个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
25
4
我很好奇是否有人有 CloudFormation 的经验。我正在尝试创建一个脚本,该脚本采用加密的私有(private) AMI 并从中创建一个实例。该脚本必须分配安全组,将脚本保存到 s3 中的特定位置并添加 IAM 角色。
我一直在使用 LAMP_Single_Instance 作为基础,但我无法理解它。我很好奇是否有人可以提供帮助。
在脚本中分配安全组的位置和方式,以及如何在 s3 中设置模板的默认保存位置。
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "AWS CloudFormation AITS Script, thats creates ec2 instances",
"Parameters": {
"KeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription": "EC2 KeyPair."
},
"DBName": {
"Default": "MyDatabase",
"Description": "MySQL database name",
"Type": "String",
"MinLength": "1",
"MaxLength": "64",
"AllowedPattern": "[a-zA-Z][a-zA-Z0-9]*",
"ConstraintDescription": "must begin with a letter and contain only alphanumeric characters."
},
"DBUser": {
"NoEcho": "true",
"Description": "Username for MySQL database access",
"Type": "String",
"MinLength": "1",
"MaxLength": "16",
"AllowedPattern": "[a-zA-Z][a-zA-Z0-9]*",
"ConstraintDescription": "must begin with a letter and contain only alphanumeric characters."
},
"DBPassword": {
"NoEcho": "true",
"Description": "Password for MySQL database access",
"Type": "String",
"MinLength": "1",
"MaxLength": "41",
"AllowedPattern": "[a-zA-Z0-9]*",
"ConstraintDescription": "must contain only alphanumeric characters."
},
"DBRootPassword": {
"NoEcho": "true",
"Description": "Root password for MySQL",
"Type": "String",
"MinLength": "1",
"MaxLength": "41",
"AllowedPattern": "[a-zA-Z0-9]*",
"ConstraintDescription": "must contain only alphanumeric characters."
},
"InstanceType": {
"Description": "WebServer EC2 instance type",
"Type": "String",
"Default": "t2.large",
"AllowedValues": [
"t2.large"
],
"ConstraintDescription": "must be a valid EC2 instance type."
},
"SSHLocation": {
"Description": " The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Mappings": {
"AWSInstanceType2Arch": {
"t2.large": {
"Arch": "HVM64"
}
},
"AWSInstanceType2NATArch": {
"t2.large": {
"Arch": "NATHVM64"
}
},
"AWSRegionArch2AMI": {
"eu-west-1a": {
"PV64": "NOT_SUPPORTED",
"HVM64": "ami-0aae836c",
"HVMG2": "NOT_SUPPORTED"
}
}
},
"Resources": {
"WebServerInstance": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"AWS::CloudFormation::Init": {
"configSets": {
"InstallAndRun": [
"Install",
"Configure"
]
},
"Install": {
"packages": {
"yum": {
"mysql": [],
"mysql-server": [],
"mysql-libs": [],
"httpd": [],
"php": [],
"php-mysql": []
}
},
"files": {
"/var/www/html/index.php": {
"content": {
"Fn::Join": [
"",
[
"<html>\n",
" <head>\n",
" <title>AITS CloudFormation</title>\n",
" <meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\">\n",
" </head>\n",
" <body>\n",
" <h1>Welcome to the AITS Cloud Formation</h1>\n",
" <p/>\n",
" <?php\n",
" // Print out the current data and time\n",
" print \"The Current Date and Time is: <br/>\";\n",
" print date(\"g:i A l, F j Y.\");\n",
" ?>\n",
" <p/>\n",
" <?php\n",
" // Setup a handle for CURL\n",
" $curl_handle=curl_init();\n",
" curl_setopt($curl_handle,CURLOPT_CONNECTTIMEOUT,2);\n",
" curl_setopt($curl_handle,CURLOPT_RETURNTRANSFER,1);\n",
" // Get the hostname of the intance from the instance metadata\n",
" curl_setopt($curl_handle,CURLOPT_URL,'http://169.254.169.254/latest/meta-data/public-hostname');\n",
" $hostname = curl_exec($curl_handle);\n",
" if (empty($hostname))\n",
" {\n",
" print \"Sorry, for some reason, we got no hostname back <br />\";\n",
" }\n",
" else\n",
" {\n",
" print \"Server = \" . $hostname . \"<br />\";\n",
" }\n",
" // Get the instance-id of the intance from the instance metadata\n",
" curl_setopt($curl_handle,CURLOPT_URL,'http://169.254.169.254/latest/meta-data/instance-id');\n",
" $instanceid = curl_exec($curl_handle);\n",
" if (empty($instanceid))\n",
" {\n",
" print \"Sorry, for some reason, we got no instance id back <br />\";\n",
" }\n",
" else\n",
" {\n",
" print \"EC2 instance-id = \" . $instanceid . \"<br />\";\n",
" }\n",
" $Database = \"localhost\";\n",
" $DBUser = \"",
{
"Ref": "DBUser"
},
"\";\n",
" $DBPassword = \"",
{
"Ref": "DBPassword"
},
"\";\n",
" print \"Database = \" . $Database . \"<br />\";\n",
" $dbconnection = mysql_connect($Database, $DBUser, $DBPassword)\n",
