amazon-web-services - 如何仅将私有(private)IP分配给EC2实例？

Question

下面是在公共(public)子网中创建EC2实例的cloudformation代码，取自here :

"EC2Instance":{ "Type": "AWS::EC2::Instance", "Properties":{ "ImageId": "ami-05958d7635caa4d04", "InstanceType": "t2.micro", "SubnetId": { "Ref": "SubnetId"}, "KeyName": { "Ref": "KeyName"}, "SecurityGroupIds": [ { "Ref": "EC2InstanceSecurityGroup"} ], "IamInstanceProfile": { "Ref" : "EC2InstanceProfile"}, "UserData":{ "Fn::Base64": { "Fn::Join": ["", [ "#!/bin/bash\n", "echo ECS_CLUSTER=", { "Ref": "EcsCluster" }, " >> /etc/ecs/ecs.config\n", "groupadd -g 1000 jenkins\n", "useradd -u 1000 -g jenkins jenkins\n", "mkdir -p /ecs/jenkins_home\n", "chown -R jenkins:jenkins /ecs/jenkins_home\n" ] ] } }, "Tags": [ { "Key": "Name", "Value": { "Fn::Join": ["", [ { "Ref": "AWS::StackName"}, "-instance" ] ]} }] } },

---

默认情况下，公共(public) IP 被分配给 EC2 实例:

如何让EC2实例只分配私有(private)IP？

Answer 1

这个很简单。

将AssociatePublicIpAddress设置为false。

"Ec2Instance" : {
  "Type" : "AWS::EC2::Instance",
  "Properties" : {
    "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
    "KeyName" : { "Ref" : "KeyName" },
    "NetworkInterfaces": [ {
      "AssociatePublicIpAddress": false,
      "DeviceIndex": "0",
      "GroupSet": [{ "Ref" : "myVPCEC2SecurityGroup" }],
      "SubnetId": { "Ref" : "PublicSubnet" }
    } ]
  }
}

引用: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html