在VPC上创建子网时如何确定AWS Cloudformation中的ipv6 CIDR块前缀 [英] How to determine ipv6 CIDR block prefix in AWS Cloudformation when creating subnets on a VPC

问题描述

AWS为VPC生成了ipv6 CIDR块，因此无法提前确定。生成的CIDR块如下所示： 2a05：d018：84c：c500 :: / 56 且大小始终为56。

AWS generates the ipv6 CIDR block for VPCs so its not possible to determine ahead of time. The generated CIDR block looks something like: 2a05:d018:84c:c500::/56 and is always size 56.

创建子网时，必须使用完整的前缀值指定大小为64的块。例如。 2a05：d018：84c：c501 :: / 64 。

When creating a subnet you have to specify a size 64 block using the full prefixed value. E.g. 2a05:d018:84c:c501::/64.

可以为以下命令查找ipv6 CIDR块：一个VPC的cloudformation，但这将返回完整值，而不仅仅是前缀。要创建子网，我们需要能够在前缀后附加 01 :: / 64 来为子网创建64大小的块。

It's possible to look up the ipv6 CIDR blocks for a VPC in cloudformation, but this returns the full value, not just the prefix. To create a subnet we need to be able to append something 01::/64 to the prefix to create the 64 sized block for the subnet.

我见过使用lambda函数的解决方案，但这使模板变得非常复杂。我只想使用模板中提供的内置内在函数来完成此操作。

I've seen solutions that use a lambda function, but this greatly complicated the templates. I'd like to do this using just the built-in intrinsic functions available in the templates.

当在同一堆栈中部署具有ipv6子网的VPC时，如何为子网生成有效的ipv6 CIDR块？

When deploying a VPC with ipv6 subnets in the same stack, how can you generate valid ipv6 CIDR blocks for the subnets?

推荐答案

这里是一个使用 Fn :: Cidr内部函数。

!Select [1, !Cidr [!Select [0, !GetAtt 'Vpc.Ipv6CidrBlocks'], 256, 64]]

对于给定的区块 2a05：d018：84c：c500 :: / 56 这将为您提供 2a05：d018：84c：c501 :: / 64

For a given block 2a05:d018:84c:c500::/56 this will give you 2a05:d018:84c:c501::/64

增加第一个索引以获取下一个块。

Increment the first index to get the next block.

!Select [2, !Cidr [!Select [0, !GetAtt 'Vpc.Ipv6CidrBlocks'], 256, 64]]

将为您提供 2a05：d018： 84c：c502 :: // 64

这也是一个完整的最小示例，包括使用 AWS :: EC2 :: VPCCidrBlock 资源将IPv6块附加到VPC并使用 DependsOn 属性，以确保在创建子网之前已附加VPCCidrBlock。

Also here is a full minimal example including the crucial steps of using an AWS::EC2::VPCCidrBlock resource to attach the IPv6 block to the VPC and using the DependsOn property to make sure that the VPCCidrBlock is attached before the Subnet is created.

Resources:
  Vpc:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Sub '10.255.0.0/16'

  VpcCidrBlockIpv6:
    Type: 'AWS::EC2::VPCCidrBlock'
    Properties:
      VpcId: !Ref 'Vpc'
      AmazonProvidedIpv6CidrBlock: true

  PrivateSubnet:
    Type: AWS::EC2::Subnet
    DependsOn: VpcCidrBlockIpv6 # Wait for IPv6 CIDR to be attached to VPC before creating subnet
    Properties:
      AvailabilityZone: !Select [ 0, !GetAZs '' ]
      VpcId: !Ref 'Vpc'
      AssignIpv6AddressOnCreation: true
      CidrBlock: !Sub '10.255.0.0/20'
      Ipv6CidrBlock: !Select [1, !Cidr [!Select [0, !GetAtt 'Vpc.Ipv6CidrBlocks'], 256, 64]]

这篇关于在VPC上创建子网时如何确定AWS Cloudformation中的ipv6 CIDR块前缀的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！