メニュー
AWS CloudFormation
ユーザーガイド (API Version 2010-05-15)

AWS::EC2::VPCPeeringConnection

VPC ピア接続は、2 つの Virtual Private Cloud (VPC) 間のネットワーク接続を可能にします。2 つの VPC 間でプライベート IP アドレスを使用してトラフィックをルーティングすることができます。VPC ピアとその制限の詳細については、Amazon VPC Peering Guide の「VPC ピア機能の概要」を参照してください。

注記

別の AWS アカウントとの間でピア接続を作成できます。詳細なチュートリアルについては、「チュートリアル: 別の AWS アカウントで Amazon VPC とピア接続する」を参照してください。

構文

AWS CloudFormation テンプレートでこのエンティティを宣言するには、次の構文を使用します。

JSON

Copy
{ "Type" : "AWS::EC2::VPCPeeringConnection", "Properties" : { "PeerVpcId" : String, "Tags" : [ Resource Tag, ... ], "VpcId" : String, "PeerOwnerId" : String, "PeerRoleArn" : String } }

YAML

Copy
Type: "AWS::EC2::VPCPeeringConnection" Properties: PeerVpcId: String Tags: - Resource Tag VpcId: String PeerOwnerId: String PeerRoleArn: String

プロパティ

PeerVpcId

ピア接続を作成する VPC の ID。

Required: Yes

Type: String

更新に伴う要件: 置換

Tags

このリソースに対する任意のタグのセット (キーと値のペア)。

Required: No

Type: AWS CloudFormation Resource Tags

更新に伴う要件: 中断はありません。

VpcId

ピア接続を要求する VPC の ID。

Required: Yes

Type: String

更新に伴う要件: 置換

PeerOwnerId

ピア接続をする VPC の所有者の AWS アカウント ID。

Required: No

Type: String

更新に伴う要件: 置換

PeerRoleArn

別の AWS アカウントでのピア接続のための VPC ピアロールの Amazon リソースネーム (ARN)。

Required: No

Type: String

更新に伴う要件: 置換

戻り値

参照番号

このリソースの論理 ID が Ref 組み込み関数に提供されると、Ref によりリソース名が返されます。

Ref 関数の使用方法の詳細については、「Ref」を参照してください。

以下のサンプルテンプレートでは、2 つの VPC を作成して、ピア接続の設定方法をデモンストレーションします。VPC ピア接続に対しては、各 VPC ルートテーブルについて、VPC ピアルートを作成する必要があります (サンプルの PeeringRoute1PeeringRoute2 を参照)。このテンプレートを起動すると、SSH を使用して myInstance インスタンスに接続した後、myPrivateInstance インスタンスに ping を送信することができます。2 つのインスタンスが別個の VPC に存在した場合でも同様です。