" or die(\"Could not connect: \" . mysql_error());\n",
" print (\"Connected to $Database successfully\");\n",
" mysql_close($dbconnection);\n",
" ?>\n",
" <h2>PHP Information</h2>\n",
" <p/>\n",
" <?php\n",
" phpinfo();\n",
" ?>\n",
" </body>\n",
"</html>\n"
]
]
},
"mode": "000600",
"owner": "apache",
"group": "apache"
},
"/tmp/setup.mysql": {
"content": {
"Fn::Join": [
"",
[
"CREATE DATABASE ",
{
"Ref": "DBName"
},
";\n",
"GRANT ALL ON ",
{
"Ref": "DBName"
},
".* TO '",
{
"Ref": "DBUser"
},
"'@localhost IDENTIFIED BY '",
{
"Ref": "DBPassword"
},
"';\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
},
"/etc/cfn/cfn-hup.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n",
"stack=",
{
"Ref": "AWS::StackId"
},
"\n",
"region=",
{
"Ref": "AWS::Region"
},
"\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
},
"/etc/cfn/hooks.d/cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.WebServerInstance.Metadata.AWS::CloudFormation::Init\n",
"action=/opt/aws/bin/cfn-init -v ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource WebServerInstance ",
" --configsets InstallAndRun ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"runas=root\n"
]
]
}
}
},
"services": {
"sysvinit": {
"mysqld": {
"enabled": "true",
"ensureRunning": "true"
},
"httpd": {
"enabled": "true",
"ensureRunning": "true"
},
"cfn-hup": {
"enabled": "true",
"ensureRunning": "true",
"files": [
"/etc/cfn/cfn-hup.conf",
"/etc/cfn/hooks.d/cfn-auto-reloader.conf"
]
}
}
}
},
"Configure": {
"commands": {
"01_set_mysql_root_password": {
"command": {
"Fn::Join": [
"",
[
"mysqladmin -u root password '",
{
"Ref": "DBRootPassword"
},
"'"
]
]
},
"test": {
"Fn::Join": [
"",
[
"$(mysql ",
{
"Ref": "DBName"
},
" -u root --password='",
{
"Ref": "DBRootPassword"
},
"' >/dev/null 2>&1 </dev/null); (( $? != 0 ))"
]
]
}
},
"02_create_database": {
"command": {
"Fn::Join": [
"",
[
"mysql -u root --password='",
{
"Ref": "DBRootPassword"
},
"' < /tmp/setup.mysql"
]
]
},
"test": {
"Fn::Join": [
"",
[
"$(mysql ",
{
"Ref": "DBName"
},
" -u root --password='",
{
"Ref": "DBRootPassword"
},
"' >/dev/null 2>&1 </dev/null); (( $? != 0 ))"
]
]
}
}
}
}
},
"AWS::CloudFormation::Designer": {
"id": "882df2be-e2b7-4778-8f2f-f7fad73e484a"
}
},
"Properties": {
"ImageId": {
"Fn::FindInMap": [
"AWSRegionArch2AMI",
{
"Ref": "AWS::Region"
},
{
"Fn::FindInMap": [
"AWSInstanceType2Arch",
{
"Ref": "InstanceType"
},
"Arch"
]
}
]
},
"InstanceType": {
"Ref": "InstanceType"
},
"SecurityGroups": [
{
"Ref": "WebServerSecurityGroup"
}
],
"KeyName": {
"Ref": "KeyName"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -xe\n",
"yum update -y aws-cfn-bootstrap\n",
"# Install the files and packages from the metadata\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource WebServerInstance ",
" --configsets InstallAndRun ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"# Signal the status from cfn-init\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource WebServerInstance ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
}
},
"CreationPolicy": {
"ResourceSignal": {
"Timeout": "PT5M"
}
}
},
"WebServerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable HTTP access via port 80",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {
"Ref": "SSHLocation"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "88a4f6dd-8489-4f6e-a3a7-ce92b350e672"
}
}
}
},
"Outputs": {
"WebsiteURL": {
"Description": "URL for newly created LAMP stack",
"Value": {
"Fn::Join": [
"",
[
"http://",
{
"Fn::GetAtt": [
"WebServerInstance",
"PublicDnsName"
]
}
]
]
}
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"88a4f6dd-8489-4f6e-a3a7-ce92b350e672": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 60,
"y": 90
},
"z": 1,
"embeds": []
},
"882df2be-e2b7-4778-8f2f-f7fad73e484a": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 180,
"y": 90
},
"z": 1,
"embeds": [],
"ismemberof": [
"88a4f6dd-8489-4f6e-a3a7-ce92b350e672"
]
}
}
}
}
最佳答案
从您的问题来看,我相信您只是希望创建一个基于 AMI 的实例,并确保该实例附加了一个您也定义的安全组。
您需要创建一个包含以下组件的新模板
AWS::EC2::实例
AWS::EC2::安全组
AWS::IAM::角色
AWS::IAM::InstanceProfile
通过使用Ref命令将它们链接起来,您将能够实现您所需要的。
希望对您有所帮助。
祝你好运!
