个人中心
gpt4 book ai didi

amazon-web-services - CloudFormation WaitCondition 需要公共(public)访问

转载 作者:行者123 更新时间:2023-12-03 07:46:20 25 4
gpt4 key购买 nike

我有一个 CloudFormation 脚本,它在 VPC 中部署单个实例。该脚本仅在实例具有公共(public) IP 时才有效。如果没有公网 IP 地址,模板部署将在 WaitCondition 阶段失败。我猜那是因为 WaitCondition 要求实例能够访问互联网?

如果我在服务器上设置代理地址,而不是分配公共(public) IP,它会起作用吗?因此实例通过 Web 代理访问 Internet。如果是这种情况,哪些网址需要在代理上列入白名单?我可以在用户数据中添加添加代理地址命令吗?

下面是我的模板:

  "Mappings": {
    "AWSRegion2AMI": {
      "ap-southeast-2": {
        "Windows2008r2": "ami-27b39a44",
        "Windows2012r2": "ami-83b198e0"
      }
    }

  },

  "Resources": {
    "DomainController": {
      "Type": "AWS::EC2::Instance",
      "Metadata": {
        "AWS::CloudFormation::Init": {
          "config": {
            "files": {
              "c:\\cfn\\cfn-hup.conf": {
                "content": {
                  "Fn::Join": ["", [
                    "[main]\n",
                    "stack=", {
                      "Ref": "AWS::StackId"
                    }, "\n",
                    "region=", {
                      "Ref": "AWS::Region"
                    }, "\n"
                  ]]
                }
              },

              "c:\\cfn\\hooks.d\\cfn-auto-reloader.conf": {
                "content": {
                  "Fn::Join": ["", [
                    "[cfn-auto-reloader-hook]\n",
                    "triggers=post.update\n",
                    "path=Resources.DomainController.Metadata.AWS::CloudFormation::Init\n",
                    "action=cfn-init.exe -v -s ", {
                      "Ref": "AWS::StackId"
                    },
                    " -r DomainController",
                    " --region ", {
                      "Ref": "AWS::Region"
                    }, "\n"
                  ]]
                }
              },

              "C:\\cfn\\RunCommand.bat": {
                "content": "%~1\nIF %ERRORLEVEL% GTR 10 ( exit /b 1 ) else ( exit /b 0 )"
              }
            },

            "commands": {
              "1-run-dcpromo": {
                "command": {
                  "Fn::Join": ["", [
                    "C:\\cfn\\RunCommand.bat \"dcpromo /unattend  /ReplicaOrNewDomain:Domain  /NewDomain:Forest  /NewDomainDNSName:", {
                      "Ref": "DomainDNSName"
                    },
                    "  /ForestLevel:4 /DomainNetbiosName:", {
                      "Ref": "DomainNetBIOSName"
                    },
                    " /DomainLevel:4  /InstallDNS:Yes  /ConfirmGc:Yes  /CreateDNSDelegation:No  /DatabasePath:\"C:\\Windows\\NTDS\"  /LogPath:\"C:\\Windows\\NTDS\"  /SYSVOLPath:\"C:\\Windows\\SYSVOL\" /SafeModeAdminPassword=", {
                      "Ref": "RestoreModePassword"
                    },
                    " /RebootOnCompletion:Yes\""
                  ]]
                },
                "waitAfterCompletion": "forever"
              },
              "2-signal-success": {
                "command": {
                  "Fn::Join": ["", [
                    "cfn-signal.exe -e 0 \"", {
                      "Fn::Base64": {
                        "Ref": "DomainControllerWaitHandle"
                      }
                    }, "\""
                  ]]
                }
              }
            },

            "services": {
              "windows": {
                "cfn-hup": {
                  "enabled": "true",
                  "ensureRunning": "true",
                  "files": ["c:\\cfn\\cfn-hup.conf", "c:\\cfn\\hooks.d\\cfn-auto-reloader.conf"]
                }
              }
            }
          }
        }
      },

      "Properties": {
        "ImageId": {
          "Fn::FindInMap": ["AWSRegion2AMI", {
            "Ref": "AWS::Region"
          }, "Windows2008r2"]
        },
        "InstanceType": {
          "Ref": "InstanceType"
        },
        "NetworkInterfaces": [{
          "AssociatePublicIpAddress": "false",
          "DeviceIndex": "0",
          "SubnetId": {
            "Ref": "SubnetId"
          }
        }],

        "KeyName": {
          "Ref": "KeyName"
        },

        "UserData": {
          "Fn::Base64": {
            "Fn::Join": ["", [
              "<script>\n",

              "cfn-init.exe -v -s ", {
                "Ref": "AWS::StackId"
              },
              " -r DomainController ",
              " --region ", {
                "Ref": "AWS::Region"
              }, "\n",

              "</script>"
            ]]
          }
        }
      }
    },

    "DomainControllerWaitCondition": {
      "Type": "AWS::CloudFormation::WaitCondition",
      "DependsOn": "DomainController",
      "Properties": {
        "Handle": {
          "Ref": "DomainControllerWaitHandle"
        },
        "Timeout": "1500"
      }
    },

    "DomainControllerWaitHandle": {
      "Type": "AWS::CloudFormation::WaitConditionHandle"
    }

最佳答案

通过将这些参数添加到 cfn-signal.exe 来传递代理:

--http-proxy
An HTTP proxy (non-SSL). Use the following format: http://user:password@host:port

--https-proxy
An HTTPS proxy. Use the following format: https://user:password@host:port

信号被发送到 S3 Bucket。您可以将以下内容列入白名单:

https://cloudformation-waitcondition-*.s3.amazonaws.com

注意:您还可以使用 S3 VPC 终端节点功能来允许私有(private)子网内的资源访问 S3。 http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html

关于amazon-web-services - CloudFormation WaitCondition 需要公共(public)访问,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38538683/

25 4 0
文章推荐: postgresql - CloudFormation UserData 中的 Postgres 命令
文章推荐: amazon-web-services - 创建云信息堆栈
文章推荐: node.js - 如何通过 CloudFormation 使用 MongoDB 设置 Parse Server?
文章推荐: amazon-web-services - 通过网站部署 AWS 工作负载
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com