CloudFormation - пользователь не владеет сетью ACL

Question

Получение пользователя ошибки XXXXXXXXX не владеет ресурсом nvirgi-acl2-15txjsljshg15 '(nvirgi-acl2-15txjsljshg15 - это имя созданного acl), ниже показано мое облако JSON для vpc, подсети, acl и networkacl. Как мне пройти эту ошибку?

"VPC1": { 
     "Type": "AWS::EC2::VPC", 
     "Properties": { 
     "CidrBlock": "10.10.0.0/16", 
     "InstanceTenancy": "default", 
     "EnableDnsSupport": "true", 
     "EnableDnsHostnames": "false", 
     "Tags": [ 
      { 
      "Key": "Name", 
      "Value": "My Dashboard" 
      } 
     ] 
     } 
    }, 
    "subnet1": { 
     "Type": "AWS::EC2::Subnet", 
     "Properties": { 
     "CidrBlock": "172.31.48.0/20", 
     "AvailabilityZone": "us-east-2a", 
     "VpcId": { 
      "Ref": "VPC1" 
     } 
     }   
    }, 
    "subnet2": { 
     "Type": "AWS::EC2::Subnet", 
     "Properties": { 
     "CidrBlock": "172.31.0.0/20", 
     "AvailabilityZone": "us-east-2b", 
     "VpcId": { 
      "Ref": "VPC1" 
     }, 
     "Tags": [ 
      { 
      "Key": "Name", 
      "Value": "MyDashboard" 
      } 
     ] 
     } 
    }, 
    "subnet3": { 
     "Type": "AWS::EC2::Subnet", 
     "Properties": { 
     "CidrBlock": "172.31.32.0/20", 
     "AvailabilityZone": "us-east-2a", 
     "VpcId": { 
      "Ref": "VPC1" 
     } 
     } 
    }, 
"acl1": { 
     "Type": "AWS::EC2::NetworkAclEntry", 
     "Properties": { 
     "CidrBlock": "0.0.0.0/0", 
     "Egress": "true", 
     "Protocol": "-1", 
     "RuleAction": "allow", 
     "RuleNumber": "100", 
     "NetworkAclId": { 
      "Ref": "NetworkAcl1" 
     } 
     } 
    }, 
    "acl2": { 
     "Type": "AWS::EC2::NetworkAclEntry", 
     "Properties": { 
     "CidrBlock": "0.0.0.0/0", 
     "Protocol": "-1", 
     "RuleAction": "allow", 
     "RuleNumber": "101", 
     "NetworkAclId": { 
      "Ref": "NetworkAcl2" 
     } 
     } 
    }, 
    "acl3": { 
     "Type": "AWS::EC2::NetworkAclEntry", 
     "Properties": { 
     "CidrBlock": "0.0.0.0/0", 
     "Egress": "true", 
     "Protocol": "-1", 
     "RuleAction": "allow", 
     "RuleNumber": "102", 
     "NetworkAclId": { 
      "Ref": "NetworkAcl3" 
     } 
     } 
    }, 
    "subnetacl1": { 
     "Type": "AWS::EC2::SubnetNetworkAclAssociation", 
     "Properties": { 
     "NetworkAclId": { 
      "Ref": "acl1" 
     }, 
     "SubnetId": { 
      "Ref": "subnet1" 
     } 
     } 
    }, 
    "subnetacl2": { 
     "Type": "AWS::EC2::SubnetNetworkAclAssociation", 
     "Properties": { 
     "NetworkAclId": { 
      "Ref": "acl2" 
     }, 
     "SubnetId": { 
      "Ref": "subnet2" 
     } 
     } 
    }, 
    "subnetacl3": { 
     "Type": "AWS::EC2::SubnetNetworkAclAssociation", 
     "Properties": { 
     "NetworkAclId": { 
      "Ref": "acl3" 
     }, 
     "SubnetId": { 
      "Ref": "subnet3" 
     } 
     } 
    }, 
"NetworkAcl1": { 
     "Type": "AWS::EC2::NetworkAcl", 
     "Properties": { 
     "VpcId": { 
      "Ref": "VPC1" 
     } 
     } 
    }, 
    "NetworkAcl2": { 
     "Type": "AWS::EC2::NetworkAcl", 
     "Properties": { 
     "VpcId": { 
      "Ref": "VPC1" 
     } 
     } 
    }, 
    "NetworkAcl3": { 
     "Type": "AWS::EC2::NetworkAcl", 
     "Properties": { 
     "VpcId": { 
      "Ref": "VPC1" 
     } 
     } 
    } 

Answer 1

Вопрос заключается в том, что NetworkAclId собственность в AWS::EC2::SubnetNetworkAclAssociation ресурсах ("subnetacl[1-3]") должна ссылаться на AWS::EC2::NetworkAcl ресурсах ("NetworkAcl[1-3]"), а не AWS::EC2::NetworkAclEntry ресурсов ("acl[1-3]"), поскольку они в настоящее время.