如何在 AWS CloudFormation 模板中为新的 SecurityGroup 使用现有 VPC

【问题标题】:How to use existing VPC in AWS CloudFormation template for new SecurityGroup如何在 AWS CloudFormation 模板中为新的 SecurityGroup 使用现有 VPC
【发布时间】:2020-12-09 20:21:40
【问题描述】:

我正在尝试 EC2 实例(新)、安全组(新)和 VPC(现有)。这是我的 cloudformation 模板。

当我在 Stack 中运行模板时,出现*"Value () for parameter groupId is invalid. The value cannot be empty"* 错误。如何解决?

模板:

Parameters:
  VPCID:
    Description: Name of an existing VPC
    Type: AWS::EC2::VPC::Id
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: must be the name of an existing EC2 KeyPair.
  InstanceType:
    Description: EC2 instance type
    Type: String
    Default: t2.medium
    AllowedValues:
      - t2.medium
      - t2.large
  AccessLocation:
    Description: The IP address range that can be used to access to the EC2 instances
    Type: String
Resources:
  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref 'InstanceType'
      SecurityGroups:
        - !Ref 'InstanceSecurityGroup'
      KeyName: !Ref 'KeyName'
      ImageId: !Ref 'ImageId'   
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      VpcId: !Ref VPCID
      GroupDescription: Enable SSH 
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp: !Ref 'AccessLocation'

【问题讨论】:

    标签: amazon-web-services yaml amazon-cloudformation amazon-vpc


    【解决方案1】:

    SecurityGroups 只能用于默认 VPC。由于您将VPCID 显式分配给InstanceSecurityGroup,因此这将被视为非默认值,从而导致部署失败。

    必须在您的情况下使用SecurityGroupIds(而不是SecurityGroups),因为您的VPC使用将被视为非默认

          SecurityGroupIds:
        - !GetAtt 'InstanceSecurityGroup.GroupId'

    【讨论】:

      【解决方案2】:

      SecurityGroups 属性中的EC2Instance 资源中的错误。 SecurityGroups 需要一个 GroupId 数组,但是当您使用 !Ref InstanceSecurityGroup 时,这将返回 ResourceId。所以你需要使用GetAtt 来获取GroupId

      Parameters:
  VPCID:
    Description: Name of an existing VPC
    Type: AWS::EC2::VPC::Id
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: must be the name of an existing EC2 KeyPair.
  InstanceType:
    Description: EC2 instance type
    Type: String
    Default: t2.medium
    AllowedValues:
      - t2.medium
      - t2.large
  AccessLocation:
    Description: The IP address range that can be used to access to the EC2 instances
    Type: String
Resources:
  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref 'InstanceType'
      SecurityGroups:
        - !GetAtt InstanceSecurityGroup.GroupId
      KeyName: !Ref 'KeyName'
      ImageId: !Ref 'ImageId'   
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      VpcId: !Ref VPCID
      GroupDescription: Enable SSH 
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp: !Ref 'AccessLocation'

      https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html

      【讨论】:

        猜你喜欢
        • 2014-08-08
        • 2021-10-27
        • 1970-01-01
        • 2019-07-12
        • 1970-01-01
        • 1970-01-01
        • 2020-10-22
        • 2019-04-27
        • 2018-05-04
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode