Amazon ec2 如何为有权访问bucket和安全组的节点构造IAM角色
我正在尝试为我正在创建的云形成堆栈创建一个IAM角色,但我遇到了一些问题。我在第14行遇到格式错误的Json错误,我不知道为什么。此外,我不确定我是否理解如何以正确的方式分配IAM角色。我正在将角色添加到实例的实例属性中 另外,如何为ELB启用ssl终端Amazon ec2 如何为有权访问bucket和安全组的节点构造IAM角色,amazon-ec2,amazon-s3,amazon-cloudformation,Amazon Ec2,Amazon S3,Amazon Cloudformation,我正在尝试为我正在创建的云形成堆栈创建一个IAM角色,但我遇到了一些问题。我在第14行遇到格式错误的Json错误,我不知道为什么。此外,我不确定我是否理解如何以正确的方式分配IAM角色。我正在将角色添加到实例的实例属性中 另外,如何为ELB启用ssl终端 { "Resources": { "ElasticSearchRole": { "Type": "AWS::IAM::Role", "Properties": { "
{
"Resources": {
"ElasticSearchRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": [ "ec2.amazonaws.com" ]
},
"Action": [ "sts:AssumeRole" ]
}] //this is where im getting the error
},
"Path": "/"
}
},
"RolePolicies": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "root",
"PolicyDocument": {
"Version" : "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
},
"Roles": [{
"Ref": "RootRole"
}]
}
},
"ElasticSearchELB" : {
"Type" : "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties" : {
"SecurityGroups": [
"InstanceGroup",
"ELBGroup"
],
"AvailabilityZone" : "us-east-1a",
"Instances" : [ { "Ref" : "ElasticSearchNode1" },{ "Ref" : "ElasticSearchNode2" } ],
"Listeners" : [ {
"LoadBalancerPort" : "80",
"InstancePort" : [ { "Ref" : "ElasticSearchNode1" },{ "Ref" : "ElasticSearchNode2" } ],
"Protocol" : "HTTP"
} ],
"HealthCheck" : {
"Target" : { "Fn::Join" : [ "", ["HTTP:8888/", { "Ref" : "ElasticSearchNode1" }, "/"]]},
"HealthyThreshold" : "3",
"UnhealthyThreshold" : "5",
"Interval" : "30",
"Timeout" : "5"
},
"HealthCheck" : {
"Target" : { "Fn::Join" : [ "", ["HTTP:8888/", { "Ref" : "ElasticSearchNode2" }, "/"]]},
"HealthyThreshold" : "3",
"UnhealthyThreshold" : "5",
"Interval" : "30",
"Timeout" : "5"
}
}
},
"ElasticSearchBackups" : {
"Type" : "AWS::S3::Bucket",
"Properties" : {
"AccessControl" : "PublicRead",
}
},
"ELBGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "EC2 Instance access"
}
},
"InstanceGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "EC2 Instance access"
}
},
"WebPortELB2Instance" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "ELBGroup" },
"IpProtocol" : "tcp",
"ToPort" : "80",
"FromPort" : "80",
"SourceSecurityGroupName" : { "Ref" : "InstanceGroup" }
}
},
"WebPortInstance2ELB" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "InstanceGroup" },
"IpProtocol" : "tcp",
"ToPort" : "80",
"FromPort" : "80",
"SourceSecurityGroupName" : { "Ref" : "ELBGroup" }
}
},
"WebPortInstance2ELB" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "InstanceGroup" },
"IpProtocol" : "tcp",
"ToPort" : "8888",
"FromPort" : "8888",
"SourceSecurityGroupName" : { "Ref" : "ELBGroup" }
}
},
"WebPortELB2Instance" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "ELBGroup" },
"IpProtocol" : "tcp",
"ToPort" : "8888",
"FromPort" : "8888",
"SourceSecurityGroupName" : { "Ref" : "InstanceGroup" }
}
},
"WebPortInstance2ELBSSL" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "InstanceGroup" },
"IpProtocol" : "tcp",
"ToPort" : "443",
"FromPort" : "443",
"SourceSecurityGroupName" : { "Ref" : "ELBGroup" }
}
},
"WebPortELB2InstanceSSL" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "ELBGroup" },
"IpProtocol" : "tcp",
"ToPort" : "443",
"FromPort" : "443",
"SourceSecurityGroupName" : { "Ref" : "InstanceGroup" }
}
},
"ElasticSearchPort" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "InstanceGroup" },
"IpProtocol" : "tcp",
"ToPort" : "9300",
"FromPort" : "9300",
"SourceSecurityGroupName" : { "Ref" : "InstanceGroup" }
}
},
"SSHPort" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "InstanceGroup" },
"IpProtocol" : "tcp",
"ToPort" : "22",
"FromPort" : "22",
"CidrIp" : "0.0.0.0/0",
