amazon-web-services - 仅使用 CloudFormation 分配私有(private) IP

Question

我正在使用 CloudFormation 创建 EC2 实例。我想要实现的只是分配一个私有(private)IP。没有公共(public)IP。一切都创建得很好，它为私有(private) IP 创建了一个 DNS 条目，但它也创建了一个公共(public) IP。我怎样才能告诉它不要创建公共(public)IP。这是我的模板。 vpc_id 和subnet_id 位于专用网络上。

AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS CloudFormation template for creating riskInternalElk instance with DNS record'
Parameters:
Resources:
  InstanceSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      GroupName: "{{security_group_name}}"
      GroupDescription: "{{security_group_name}}"
      VpcId: "{{vpc_id}}"
      SecurityGroupIngress:
{% for item in security_group_ingress %}
      - IpProtocol: "{{item.protocol}}"
        FromPort: "{{item.from_port}}"
        ToPort: "{{item.to_port}}"
        CidrIp: "{{item.cidr_ip}}"
{% endfor %}
  NetworkInterface:
    Type: AWS::EC2::NetworkInterface
    Properties:
      SubnetId: "{{subnet_id}}"
      Description: "{{subnet_description}}"
      GroupSet:
      - !Ref InstanceSecurityGroup
      SourceDestCheck: true
      Tags:
      - Key: Network
        Value: Web
  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      Tags:
      - Key: "Name"
        Value: "{{instance_name}}"
      ImageId: "{{image_id}}"
      InstanceType: "{{instance_type}}"
      KeyName: "{{key_name}}"
      NetworkInterfaces:
      - NetworkInterfaceId: !Ref NetworkInterface
        DeviceIndex: 1
      BlockDeviceMappings:
      - DeviceName: "{{device_name}}"
        Ebs:
          VolumeType: "gp2"
          VolumeSize: "{{volume_size}}"
          Encrypted: true
          DeleteOnTermination: false
  DnsRecord:
    Type: AWS::Route53::RecordSet
    Properties:
      HostedZoneName: "{{hosted_zone_name}}"
      Comment: "DNS name for risk internal ec2 instance."
      Name: "{{host_name}}"
      Type: A
      TTL: '60'
      ResourceRecords:
      - !GetAtt EC2Instance.PrivateIp

Answer 1

您可以在 EC2:Instance 资源集中为 NetworkInterfaces 指定信息。不同的是，让它偏离分配公共(public) IP 的子网设置。

具体将 AssociatePublicIpAddress 设置为“False”，并将 NetworkInterface 资源移至内联，如下所示:

  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      Tags:
      - Key: "Name"
        Value: "{{instance_name}}"
      ImageId: "{{image_id}}"
      InstanceType: "{{instance_type}}"
      KeyName: "{{key_name}}"

      NetworkInterfaces:  
      - AssociatePublicIpAddress: false <--- This should do it
        DeleteOnTermination: false
        DeviceIndex: 0
        SubnetId: "{{subnet_id}}"
        Description: "{{subnet_description}}"
        GroupSet:
        - !Ref InstanceSecurityGroup
        SourceDestCheck: true

      BlockDeviceMappings:
      - DeviceName: "{{device_name}}"
        Ebs:
          VolumeType: "gp2"
          VolumeSize: "{{volume_size}}"
          Encrypted: true
          DeleteOnTermination: false