我正在尝试使用 Cloudformation 模板自动启动实例。 创建堆栈时出现以下错误:
Security group sg-xxxxx and subnet subnet-xxxxx belong to different networks.
这是我当前的模板:
{
"Description": "AWS Cloudformation template to launch a Docker Swarm cluster of two nodes.",
"Resources" : {
"TwitterappVPC": {
"Type": "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "10.0.0.0/16",
"EnableDnsSupport" : "true",
"EnableDnsHostnames" : "true",
"InstanceTenancy" : "dedicated"
}
},
"PublicSubnet" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "TwitterappVPC" },
"CidrBlock" : "10.0.0.0/16",
"AvailabilityZone": {
"Fn::Select" : [ "0", { "Fn::GetAZs" : "" } ]
}
}
},
"InternetGateway" : {
"Type" : "AWS::EC2::InternetGateway"
},
"AttachGateway" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"VpcId" : { "Ref" : "TwitterappVPC" },
"InternetGatewayId" : { "Ref" : "InternetGateway" }
}
},
"TwitterappSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable all Swarm, Microservices and SSH traffic ports",
"SecurityGroupIngress" : [
{"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0"},
{"IpProtocol" : "tcp", "FromPort" : "2377", "ToPort" : "2377", "CidrIp" : "0.0.0.0/0"},
{"IpProtocol" : "tcp", "FromPort" : "4789", "ToPort" : "4789", "CidrIp" : "0.0.0.0/0"},
{"IpProtocol" : "udp", "FromPort" : "4789", "ToPort" : "4789", "CidrIp" : "0.0.0.0/0"},
{"IpProtocol" : "tcp", "FromPort" : "7946", "ToPort" : "7946", "CidrIp" : "0.0.0.0/0"},
{"IpProtocol" : "udp", "FromPort" : "7946", "ToPort" : "7946", "CidrIp" : "0.0.0.0/0"},
{"IpProtocol" : "tcp", "FromPort" : "3306", "ToPort" : "3306", "CidrIp" : "0.0.0.0/0"},
{"IpProtocol" : "tcp", "FromPort" : "8080", "ToPort" : "8095", "CidrIp" : "0.0.0.0/0"}
],
"VpcId" : {"Ref" : "TwitterappVPC"}
}
},
"PublicRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : {"Ref" : "TwitterappVPC"}
}
},
"PublicRoute" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : "AttachGateway",
"Properties" : {
"RouteTableId" : { "Ref" : "PublicRouteTable" },
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : { "Ref" : "InternetGateway" }
}
},
"PublicSubnetRouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "PublicSubnet" },
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"TwitterappMasterNode": {
"Type": "AWS::EC2::Instance",
"Properties": {
"AvailabilityZone": {
"Fn::Select" : [ "0", { "Fn::GetAZs" : "" } ]
},
"InstanceType": "t2.medium",
"KeyName": "keypair-xxxx",
"ImageId": "ami-ac442ac3",
"SecurityGroupIds": [{"Ref" : "TwitterappSecurityGroup"}]
}
}
}
}
这让我想到了以下内容 stackoverflow question
建议的解决方案是将一些网络接口(interface)属性添加到 EC2 实例属性中:
"NetworkInterfaces": [
{
"SubnetId": {"Ref": "PublicSubnet"},
"AssociatePublicIpAddress": "true",
"DeviceIndex": "0",
"GroupSet": [{ "Ref" : "TwitterappSecurityGroup" }]
}
]
这给了我以下错误:
Network interfaces and an instance-level security groups may not be specified on the same request
我做错了什么?
最佳答案
我真是太蠢了...
删除后问题已解决
"SecurityGroupIds": [{"Ref" : "TwitterappSecurityGroup"}]
来自 EC2 实例属性。
并添加网络接口(interface)属性
"NetworkInterfaces": [
{
"SubnetId": {"Ref": "PublicSubnet"},
"AssociatePublicIpAddress": "true",
"DeviceIndex": "0",
"GroupSet": [{ "Ref" : "TwitterappSecurityGroup" }]
}
]
关于amazon-web-services - 安全组sg-xxxxx和子网subnet-xxxxx属于不同网络,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50213699/