JSON

Copy
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Creates a VPC that and then creates a peering connection with an existing VPC that you specify.", "Parameters": { "EC2KeyPairName": { "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances", "Type": "AWS::EC2::KeyPair::KeyName", "ConstraintDescription" : "must be the name of an existing EC2 KeyPair." }, "InstanceType": { "Description": "EC2 instance type", "Type": "String", "Default": "t1.micro", "AllowedValues": [ "t1.micro", "m1.small", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge" ], "ConstraintDescription": "must be a valid EC2 instance type." }, "myVPCIDCIDRRange": { "Description": "The IP address range for your new VPC.", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "10.1.0.0/16", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "myPrivateVPCIDCIDRRange": { "Description": "The IP address range for your new Private VPC.", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "10.0.0.0/16", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "EC2SubnetCIDRRange": { "Description": "The IP address range for a subnet in myPrivateVPC.", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "10.0.0.0/24", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "EC2PublicSubnetCIDRRange": { "Description": "The IP address range for a subnet in myVPC.", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "10.1.0.0/24", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." } }, "Mappings": { "AWSRegionToAMI": { "us-east-1": { "64": "ami-fb8e9292" }, "us-west-2": { "64": "ami-043a5034" }, "us-west-1": { "64": "ami-7aba833f" }, "eu-west-1": { "64": "ami-2918e35e" }, "ap-southeast-1": { "64": "ami-b40d5ee6" }, "ap-southeast-2": { "64": "ami-3b4bd301" }, "ap-northeast-1": { "64": "ami-c9562fc8" }, "sa-east-1": { "64": "ami-215dff3c" } } }, "Resources": { "myPrivateVPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": {"Ref": "myPrivateVPCIDCIDRRange"}, "EnableDnsSupport": false, "EnableDnsHostnames": false, "InstanceTenancy": "default" } }, "myPrivateEC2Subnet" : { "Type" : "AWS::EC2::Subnet", "Properties" : { "VpcId" : { "Ref" : "myPrivateVPC" }, "CidrBlock" : {"Ref": "EC2SubnetCIDRRange"} } }, "RouteTable" : { "Type" : "AWS::EC2::RouteTable", "Properties" : { "VpcId" : {"Ref" : "myPrivateVPC"} } }, "PeeringRoute1" : { "Type" : "AWS::EC2::Route", "Properties" : { "DestinationCidrBlock": "0.0.0.0/0", "RouteTableId" : { "Ref" : "RouteTable" }, "VpcPeeringConnectionId" : { "Ref" : "myVPCPeeringConnection" } } }, "SubnetRouteTableAssociation" : { "Type" : "AWS::EC2::SubnetRouteTableAssociation", "Properties" : { "SubnetId" : { "Ref" : "myPrivateEC2Subnet" }, "RouteTableId" : { "Ref" : "RouteTable" } } }, "myVPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": {"Ref": "myVPCIDCIDRRange"}, "EnableDnsSupport": true, "EnableDnsHostnames": true, "InstanceTenancy": "default" } }, "PublicSubnet": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": {"Ref": "EC2PublicSubnetCIDRRange"}, "VpcId": { "Ref": "myVPC" } } }, "myInternetGateway": { "Type": "AWS::EC2::InternetGateway" }, "AttachGateway": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "myVPC" }, "InternetGatewayId": { "Ref": "myInternetGateway" } } }, "PublicRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "myVPC" } } }, "PeeringRoute2" : { "Type" : "AWS::EC2::Route", "Properties" : { "DestinationCidrBlock": { "Ref" : "myPrivateVPCIDCIDRRange" }, "RouteTableId" : { "Ref" : "PublicRouteTable" }, "VpcPeeringConnectionId" : { "Ref" : "myVPCPeeringConnection" } } }, "PublicRoute": { "Type": "AWS::EC2::Route", "DependsOn": "AttachGateway", "Properties": { "RouteTableId": { "Ref": "PublicRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "myInternetGateway" } } }, "PublicSubnetRouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "PublicSubnet" }, "RouteTableId": { "Ref": "PublicRouteTable" } } }, "myPrivateVPCEC2SecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription": "Private instance security group", "VpcId" : { "Ref" : "myPrivateVPC" }, "SecurityGroupIngress" : [ {"IpProtocol" : "-1", "FromPort" : "0", "ToPort" : "65535", "CidrIp" : "0.0.0.0/0"} ] } }, "myVPCEC2SecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription": "Public instance security group", "VpcId" : { "Ref" : "myVPC" }, "SecurityGroupIngress" : [ {"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"}, {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0"} ] } }, "myPrivateInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "SecurityGroupIds" : [{ "Ref" : "myPrivateVPCEC2SecurityGroup" }], "SubnetId" : { "Ref" : "myPrivateEC2Subnet" }, "KeyName": { "Ref": "EC2KeyPairName" }, "ImageId": { "Fn::FindInMap": [ "AWSRegionToAMI", {"Ref": "AWS::Region"}, "64" ] } } }, "myInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "NetworkInterfaces": [ { "AssociatePublicIpAddress": "true", "DeviceIndex": "0", "GroupSet": [{ "Ref" : "myVPCEC2SecurityGroup" }], "SubnetId": { "Ref" : "PublicSubnet" } } ], "KeyName": { "Ref": "EC2KeyPairName" }, "ImageId": { "Fn::FindInMap": [ "AWSRegionToAMI", {"Ref": "AWS::Region"}, "64" ] } } }, "myVPCPeeringConnection": { "Type": "AWS::EC2::VPCPeeringConnection", "Properties": { "VpcId": {"Ref": "myVPC"}, "PeerVpcId": {"Ref": "myPrivateVPC"} } } } }