"SourceSecurityGroupName" : { "Ref" : "InstanceGroup" }
}
},
"ElasticSearchNode1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "m3.medium",
"InstanceType": "m3.medium",
"IamInstanceProfile": "base-bootstrap",
"SecurityGroups": [
"Instance-Group"
],
"Roles": [ {
"Ref": "ElasticSearchRole"
} ],
"AvailabilityZone": "us-east-1e",
"KeyName": "bazu2-keypair",
"UserData": {
"Fn::Base64": "fqdn:elasticsearchnode1.n.chronotrack.com\nhostname:ElasticSearchNode1\nnode_name:ElasticSearchNode1\nenvironment:dev\nrun_list:recipe[ct-server-base::default]"
},
"Tags": [
{
"Key": "Name",
"Value": "ElasticSearchNode1"
}
]
}
},
"vol1": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": {
"Fn::GetAtt": [
"ElasticSearchNode1",
"AvailabilityZone"
]
},
"Size": "1024",
"VolumeType": "gp2",
"Tags": [
{
"Key": "Name",
"Value": "Storage"
}
]
}
},
"vol1attach": {
"Type": "AWS::EC2::VolumeAttachment",
"Properties": {
"Device": "/dev/sdc1",
"InstanceId": {
"Ref": "ElasticSearchNode1"
},
"VolumeId": {
"Ref": "vol1"
}
}
},
"vol2": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": {
"Fn::GetAtt": [
"ElasticSearchNode1",
"AvailabilityZone"
]
},
"Size": "1024",
"VolumeType": "gp2",
"Tags": [
{
"Key": "Name",
"Value": "Storage"
}
]
}
},
"vol2attach": {
"Type": "AWS::EC2::VolumeAttachment",
"Properties": {
"Device": "/dev/sdc2",
"InstanceId": {
"Ref": "ElasticSearchNode1"
},
"VolumeId": {
"Ref": "vol2"
}
}
},
"vol3": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": {
"Fn::GetAtt": [
"ElasticSearchNode1",
"AvailabilityZone"
]
},
"Size": "1024",
"VolumeType": "gp2",
"Tags": [
{
"Key": "Name",
"Value": "Storage"
}
]
}
},
"vol3attach": {
"Type": "AWS::EC2::VolumeAttachment",
"Properties": {
"Device": "/dev/sdc3",
"InstanceId": {
"Ref": "ElasticSearchNode1"
},
"VolumeId": {
"Ref": "vol3"
}
}
},
"ElasticSearchNode2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "m3.medium",
"InstanceType": "m3.medium",
"IamInstanceProfile": "base-bootstrap",
"SecurityGroups": [
"Instance-Group"
],
"Roles": [ {
"Ref": "ElasticSearchRole"
} ],
"AvailabilityZone": "us-east-1e",
"KeyName": "bazu2-keypair",
"UserData": {
"Fn::Base64": "fqdn:elasticsearchnode2.n.chronotrack.com\nhostname:ElasticSearchNode2\nnode_name:ElasticSearchNode2\nenvironment:dev\nrun_list:recipe[ct-server-base::default]"
},
"Tags": [
{
"Key": "Name",
"Value": "ElasticSearchNode2"
}
]
}
},
"vol1": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": {
"Fn::GetAtt": [
"ElasticSearchNode2",
"AvailabilityZone"
]
},
"Size": "1024",
"VolumeType": "gp2",
"Tags": [
{
"Key": "Name",
"Value": "Storage"
}
]
}
},
"vol1attach": {
"Type": "AWS::EC2::VolumeAttachment",
"Properties": {
"Device": "/dev/sdc1",
"InstanceId": {
"Ref": "ElasticSearchNode2"
},
"VolumeId": {
"Ref": "vol1"
}
}
},
"vol2": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": {
"Fn::GetAtt": [
"ElasticSearchNode2",
"AvailabilityZone"
]
},
"Size": "1024",
"VolumeType": "gp2",
"Tags": [
{
"Key": "Name",
"Value": "Storage"
}
]
}
},
"vol2attach": {
"Type": "AWS::EC2::VolumeAttachment",
"Properties": {
"Device": "/dev/sdc2",
"InstanceId": {
"Ref": "ElasticSearchNode2"
},
"VolumeId": {
"Ref": "vol2"
}
}
},
"vol3": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": {
"Fn::GetAtt": [
"ElasticSearchNode2",
"AvailabilityZone"
]
},
"Size": "1024",
"VolumeType": "gp2",
"Tags": [
{
"Key": "Name",
"Value": "Storage"
}
]
}
},
"vol3attach": {
"Type": "AWS::EC2::VolumeAttachment",
"Properties": {
"Device": "/dev/sdc3",
"InstanceId": {
"Ref": "ElasticSearchNode2"
},
"VolumeId": {
"Ref": "vol3"
}
}
}
}
}
你至少不想把“RootRole”放在那里——你的角色叫“ElasticSearchRole”。我的错是,我从amazon重新编译了它,我得检查一下。再说一次,你可以吗?400行代码是一个很大的负担。