Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
4.8k views
in Technique[技术] by (71.8m points)

VPC endpoint in Cloudformation - Endpoint type (Gateway) does not match available service types ([Interface])

I'm trying to create a VPC endpoint for API Gateway in Cloudformation, but got this error:

Endpoint type (Gateway) does not match available service types ([Interface]).

The template below is placed inside the Resources section:

  executeApiEndpoint:
    Type: AWS::EC2::VPCEndpoint
    Properties:
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal: "*"
            Action:
              - "execute-api:Invoke"
              - "execute-api:ManageConnections"
            Resource:
              - "arn:aws:execute-api:*:*:*"
      RouteTableIds:
        - !Ref privateRouteTable
      ServiceName: !Sub com.amazonaws.${AWS::Region}.execute-api
      VpcId: !Ref pubPrivateVPC

This one doesn't work either:

  executeApiEndpoint:
    Type: AWS::EC2::VPCEndpoint
    Properties:
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal: "*"
            Action:
              - "execute-api:*"
            Resource:
              - "*"
      RouteTableIds:
        - !Ref privateRouteTable
      ServiceName: !Sub com.amazonaws.${AWS::Region}.execute-api
      VpcId: !Ref pubPrivateVPC

However, this block (comes from a template) was able to be executed without any error:

  s3Endpoint:
    Type: AWS::EC2::VPCEndpoint
    Properties:
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal: "*"
            Action:
              - "s3:*"
            Resource:
              - "*"
      RouteTableIds:
        - !Ref privateRouteTable
      ServiceName: !Sub com.amazonaws.${AWS::Region}.s3
      VpcId: !Ref pubPrivateVPC

What is going wrong here?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You must also specify the VpcEndpointType property on the AWS::EC2::VPCEndpoint resource to be Interface for interface typed VPC endpoints to work. The default is "Gateway", which only works for S3 and DynamoDB VPC endpoints.

The reason your solution works with S3 as endpoint is because that VpcEndpointType property has "Gateway" as default value (suitable for S3).


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...