amazon-web-services - CloudFormation - 用户不拥有网络 ACL

Question

收到错误“用户 XXXXXXXXX 不拥有资源 nvirgi-acl2-15txjsljshg15”(nvirgi-acl2-15txjsljshg15 是创建的 acl 的名称)，下面是我的 vpc、子网、acl 和 networkacl 的云形成 JSON 。我该如何克服这个错误？

"VPC1": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "10.10.0.0/16",
        "InstanceTenancy": "default",
        "EnableDnsSupport": "true",
        "EnableDnsHostnames": "false",
        "Tags": [
          {
            "Key": "Name",
            "Value": "My Dashboard"
          }
        ]
      }
    },
    "subnet1": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock": "172.31.48.0/20",
        "AvailabilityZone": "us-east-2a",
        "VpcId": {
          "Ref": "VPC1"
        }
      }          
    },
    "subnet2": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock": "172.31.0.0/20",
        "AvailabilityZone": "us-east-2b",
        "VpcId": {
          "Ref": "VPC1"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "MyDashboard"
          }
        ]
      }
    },
    "subnet3": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock": "172.31.32.0/20",
        "AvailabilityZone": "us-east-2a",
        "VpcId": {
          "Ref": "VPC1"
        }
      }
    },
 "acl1": {
      "Type": "AWS::EC2::NetworkAclEntry",
      "Properties": {
        "CidrBlock": "0.0.0.0/0",
        "Egress": "true",
        "Protocol": "-1",
        "RuleAction": "allow",
        "RuleNumber": "100",
        "NetworkAclId": {
          "Ref": "NetworkAcl1"
        }
      }
    },
    "acl2": {
      "Type": "AWS::EC2::NetworkAclEntry",
      "Properties": {
        "CidrBlock": "0.0.0.0/0",
        "Protocol": "-1",
        "RuleAction": "allow",
        "RuleNumber": "101",
        "NetworkAclId": {
          "Ref": "NetworkAcl2"
        }
      }
    },
    "acl3": {
      "Type": "AWS::EC2::NetworkAclEntry",
      "Properties": {
        "CidrBlock": "0.0.0.0/0",
        "Egress": "true",
        "Protocol": "-1",
        "RuleAction": "allow",
        "RuleNumber": "102",
        "NetworkAclId": {
          "Ref": "NetworkAcl3"
        }
      }
    },  
    "subnetacl1": {
      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
      "Properties": {
        "NetworkAclId": {
          "Ref": "acl1"
        },
        "SubnetId": {
          "Ref": "subnet1"
        }
      }
    },
    "subnetacl2": {
      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
      "Properties": {
        "NetworkAclId": {
          "Ref": "acl2"
        },
        "SubnetId": {
          "Ref": "subnet2"
        }
      }
    },
    "subnetacl3": {
      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
      "Properties": {
        "NetworkAclId": {
          "Ref": "acl3"
        },
        "SubnetId": {
          "Ref": "subnet3"
        }
      }
    },
"NetworkAcl1": {
      "Type": "AWS::EC2::NetworkAcl",
      "Properties": {
        "VpcId": {
          "Ref": "VPC1"
        }
      }
    },
    "NetworkAcl2": {
      "Type": "AWS::EC2::NetworkAcl",
      "Properties": {
        "VpcId": {
          "Ref": "VPC1"
        }
      }
    },
    "NetworkAcl3": {
      "Type": "AWS::EC2::NetworkAcl",
      "Properties": {
        "VpcId": {
          "Ref": "VPC1"
        }
      }
    }

Answer 1

问题是 NetworkAclId AWS::EC2::SubnetNetworkAclAssociation 资源中的属性 ("subnetacl[1-3]") 必须引用 AWS::EC2::NetworkAcl code> 资源 ("NetworkAcl[1-3]")，而不是 AWS::EC2::NetworkAclEntry 资源 ("acl[1-3]")，就像现在一样。