问题描述
我正在将应用程序部署到AWS环境中。我正在模板中创建Elastic Cache Cluster资源。但是,当我部署模板时,它无法创建Elastic Cache Cluster资源。
这是我的模板。
AWstemplateFormatVersion: '2010-09-09'
Description: "Pathein Directory web application deployment template."
Parameters:
KeyName:
Default: 'PatheinDirectory'
Type: String
InstanceType:
Default: 't2.micro'
Type: String
SSHLocation:
Description: The IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x
Mappings:
Region2Principal:
us-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-south-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-east-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ca-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
sa-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
cn-north-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
cn-northwest-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
eu-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-north-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
Resources:
WebServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security Group for EC2 instances
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp:
Ref: SSHLocation
WebServerRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- Fn::FindInMap:
- Region2Principal
- Ref: AWS::Region
- EC2Principal
Action:
- sts:AssumeRole
Path: /
WebServerRolePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: WebServerRole
PolicyDocument:
Statement:
- Effect: Allow
NotAction: iam:*
Resource: '*'
Roles:
- Ref: WebServerRole
WebServerInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- Ref: WebServerRole
Application:
Type: AWS::ElasticBeanstalk::Application
Properties:
Description: AWS Elastic Beanstalk Pathein Directory Laravel application
ApplicationVersion:
Type: AWS::ElasticBeanstalk::ApplicationVersion
Properties:
Description: Version 1.0
ApplicationName:
Ref: Application
SourceBundle:
S3Bucket:
Fn::Join:
- '-'
- - elasticbeanstalk-samples
- Ref: AWS::Region
S3Key: PHP-sample.zip
ApplicationConfigurationTemplate:
Type: AWS::ElasticBeanstalk::ConfigurationTemplate
Properties:
ApplicationName:
Ref: Application
Description: SSH access to Pathein Directory Laravel application
SolutionStackName: 64bit Amazon Linux 2 v3.1.0 running PHP 7.3
OptionSettings:
- Namespace: aws:autoscaling:launchconfiguration
OptionName: EC2KeyName
Value:
Ref: KeyName
- Namespace: aws:autoscaling:launchconfiguration
OptionName: IamInstanceProfile
Value:
Ref: WebServerInstanceProfile
- Namespace: aws:autoscaling:launchconfiguration
OptionName: SecurityGroups
Value:
Ref: WebServerSecurityGroup
Environment:
Type: AWS::ElasticBeanstalk::Environment
Properties:
Description: AWS Elastic Beanstalk Environment running Pathein Directory Laravel application
ApplicationName:
Ref: Application
EnvironmentName: PatheinDirectoryTesting
TemplateName:
Ref: ApplicationConfigurationTemplate
VersionLabel:
Ref: ApplicationVersion
OptionSettings:
- Namespace: aws:elasticbeanstalk:environment
OptionName: EnvironmentType
Value: SingleInstance
- Namespace: aws:elasticbeanstalk:container:PHP:PHPini
OptionName: document_root
Value: /public
ElasticCacheSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable TCP connection on port 6379
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '6379'
ToPort: '6379'
SourceSecurityGroupId: !GetAtt WebServerSecurityGroup.GroupId
ElasticCacheCluster:
Type: AWS::ElastiCache::CacheCluster
Properties:
AZMode: cross-az
CacheNodeType: cache.t2.small
Engine: memcached
NumCacheNodes: '2'
VpcSecurityGroupIds:
- !Ref ElasticCacheSecurityGroup
PreferredAvailabilityZones:
- !Select
- 0
- Fn::GetAZs: !Ref AWS::Region
- !Select
- 1
- Fn::GetAZs: !Ref AWS::Region
这是日志中的错误。
{
"StackId": "arn:aws:cloudformation:eu-west-1:733553390213:stack/patheindirectory/ec64d370-e7e1-11ea-9dd6-0a1312d0cd8a","EventId": "fdb2e900-e7e1-11ea-9b3d-02e056ab1688","StackName": "patheindirectory","LogicalResourceId": "patheindirectory","PhysicalResourceId": "arn:aws:cloudformation:eu-west-1:733553390213:stack/patheindirectory/ec64d370-e7e1-11ea-9dd6-0a1312d0cd8a","ResourceType": "AWS::CloudFormation::Stack","Timestamp": "2020-08-26T21:20:39.812000+00:00","ResourceStatus": "ROLLBACK_IN_PROGRESS","ResourceStatusReason": "The following resource(s) Failed to create: [ElasticCacheCluster,WebServerRole]. . Rollback requested by user."
},{
"StackId": "arn:aws:cloudformation:eu-west-1:733553390213:stack/patheindirectory/ec64d370-e7e1-11ea-9dd6-0a1312d0cd8a","EventId": "ElasticCacheCluster-CREATE_Failed-2020-08-26T21:20:36.420Z","LogicalResourceId": "ElasticCacheCluster","PhysicalResourceId": "","ResourceType": "AWS::ElastiCache::CacheCluster","Timestamp": "2020-08-26T21:20:36.420000+00:00","ResourceStatus": "CREATE_Failed","ResourceStatusReason": "Some security group Id not recognized by EC2: securityGroupIds[[patheindirectory-ElasticCacheSecurityGroup-1BYYWJDZOM4TM]],awsAccountId[733553390213] (Service: AmazonElastiCache; Status Code: 40
0; Error Code: InvalidParameterValue; Request ID: 331c0240-bed8-4861-9b92-29603ad2b08c)","ResourceProperties": "{\"CacheNodeType\":\"cache.t2.small\",\"VpcSecurityGroupIds\":[\"patheindirectory-ElasticCacheSecurityGroup-1BYYWJDZOM4TM\"],\"PreferredAvailabilityZones\":[\"eu-west-1a\",\"eu-west-1b\"],\"NumCach
eNodes\":\"2\",\"Engine\":\"memcached\",\"AZMode\":\"cross-az\"}"
},我该如何解决?
解决方法
VpcSecurityGroupIds应该包含SG组ID,而不是SG名称。
因此,您应该替换:
VpcSecurityGroupIds:
- !Ref ElasticCacheSecurityGroup
使用
VpcSecurityGroupIds:
- !GetAtt ElasticCacheSecurityGroup.GroupId
请注意,可能还有其他尚不明显的问题。但是上述更改应该可以解决您的问题中报告的错误。