关于json - CloudFormation 脚本 - 从 AMI 创建实例,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42577140/
25
4
0
我想对现有堆栈(更新)和新堆栈(创建)使用相同的 CloudFormation 模板。我正在使用公共(public) SSM 参数存储来获取最新的 AMI: Parameters: LatestA
Ubuntu 将他们的云镜像认证为 ami-f95ef58a,并且它在区域 eu-west-1 中作为社区 AMI 提供。请参阅 Ubuntu 文档 here 另一方面,Centos 在 AWS Ma
我正在使用两个实例,一个是 ubuntu,另一个是具有相同配置的 Windows。对于浏览器上的每个操作,Ubuntu 实例比 Windows 实例花费更多的时间。这有什么原因吗? 最佳答案 性能和网
运行 vagrant 命令时出现如下错误, # vagrant up --provider=aws 这台机器的配置有错误。请修复以下错误并重试: AWS 提供商:* AMI 必须通过“ami”配置(
是否有一种从 Amazon Linux AMI 升级到 Amazon Linux 2 AMI 的简单方法,或者我是否必须创建一个新实例并再次进行所有服务器设置? 感谢您的反馈意见, 最佳答案 没有简单
我正在使用 Ansible 构建一个 EC2 实例,然后从该实例创建一个 AMI。我确定我在这里遗漏了一些东西,但是如何获得新创建的 AMI 的 DI?我试过了: tasks: - name: cre
我想使用yaml文件编写一个cloudformation。我知道公共(public) AMI 的格式。但我对如何在 yaml 文件中添加私有(private) AMI 感到困惑。我在网上搜索了解决方案
我正在使用 AMI Medical Imaging (AMI) JS ToolKit。有没有办法将窗口移动到鼠标事件,例如右键单击并移动? 我知道可以使用示例中的菜单更改窗口/级别,但我想更改 Con
我正在尝试以编程方式启动带有 EBS 的 Ubuntu 12.04 LTS 服务器 64 位。我写了以下代码: Placement placement = new Placement("eu-west
我创建了 AMI Oracle Database 11.2.0.1 64 位标准版的新实例;甲骨文提供的 ami-3f739c56。我试图通过 SSH 从我的 Windows 10 PC(也从我的 M
我正在使用基于 Windows 2019 Base AMI (ami-0fa60543f60171fe3) 构建的自定义 AMI 来创建 Windows 服务器。但我发现用户数据不起作用。这是我正在使
我正在尝试从 AWS 账户中清除我的快照和 AMI,要删除我知道需要取消注册 AMI 的快照。但是当我尝试通过控制台取消注册时,出现以下错误。 “尝试取消注册 amis 时发生错误” 有人对这个问题有
我已经升级到 Tensorflow 版本 1.0 并安装了 CUDA 8.0 和 cudnn 5.1 版本以及最新的 nvidia 驱动程序 375.39。我的 NVIDIA 硬件是在 Amazon
我想使用 AMI 在 Asterisk 中接听电话。我可以发起调用,但完全不知道,如何接听电话... 调用脚本: #login sock = socket.socket(af, socktype, p
我的 LAN 上正在运行 Asterisk 服务器,现在我想使用 Javascript 通过 AMI(Asterisk 管理器接口(interface))执行与正在运行的应用程序的套接字连接。 任何人
我有几个基于 ubuntu 的 ec2 实例在生产模式下运行。我的问题是,每当流量增加时,我都会手动启动实例,从 github 更新代码。 现在我必须配置自动缩放,这样每当 API 启动新实例时,它就
我正在 Amazon EC2 上开发 Ubuntu AMI。 在一个正在运行的实例上,我将 ubuntu 用户的密码更改为(比如说)“foobar”。 (我知道 EC2 通常不需要用户密码,因为 ss
我一直在尝试在 EC2 上登录我新创建的 Ubuntu oneiric AMI,但总是失败,说连接超时。我已经使用 AWS 管理控制台以及命令行工具进行了尝试。我已经在 Google 和 Server
我正在使用的 Windows AMI(EBS 支持)的启动时间存在巨大差异。有些只需 3 分钟即可启动。其他人可能需要 20 多分钟。我的理解是,默认的 Windows AMI 可能会很慢,因为它们需
我是Asterisk的新手。我的要求是,当我接到调用时,我需要识别调用者ID,并在接听电话时弹出该ID。我对AMI和AGI有一些了解。我想知道如何使用php脚本执行此操作。 任何示例或我可以用来执行此
我是一名优秀的程序员,十分优秀!