YAML

Copy
AWSTemplateFormatVersion: '2010-09-09' Description: Creates a VPC that and then creates a peering connection with an existing VPC that you specify. Parameters: EC2KeyPairName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instances Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: must be the name of an existing EC2 KeyPair. InstanceType: Description: EC2 instance type Type: String Default: t1.micro AllowedValues: - t1.micro - m1.small - m3.medium - m3.large - m3.xlarge - m3.2xlarge - c3.large - c3.xlarge - c3.2xlarge - c3.4xlarge - c3.8xlarge ConstraintDescription: must be a valid EC2 instance type. myVPCIDCIDRRange: Description: The IP address range for your new VPC. Type: String MinLength: '9' MaxLength: '18' Default: 10.1.0.0/16 AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. myPrivateVPCIDCIDRRange: Description: The IP address range for your new Private VPC. Type: String MinLength: '9' MaxLength: '18' Default: 10.0.0.0/16 AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. EC2SubnetCIDRRange: Description: The IP address range for a subnet in myPrivateVPC. Type: String MinLength: '9' MaxLength: '18' Default: 10.0.0.0/24 AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. EC2PublicSubnetCIDRRange: Description: The IP address range for a subnet in myVPC. Type: String MinLength: '9' MaxLength: '18' Default: 10.1.0.0/24 AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. Mappings: AWSRegionToAMI: us-east-1: '64': ami-fb8e9292 us-west-2: '64': ami-043a5034 us-west-1: '64': ami-7aba833f eu-west-1: '64': ami-2918e35e ap-southeast-1: '64': ami-b40d5ee6 ap-southeast-2: '64': ami-3b4bd301 ap-northeast-1: '64': ami-c9562fc8 sa-east-1: '64': ami-215dff3c Resources: myPrivateVPC: Type: AWS::EC2::VPC Properties: CidrBlock: Ref: myPrivateVPCIDCIDRRange EnableDnsSupport: false EnableDnsHostnames: false InstanceTenancy: default myPrivateEC2Subnet: Type: AWS::EC2::Subnet Properties: VpcId: Ref: myPrivateVPC CidrBlock: Ref: EC2SubnetCIDRRange RouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: Ref: myPrivateVPC PeeringRoute1: Type: AWS::EC2::Route Properties: DestinationCidrBlock: 0.0.0.0/0 RouteTableId: Ref: RouteTable VpcPeeringConnectionId: Ref: myVPCPeeringConnection SubnetRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: Ref: myPrivateEC2Subnet RouteTableId: Ref: RouteTable myVPC: Type: AWS::EC2::VPC Properties: CidrBlock: Ref: myVPCIDCIDRRange EnableDnsSupport: true EnableDnsHostnames: true InstanceTenancy: default PublicSubnet: Type: AWS::EC2::Subnet Properties: CidrBlock: Ref: EC2PublicSubnetCIDRRange VpcId: Ref: myVPC myInternetGateway: Type: AWS::EC2::InternetGateway AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: Ref: myVPC InternetGatewayId: Ref: myInternetGateway PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: Ref: myVPC PeeringRoute2: Type: AWS::EC2::Route Properties: DestinationCidrBlock: Ref: myPrivateVPCIDCIDRRange RouteTableId: Ref: PublicRouteTable VpcPeeringConnectionId: Ref: myVPCPeeringConnection PublicRoute: Type: AWS::EC2::Route DependsOn: AttachGateway Properties: RouteTableId: Ref: PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: Ref: myInternetGateway PublicSubnetRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: Ref: PublicSubnet RouteTableId: Ref: PublicRouteTable myPrivateVPCEC2SecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Private instance security group VpcId: Ref: myPrivateVPC SecurityGroupIngress: - IpProtocol: "-1" FromPort: '0' ToPort: '65535' CidrIp: 0.0.0.0/0 myVPCEC2SecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Public instance security group VpcId: Ref: myVPC SecurityGroupIngress: - IpProtocol: tcp FromPort: '80' ToPort: '80' CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: '22' ToPort: '22' CidrIp: 0.0.0.0/0 myPrivateInstance: Type: AWS::EC2::Instance Properties: SecurityGroupIds: - Ref: myPrivateVPCEC2SecurityGroup SubnetId: Ref: myPrivateEC2Subnet KeyName: Ref: EC2KeyPairName ImageId: Fn::FindInMap: - AWSRegionToAMI - Ref: AWS::Region - '64' myInstance: Type: AWS::EC2::Instance Properties: NetworkInterfaces: - AssociatePublicIpAddress: 'true' DeviceIndex: '0' GroupSet: - Ref: myVPCEC2SecurityGroup SubnetId: Ref: PublicSubnet KeyName: Ref: EC2KeyPairName ImageId: Fn::FindInMap: - AWSRegionToAMI - Ref: AWS::Region - '64' myVPCPeeringConnection: Type: AWS::EC2::VPCPeeringConnection Properties: VpcId: Ref: myVPC PeerVpcId: Ref: myPrivateVPC

このページの内容: