【发布时间】:2025-12-31 05:05:18
【问题描述】:
我已经编写了 Cloud Formation yaml 代码来创建一个 VPC,该 VPC 在多 AZ 中具有 2 个公共子网,在多个 AZ 中具有 2 个私有子网。我已经创建了互联网网关、路由表和安全组(一个用于公共,一个用于 RT 和 SG 专用)。关联各个路由表中的子网。我创建了 ALB 和 ASG。所有这些都使用云的形成。
我在 ASG cloudformation 模板中指定了所需的实例为 2,最小值为 1,最大值为 4。在启动配置模板中,我提到所有实例都应该在具有多可用区的私有子网中启动。 ALB 放置在公共子网中,并且面向 Internet。我还没有创建 NAT 网关。
我将使用用户数据在公共子网中创建一个实例来安装 httpd。 我的问题是:有什么方法可以创建此实例的图像。相同代码中的条件
如果可能的话,我将使用从公共实例创建的图像的这个 ami id 在私有子网中创建一个实例。
Resources:
CFVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: Cloud_Formation_VPC
CFIGW:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: Cloud_Formation_IGW
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref CFVPC
InternetGatewayId: !Ref CFIGW
CFPublicSubnet1a:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CFVPC
AvailabilityZone: ap-south-1a
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public Subnet 1a
CFPrivateSubnet1a:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CFVPC
AvailabilityZone: ap-south-1a
CidrBlock: 10.0.2.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Private Subnet 1a
CFPublicSubnet1b:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CFVPC
AvailabilityZone: ap-south-1b
CidrBlock: 10.0.3.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public Subnet 1b
CFPrivateSubnet1b:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CFVPC
AvailabilityZone: ap-south-1b
CidrBlock: 10.0.4.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Private Subnet 1b
CFPublicRT:
Type: AWS::EC2::RouteTable
Properties:
Tags:
- Key: Name
Value: Public RT
VpcId: !Ref CFVPC
CFPrivateRT:
Type: AWS::EC2::RouteTable
Properties:
Tags:
- Key: Name
Value: Private RT
VpcId: !Ref CFVPC
routetablepublicsubnetassociation1a:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CFPublicRT
SubnetId: !Ref CFPublicSubnet1a
routetablepublicsubnetassociation1b:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CFPublicRT
SubnetId: !Ref CFPublicSubnet1b
routetableprivatesubnetassociation1a:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CFPrivateRT
SubnetId: !Ref CFPrivateSubnet1a
routetableprivatesubnetassociation1b:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CFPrivateRT
SubnetId: !Ref CFPrivateSubnet1b
CFPublicRoute:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref CFIGW
RouteTableId: !Ref CFPublicRT
CFALBSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow http/https/ssh
VpcId: !Ref CFVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 106.51.140.198/32
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 122.179.31.197/32
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
IpProtocol: -1
CFec2SG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow SSH
VpcId: !Ref CFVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
SourceSecurityGroupId: !Ref CFALBSG
CFAlbTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 10
HealthCheckPath: /http
HealthCheckPort: 80
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 7
HealthyThresholdCount: 5
Name: alb-target-group
Port: 80
Protocol: HTTP
Tags:
- Key: Name
Value: Alb-TargetGp
UnhealthyThresholdCount: 10
VpcId: !Ref CFVPC
CFALB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddressType: ipv4
Type: application
Name: cf-elb
Scheme: internet-facing
SecurityGroups:
- !Ref CFALBSG
Subnets:
- !Ref CFPublicSubnet1a
- !Ref CFPublicSubnet1b
Tags:
- Key: Name
Value: CF-ALB
CFALBListner:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref CFAlbTargetGroup
Type: forward
LoadBalancerArn: !Ref CFALB
Port: 80
Protocol: HTTP
CFASGLaunchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
AssociatePublicIpAddress: true
ImageId: ami-043f9106e7f451340
InstanceMonitoring: false
InstanceType: t2.micro
KeyName: QuadraKeyBLR
SecurityGroups:
- !Ref CFec2SG
CFPlacementGroup:
Type: AWS::EC2::PlacementGroup
Properties:
Strategy: spread
CFASG:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
AutoScalingGroupName: Cloudformation_autoscalling
AvailabilityZones:
- ap-south-1a
- ap-south-1b
LaunchConfigurationName: !Ref CFASGLaunchConfig
VPCZoneIdentifier:
- !Ref CFPrivateSubnet1a
- !Ref CFPrivateSubnet1b
Cooldown: 120
DesiredCapacity: 2
MaxSize: 4
MinSize: 1
PlacementGroup: !Ref CFPlacementGroup
TargetGroupARNs:
- !Ref CFAlbTargetGroup
【问题讨论】:
-
medium.com/poka-techblog/…。我的一个建议是尽可能在现有工具集中使用 terraform 等 IaaC 工具
标签: amazon-web-services yaml amazon-cloudformation