoteIpv4NetworkCidr
                    };
                    ec2.modifyVpnConnectionOptions(params, function(err, data) {
                      if (err) {
                          console.log(err, err.stack); // an error occurred
                          responseData = {Error: err}
                          console.log(responseData.Error + ":\n", err)
                      } else {
                          responseStatus = "SUCCESS"
                          console.log(data);           // successful response
                      }
                      response.send(event, context, responseStatus, responseData)
                    });
                }
          Description: Set VPN options in cloudformation
          TracingConfig:
            Mode: PassThrough

    setRemoteIpOnVpnCustomResource:
        Type: AWS::CloudFormation::CustomResource
        Version: "1.0"
        Properties:
          ServiceToken: !GetAtt customResourceSetRemoteIp.Arn
          VpnConnection: !Ref vpcVpnConnection
          RemoteIpv4NetworkCidr: "10.0.0.0/24"

关于amazon-web-services - 如何在 AWS 中使用 cloudformation 设置 "Remote IPv4 Network CIDR"VPN 属性,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/69296128/

25 4 0
文章推荐: amazon-web-services - AWS 云信息 : How to fix "Api Event must reference an Api in the same template" error?
文章推荐: javascript - 包 react-native-onesignal 已被忽略,因为它包含无效配置
文章推荐: javascript - 在输入字段上设置最大和最小限制?
文章推荐: elasticsearch - 通过 CloudFormation 创建 AWS ElasticSearch 域(现在作为 AWS OpenSearch 服务)时出错
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com