如何在 cloudformation 模板中指定 subnetID,无论是从现有子网还是我创建的子网?
How do I specify subnetID in cloudformation template, either from existing subnet or one that I create?
如何在 YAML cloudformation 模板中从现有子网或我创建的子网中指定子网 ID?
我不断收到堆栈错误,它需要是一个字符串或以下内容。
2022-04-18 19:56:17 UTC+1000 DBInstance CREATE_FAILED参数groupName不能与参数subnet一起使用(服务:AmazonEC2;状态码:400;错误码:InvalidParameterCombination;请求ID:45b4589e-0195-4f13-9cde-d2200c0031bf;代理:null)
---
Parameters:
AvailabilityZone:
Type: String
Default: us-east-1a
EnvironmentInstanceType:
Description: "Specify the Environment type of the stack."
Type: String
Default: Web
AllowedValues:
- Web
- DB
KeyName:
Description: Saved Key Pair file for SSH Access
Type: AWS::EC2::KeyPair::KeyName
VpcId:
Description: Select your VPC
Type: AWS::EC2::VPC::Id
ImageId:
Description: GoldenAMI ImageId
Type: String
Default: ami-06170cf892b466b5a
PrivSubnetCIDR:
Description: Private Subnet CidrBlock
Type: String
Default: 10.0.1.0/24
PublicSecurityGroup:
Description: WebSecurityGroup
Type: String
Default: sg-081d3059c58edb3b6
PublicSubnet:
Description: Web/PublicSecurityGroup
Type : String
Default: subnet-0b3ea12c33b327f0a
Mappings:
EnvironmentToInstanceType:
Web:
InstanceType: t2.micro
DB:
InstanceType: t2.micro
Resources:
DBSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VpcId
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref PrivSubnetCIDR
MapPublicIpOnLaunch: false
DBInstance:
Type: AWS::EC2::Instance
Properties:
KeyName:
Ref: KeyName
InstanceType:
!FindInMap [
EnvironmentToInstanceType,
!Ref EnvironmentInstanceType,
InstanceType,
]
ImageId: !Ref ImageId
AvailabilityZone: !Ref AvailabilityZone
SubnetId:
Ref: DBSubnet
SecurityGroups: [!Ref DBSecurityGroup]
DBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "Open MySQL (port 3306)"
VpcId:
Ref: VpcId
DBOutboundRule1:
Type: AWS::EC2::SecurityGroupEgress
Properties:
GroupId: !Ref DBSecurityGroup
IpProtocol: tcp
FromPort: 22
ToPort: 22
SourceSecurityGroupId: !Ref PublicSecurityGroup
DBInboundRule1:
Type: AWS::EC2::SecurityGroupEgress
Properties:
GroupId: !Ref DBSecurityGroup
IpProtocol: tcp
FromPort: 3306
ToPort: 3306
SourceSecurityGroupId: !Ref PublicSecurityGroup
DBRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
DBSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref DBRouteTable
SubnetId: !Ref DBSubnet
WebInstance:
Type: AWS::EC2::Instance
Properties:
KeyName:
Ref: KeyName
InstanceType:
!FindInMap [
EnvironmentToInstanceType,
!Ref EnvironmentInstanceType,
InstanceType,
]
ImageId: !Ref ImageId
# AvailabilityZone: !Ref AvailabilityZone
SubnetId: !Ref PublicSubnet
SecurityGroupIds:
- Ref: PublicSecurityGroup
该错误与子网无关,而是与您的安全组有关。而不是:
SecurityGroups: [!Ref DBSecurityGroup]
应该是:
SecurityGroupIds: [!GetAtt DBSecurityGroup.GroupId]
如何在 YAML cloudformation 模板中从现有子网或我创建的子网中指定子网 ID?
我不断收到堆栈错误,它需要是一个字符串或以下内容。
2022-04-18 19:56:17 UTC+1000 DBInstance CREATE_FAILED参数groupName不能与参数subnet一起使用(服务:AmazonEC2;状态码:400;错误码:InvalidParameterCombination;请求ID:45b4589e-0195-4f13-9cde-d2200c0031bf;代理:null)
---
Parameters:
AvailabilityZone:
Type: String
Default: us-east-1a
EnvironmentInstanceType:
Description: "Specify the Environment type of the stack."
Type: String
Default: Web
AllowedValues:
- Web
- DB
KeyName:
Description: Saved Key Pair file for SSH Access
Type: AWS::EC2::KeyPair::KeyName
VpcId:
Description: Select your VPC
Type: AWS::EC2::VPC::Id
ImageId:
Description: GoldenAMI ImageId
Type: String
Default: ami-06170cf892b466b5a
PrivSubnetCIDR:
Description: Private Subnet CidrBlock
Type: String
Default: 10.0.1.0/24
PublicSecurityGroup:
Description: WebSecurityGroup
Type: String
Default: sg-081d3059c58edb3b6
PublicSubnet:
Description: Web/PublicSecurityGroup
Type : String
Default: subnet-0b3ea12c33b327f0a
Mappings:
EnvironmentToInstanceType:
Web:
InstanceType: t2.micro
DB:
InstanceType: t2.micro
Resources:
DBSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VpcId
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref PrivSubnetCIDR
MapPublicIpOnLaunch: false
DBInstance:
Type: AWS::EC2::Instance
Properties:
KeyName:
Ref: KeyName
InstanceType:
!FindInMap [
EnvironmentToInstanceType,
!Ref EnvironmentInstanceType,
InstanceType,
]
ImageId: !Ref ImageId
AvailabilityZone: !Ref AvailabilityZone
SubnetId:
Ref: DBSubnet
SecurityGroups: [!Ref DBSecurityGroup]
DBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "Open MySQL (port 3306)"
VpcId:
Ref: VpcId
DBOutboundRule1:
Type: AWS::EC2::SecurityGroupEgress
Properties:
GroupId: !Ref DBSecurityGroup
IpProtocol: tcp
FromPort: 22
ToPort: 22
SourceSecurityGroupId: !Ref PublicSecurityGroup
DBInboundRule1:
Type: AWS::EC2::SecurityGroupEgress
Properties:
GroupId: !Ref DBSecurityGroup
IpProtocol: tcp
FromPort: 3306
ToPort: 3306
SourceSecurityGroupId: !Ref PublicSecurityGroup
DBRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
DBSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref DBRouteTable
SubnetId: !Ref DBSubnet
WebInstance:
Type: AWS::EC2::Instance
Properties:
KeyName:
Ref: KeyName
InstanceType:
!FindInMap [
EnvironmentToInstanceType,
!Ref EnvironmentInstanceType,
InstanceType,
]
ImageId: !Ref ImageId
# AvailabilityZone: !Ref AvailabilityZone
SubnetId: !Ref PublicSubnet
SecurityGroupIds:
- Ref: PublicSecurityGroup
该错误与子网无关,而是与您的安全组有关。而不是:
SecurityGroups: [!Ref DBSecurityGroup]
应该是:
SecurityGroupIds: [!GetAtt DBSecurityGroup.GroupId]