Amazon web services 如何在cloudformation中获取安全组列表
我想在cloudformation参数部分获得与特定VPC关联的安全组列表Amazon web services 如何在cloudformation中获取安全组列表,amazon-web-services,amazon-cloudformation,Amazon Web Services,Amazon Cloudformation,我想在cloudformation参数部分获得与特定VPC关联的安全组列表 "VpcId":{ "Description":"Choose the VPC ID" "Type":"AWS::EC2::VPC::Id" }, "SecurityGroupsID":{ "Description": "Choose availablity zone Availability Zone of the Subn
"VpcId":{
"Description":"Choose the VPC ID"
"Type":"AWS::EC2::VPC::Id"
},
"SecurityGroupsID":{
"Description": "Choose availablity zone Availability Zone of the Subnet",
"Type":"List<AWS::EC2::SecurityGroup::Id>"
"AllowedValues":*******
},
“VpcId”:{
“说明”:“选择专有网络ID”
“类型”:“AWS::EC2::VPC::Id”
},
“SecurityGroupsID”:{
“说明”:“选择子网的可用区可用区”,
“类型”:“列表”
“允许值”:*******
},
允许的值应该是什么?是的,可以使用特殊的模板参数,我创建了一个小的云形成模板,其中只包含SecurityGroup和密钥对参数。当您使用console使用此模板创建堆栈时,它将在下拉列表中提示选择密钥和安全组
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Security Group Test",
"Parameters" : {
"SecurityGroup": {
"Description": "Name of security group",
"Type": "AWS::EC2::SecurityGroup::GroupName"
},
"KeyName": {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription" : "must be the name of an existing EC2 KeyPair."
}
},
"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties": {
"ImageId" : "ami-ea87a78f",
"InstanceType" : "t2.micro",
"SecurityGroups" : [ {"Ref" : "SecurityGroup"} ],
"KeyName": {"Ref": "KeyName"}
}
}
}
}
您还应该特别关注AWS特定参数类型部分。您可能会对许多其他参数类型感兴趣,例如53号干线托管区域和VPC
我认为不可能查找安全组,因为它不存在用于此目的的固有函数,但如果使用另一个云形成脚本创建安全组,则可以导入
来自AWS文件:
堆叠导出
"Outputs" : {
"PublicSubnet" : {
"Description" : "The subnet ID to use for public web servers",
"Value" : { "Ref" : "PublicSubnet" },
"Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SubnetID" }}
},
"WebServerSecurityGroup" : {
"Description" : "The security group ID to use for public web servers",
"Value" : { "Fn::GetAtt" : ["WebServerSecurityGroup", "GroupId"] },
"Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SecurityGroupID" }}
}
}
"Resources" : {
"WebServerInstance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"InstanceType" : "t2.micro",
"ImageId" : "ami-a1b23456",
"NetworkInterfaces" : [{
"GroupSet" : [{"Fn::ImportValue" : {"Fn::Sub" : "${NetworkStackNameParameter}-SecurityGroupID"}}],
"AssociatePublicIpAddress" : "true",
"DeviceIndex" : "0",
"DeleteOnTermination" : "true",
"SubnetId" : {"Fn::ImportValue" : {"Fn::Sub" : "${NetworkStackNameParameter}-SubnetID"}}
}]
}
}
}
堆栈B导入
"Outputs" : {
"PublicSubnet" : {
"Description" : "The subnet ID to use for public web servers",
"Value" : { "Ref" : "PublicSubnet" },
"Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SubnetID" }}
},
"WebServerSecurityGroup" : {
"Description" : "The security group ID to use for public web servers",
"Value" : { "Fn::GetAtt" : ["WebServerSecurityGroup", "GroupId"] },
"Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SecurityGroupID" }}
}
}
"Resources" : {
"WebServerInstance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"InstanceType" : "t2.micro",
"ImageId" : "ami-a1b23456",
"NetworkInterfaces" : [{
"GroupSet" : [{"Fn::ImportValue" : {"Fn::Sub" : "${NetworkStackNameParameter}-SecurityGroupID"}}],
"AssociatePublicIpAddress" : "true",
"DeviceIndex" : "0",
"DeleteOnTermination" : "true",
"SubnetId" : {"Fn::ImportValue" : {"Fn::Sub" : "${NetworkStackNameParameter}-SubnetID"}}
}]
}
}
}
目前,您正在关注的唯一具有类似查找功能(但适用于可用性区域)的内在函数是:
{ "Fn::GetAZs" : "region" }
可用于创建安全组模板。谢谢。但我在一个地区有两个VPC,在每个地区我已经有两个安全组。当我在参数中使用List时,它会给我一个来自两个VPC的安全组列表。因此,我如何在cloudformation的参数部分设置条件,根据我的VPC选择选择已创建的安全组今天,没有诸如GetAZs之类的内在函数来获取给定VPC的安全组,但这可能会随着时间的推移而改变。