我编写了云形成 yaml 代码来创建一个 VPC,该 VPC 具有多个可用区中的 2 个公共(public)子网和多个可用区中的 2 个私有(private)子网。我创建了互联网网关、路由表和安全组(一个用于公共(public),一个用于 RT 和 SG 的私有(private))。在各自的路由表中关联子网。我创建了 ALB 和 ASG。所有这些都使用云的形成。
我已在 ASG cloudformation 模板中指定所需实例为 2、最小值为 1、最大值为 4。在启动配置模板中,我提到所有实例都应该在具有多个可用区的私有(private)子网中启动。 ALB 位于公共(public)子网中,面向互联网。我还没有创建 NAT 网关。
我将使用用户数据在公共(public)子网中创建一个实例来安装 httpd。 我的问题是:有什么方法可以创建此实例的图像。相同代码中的条件
如果可能的话,我将使用从公共(public)实例创建的图像的 ami id 在私有(private)子网中创建实例。
Resources:
CFVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: Cloud_Formation_VPC
CFIGW:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: Cloud_Formation_IGW
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref CFVPC
InternetGatewayId: !Ref CFIGW
CFPublicSubnet1a:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CFVPC
AvailabilityZone: ap-south-1a
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public Subnet 1a
CFPrivateSubnet1a:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CFVPC
AvailabilityZone: ap-south-1a
CidrBlock: 10.0.2.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Private Subnet 1a
CFPublicSubnet1b:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CFVPC
AvailabilityZone: ap-south-1b
CidrBlock: 10.0.3.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public Subnet 1b
CFPrivateSubnet1b:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CFVPC
AvailabilityZone: ap-south-1b
CidrBlock: 10.0.4.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Private Subnet 1b
CFPublicRT:
Type: AWS::EC2::RouteTable
Properties:
Tags:
- Key: Name
Value: Public RT
VpcId: !Ref CFVPC
CFPrivateRT:
Type: AWS::EC2::RouteTable
Properties:
Tags:
- Key: Name
Value: Private RT
VpcId: !Ref CFVPC
routetablepublicsubnetassociation1a:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CFPublicRT
SubnetId: !Ref CFPublicSubnet1a
routetablepublicsubnetassociation1b:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CFPublicRT
SubnetId: !Ref CFPublicSubnet1b
routetableprivatesubnetassociation1a:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CFPrivateRT
SubnetId: !Ref CFPrivateSubnet1a
routetableprivatesubnetassociation1b:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CFPrivateRT
SubnetId: !Ref CFPrivateSubnet1b
CFPublicRoute:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref CFIGW
RouteTableId: !Ref CFPublicRT
CFALBSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow http/https/ssh
VpcId: !Ref CFVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 106.51.140.198/32
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 122.179.31.197/32
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
IpProtocol: -1
CFec2SG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow SSH
VpcId: !Ref CFVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
SourceSecurityGroupId: !Ref CFALBSG
CFAlbTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 10
HealthCheckPath: /http
HealthCheckPort: 80
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 7
HealthyThresholdCount: 5
Name: alb-target-group
Port: 80
Protocol: HTTP
Tags:
- Key: Name
Value: Alb-TargetGp
UnhealthyThresholdCount: 10
VpcId: !Ref CFVPC
CFALB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddressType: ipv4
Type: application
Name: cf-elb
Scheme: internet-facing
SecurityGroups:
- !Ref CFALBSG
Subnets:
- !Ref CFPublicSubnet1a
- !Ref CFPublicSubnet1b
Tags:
- Key: Name
Value: CF-ALB
CFALBListner:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref CFAlbTargetGroup
Type: forward
LoadBalancerArn: !Ref CFALB
Port: 80
Protocol: HTTP
CFASGLaunchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
AssociatePublicIpAddress: true
ImageId: ami-043f9106e7f451340
InstanceMonitoring: false
InstanceType: t2.micro
KeyName: QuadraKeyBLR
SecurityGroups:
- !Ref CFec2SG
CFPlacementGroup:
Type: AWS::EC2::PlacementGroup
Properties:
Strategy: spread
CFASG:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
AutoScalingGroupName: Cloudformation_autoscalling
AvailabilityZones:
- ap-south-1a
- ap-south-1b
LaunchConfigurationName: !Ref CFASGLaunchConfig
VPCZoneIdentifier:
- !Ref CFPrivateSubnet1a
- !Ref CFPrivateSubnet1b
Cooldown: 120
DesiredCapacity: 2
MaxSize: 4
MinSize: 1
PlacementGroup: !Ref CFPlacementGroup
TargetGroupARNs:
- !Ref CFAlbTargetGroup
最佳答案
关于amazon-web-services - 使用 cloudformation 模板创建 ec2 实例的镜像,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58812708/