问题描述
我有这个模板代码,我正试图在我的 ElasticBeanStalk 应用程序中实现它,但它引用了我的默认 vpc,我找不到如何引用我自己的 VPC 而不是默认 VPC。 这是我的YAML 代码:(我只需要知道如何引用我的 VpcID)
我尝试添加我在 aws 资源中找到的一些行,但它们不起作用:(每个单独的我没有一起使用它们)
Type: 'AWS::EC2::VPC::Id'
VpcId: String
Vpc:
Default: "vpc-"
Type: String
VpcCidr:
Default: "10.0.0.0/16"
Type: String
这是我的原始代码:
Resources:
MyCacheSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: "Lock cache down to webserver access only"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort:
Fn::GetoptionSetting:
OptionName: CachePort
DefaultValue: 11211
ToPort:
Fn::GetoptionSetting:
OptionName: CachePort
DefaultValue: 11211
SourceSecurityGroupName:
Ref: AWSEBSecurityGroup
MyElastiCache:
Type: 'AWS::ElastiCache::CacheCluster'
Properties:
CacheNodeType:
Fn::GetoptionSetting:
OptionName: CacheNodeType
DefaultValue: cache.t2.micro
NumCacheNodes:
Fn::GetoptionSetting:
OptionName: NumCacheNodes
DefaultValue: 1
Engine:
Fn::GetoptionSetting:
OptionName: Engine
DefaultValue: redis
VpcSecurityGroupIds:
-
Fn::GetAtt:
- MyCacheSecurityGroup
- GroupId
AWSEBAutoScalingGroup :
Metadata :
ElastiCacheConfig :
CacheName :
Ref : MyElastiCache
CacheSize :
Fn::GetoptionSetting:
OptionName : NumCacheNodes
DefaultValue: 1
WebServerUser :
Type : AWS::IAM::User
Properties :
Path : "/"
Policies:
-
PolicyName: root
PolicyDocument :
Statement :
-
Effect : Allow
Action :
- cloudformation:DescribeStackResource
- cloudformation:ListStackResources
- elasticache:DescribeCacheClusters
Resource : "*"
WebServerKeys :
Type : AWS::IAM::AccessKey
Properties :
UserName :
Ref: WebServerUser
Outputs:
WebsiteURL:
Description: sample output only here to show inline string function parsing
Value: |
http://awseb-AWSEB-1U7AK1W53691K-1263338585.ca-central-1.elb.amazonaws.com
MyElastiCacheName:
Description: Name of the elasticache
Value:
Ref : MyElastiCache
NumCacheNodes:
Description: Number of cache nodes in MyElastiCache
Value:
Fn::GetoptionSetting:
OptionName : NumCacheNodes
DefaultValue: 1
files:
"/etc/cfn/cfn-credentials" :
content : |
AWSAccessKeyId=`{ "Ref" : "WebServerKeys" }`
AWSSecretKey=`{ "Fn::GetAtt" : ["WebServerKeys","SecretAccessKey"] }`
mode : "000400"
owner : root
group : root
"/etc/cfn/get-cache-nodes" :
content : |
# Define environment variables for command line tools
export AWS_ELASTICACHE_HOME="/home/ec2-user/elasticache/$(ls /home/ec2-user/elasticache/)"
export AWS_CLOUDFORMATION_HOME=/opt/aws/apitools/cfn
export PATH=$AWS_CLOUDFORMATION_HOME/bin:$AWS_ELASTICACHE_HOME/bin:$PATH
export AWS_CREDENTIAL_FILE=/etc/cfn/cfn-credentials
export JAVA_HOME=/usr/lib/jvm/jre
# Grab the Cache node names and configure the PHP page
aws cloudformation list-stack-resources --stack `{ "Ref" : "AWS::StackName" }` --region `{ "Ref" : "AWS::Region" }` --output text | grep MyElastiCache | awk '{print $4}' | xargs -I {} aws elasticache describe-cache-clusters --cache-cluster-id {} --region `{ "Ref" : "AWS::Region" }` --show-cache-node-info --output text | grep '^ENDPOINT' | awk '{print $2 ":" $3}' > `{ "Fn::GetoptionSetting" : { "OptionName" : "NodeListPath","DefaultValue" : "/var/www/html/nodelist" } }`
mode : "000500"
owner : root
group : root
"/etc/cfn/hooks.d/cfn-cache-change.conf" :
"content": |
[cfn-cache-size-change]
triggers=post.update
path=Resources.AWSEBAutoScalingGroup.Metadata.ElastiCacheConfig
action=/etc/cfn/get-cache-nodes
runas=root
sources :
"/home/ec2-user/elasticache" : "https://s3.amazonaws.com/elasticache-downloads/AmazonElastiCacheCli-latest.zip"
commands:
make-elasticache-executable:
command: chmod -R ugo+x /home/ec2-user/elasticache/*/bin/*
packages :
"yum" :
"aws-apitools-cfn" : []
container_commands:
initial_cache_nodes:
command: /etc/cfn/get-cache-nodes
解决方法
您必须使用 VpcId 属性将您的安全组放在您的 VPC 中:
MyCacheSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: "Lock cache down to webserver access only"
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort:
Fn::GetOptionSetting:
OptionName: CachePort
DefaultValue: 11211
ToPort:
Fn::GetOptionSetting:
OptionName: CachePort
DefaultValue: 11211
SourceSecurityGroupName:
Ref: AWSEBSecurityGroup
我只是重写了整件事,在一个文件中使用这个:
Resources:
MyElastiCache:
Type: "AWS::ElastiCache::CacheCluster"
Properties:
CacheNodeType:
Fn::GetOptionSetting:
OptionName : "CacheNodeType"
DefaultValue : "cache.t2.micro"
NumCacheNodes:
Fn::GetOptionSetting:
OptionName : "NumCacheNodes"
DefaultValue : "1"
Engine:
Fn::GetOptionSetting:
OptionName : "Engine"
DefaultValue : "memcached"
CacheSubnetGroupName:
Ref: "MyCacheSubnets"
VpcSecurityGroupIds:
- Ref: "MemcachedSecurityGroup"
MemcachedSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: "Lock cache down to webserver access only"
VpcId:
Fn::GetOptionSetting:
OptionName : "VpcId"
SecurityGroupIngress :
- IpProtocol : "tcp"
FromPort :
Fn::GetOptionSetting:
OptionName : "CachePort"
DefaultValue: "11211"
ToPort :
Fn::GetOptionSetting:
OptionName : "CachePort"
DefaultValue: "11211"
SourceSecurityGroupId:
Ref: "AWSEBSecurityGroup"
MyCacheSubnets:
Type: "AWS::ElastiCache::SubnetGroup"
Properties:
Description: "Subnets for ElastiCache"
SubnetIds:
Fn::GetOptionSetting:
OptionName : "CacheSubnets"
Outputs:
ElastiCache:
Description : "ID of ElastiCache Cache Cluster with Memcached"
Value :
Ref : "MyElastiCache"
在另一个 .config 文件中使用这个:
option_settings:
"aws:elasticbeanstalk:customoption":
CacheNodeType : cache.t2.micro
NumCacheNodes : 1
Engine : memcached
CachePort : 11211
CacheSubnets:
- subnet-
- subnet-
- subnet-
VpcId: vpc-