我正在设计一个cloudformation模板,但我需要在几个安全组之间进行选择
我定义了一个参数和两个条件来启用一个或另一个同名的策略(以维护依赖关系)
但是该模板不适用于这两个选项,
当参数具有 True 选项时,堆栈可以工作,并且值为 False 时会显示以下错误:
Template format error: Unresolved resource dependencies [mySecurityGroup] in the Resources block of the template
这是模板的片段:
Parameters:
KeyName:
Description: EC2 KeyPair
Type: 'AWS::EC2::KeyPair::KeyName'
Reception:
Description: Enable reception
Default: False
Type: String
AllowedValues:
- True
- False
Conditions:
Enable:
!Equals [True, !Ref Reception]
Disable:
!Equals [False, !Ref Reception]
Resources:
myVPC:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
InstanceTenancy: default
Tags:
- Key: Name
Value: myVPC
mySubNet:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref myVPC
CidrBlock: 10.0.0.0/24
Tags:
- Key: Name
Value: mySubNet
mySecurityGroup:
Condition: Disable
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref myVPC
GroupDescription: Security Group for EC2
SecurityGroupIngress:
- IpProtocol: udp
FromPort: 4114
ToPort: 4114
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: mySecurityGroup
mySecurityGroup:
Condition: Enable
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref myVPC
GroupDescription: Security Group for EC2
SecurityGroupIngress:
- IpProtocol: udp
FromPort: 5683
ToPort: 5683
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: mySecurityGroup
myEC2:
Type: 'AWS::EC2::Instance'
Properties:
KeyName: !Ref KeyName
ImageId: ami-028188d9b49b32a80
InstanceType: t2.nano
NetworkInterfaces:
- SubnetId: !Ref mySubNet
AssociatePublicIpAddress: 'true'
DeviceIndex: 0
GroupSet:
- !Ref mySecurityGroup
Tags:
- Key: Name
Value: myEC2
我不确定哪个是正确的方法
最佳答案
好吧,我不能发表评论,因为我的代表是 48,而不是 50。:(
无论如何,我对你的问题没有实际的答案,但我希望我这里的内容能够帮助你。
- 在“参数”部分中,您有以下内容:
Conditions:
Enable:
!Equals [True, !Ref Reception]
Disable:
!Equals [False, !Ref Reception]
1a。这是行不通的。您只需要一个条件语句:
Conditions: # Checks to see if Conditional Values are True
ReceptionYes: !Equals [ !Ref Reception, True]
- 这就是它变得棘手的地方。
您需要在资源中添加一个条件行,例如(我遇到困难的地方,就是在下面放置此行的位置):
!If [ReceptionYes, !Ref mySecurityGroup2, !Ref mySecurityGroup1]
第一个 !Ref 如果 True,否则使用第二个 !Ref
现在,根据理论,您应该能够执行以下操作:
mySecurityGroup1:
Condition: Disable
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref myVPC
GroupDescription: Security Group for EC2
SecurityGroupIngress:
- IpProtocol: udp
FromPort: 4114
ToPort: 4114
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: mySecurityGroup
mySecurityGroup2:
Condition: Enable
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref myVPC
GroupDescription: Security Group for EC2
SecurityGroupIngress:
- IpProtocol: udp
FromPort: 5683
ToPort: 5683
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: mySecurityGroup
好吧,如果这不起作用,我希望它能让您更接近答案。 :D
关于amazon-web-services - 云信息 AWS : choose between Security Groups,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58639749/