Amazon web services Can';t将现有CloudFormation模板的元数据(AWS::CloudFormation::Init)部分迁移到AWS CDK中
我正在使用AWS CDK设置一个ADFS EC2实例 我在文档中找不到任何关于元数据的可理解信息 我尝试了cdk dasm工具来对其进行反向工程,但它错过了元数据部分 如何在AWS::CloudFormation::Init下添加节 我正在参考aws快速启动报告: 下面是我试图转换的部分,非常感谢您的帮助Amazon web services Can';t将现有CloudFormation模板的元数据(AWS::CloudFormation::Init)部分迁移到AWS CDK中,amazon-web-services,amazon-cloudformation,aws-cdk,Amazon Web Services,Amazon Cloudformation,Aws Cdk,我正在使用AWS CDK设置一个ADFS EC2实例 我在文档中找不到任何关于元数据的可理解信息 我尝试了cdk dasm工具来对其进行反向工程,但它错过了元数据部分 如何在AWS::CloudFormation::Init下添加节 我正在参考aws快速启动报告: 下面是我试图转换的部分,非常感谢您的帮助 DomainController1: Type: AWS::EC2::Instance Metadata: AWS::CloudFormation::In
DomainController1:
Type: AWS::EC2::Instance
Metadata:
AWS::CloudFormation::Init:
configSets:
config:
- setup
- rename
- installADDS
- configureSites
- installADCS
- finalize
setup:
files:
c:\cfn\cfn-hup.conf:
content:
Fn::Join:
- ''
- - "[main]\n"
- stack=
- Ref: AWS::StackName
- "\n"
- region=
- Ref: AWS::Region
- "\n"
c:\cfn\hooks.d\cfn-auto-reloader.conf:
content:
Fn::Join:
- ''
- - "[cfn-auto-reloader-hook]\n"
- 'triggers=post.update\n'
- 'path=Resources.DomainController1.Metadata.AWS::CloudFormation::Init\n'
- 'action=cfn-init.exe -v -c config -s '
- Ref: AWS::StackId
- " -r DomainController1"
- " --region "
- Ref: AWS::Region
- "\n"
c:\cfn\scripts\Set-StaticIP.ps1:
content:
Fn::Join:
- ''
- - "$netip = Get-NetIPConfiguration;"
- "$ipconfig = Get-NetIPAddress | ?{$_.IpAddress -eq $netip.IPv4Address.IpAddress};"
- Get-NetAdapter | Set-NetIPInterface -DHCP Disabled;
- Get-NetAdapter | New-NetIPAddress -AddressFamily IPv4 -IPAddress
$netip.IPv4Address.IpAddress -PrefixLength $ipconfig.PrefixLength
-DefaultGateway $netip.IPv4DefaultGateway.NextHop;
- Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses $netip.DNSServer.ServerAddresses;
- "\n"
c:\cfn\scripts\bootstrap.ps1:
content:
Fn::Join:
- ''
- - "Import-Module GroupPolicy"
- "\n"
- 'try{ Invoke-WebRequest https://s3-us-gov-west-1.amazonaws.com/vocera-boxes-ic5vda9lly/open/DefaultDomainPolicy.zip -OutFile c:\DefaultDomainPolicy.zip'
- "\n"
- 'powershell.exe -command c:\cfn\scripts\Unzip-Archive.ps1 -Source "c:\DefaultDomainPolicy.zip" -Destination "C:\" }'
- "\n"
- 'catch {}'
- "\n"
- 'import-gpo -BackupGpoName "Default Domain Policy" -TargetName "Default Domain Policy" -path C:\DefaultDomainPolicy'
- "\n"
- 'gpupdate /force'
- "\n"
c:\cfn\scripts\cis_changes.ps1:
source: https://url.com/cis_changes.ps1
'c:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml':
source: https://url.com/cis_config.xml
c:\cfn\scripts\ConvertTo-EnterpriseAdmin.ps1:
source: https://url.com/ConvertTo-EnterpriseAdmin.ps1
c:\cfn\scripts\New-CertificateAuthority.ps1:
source: https://url.com/New-CertificateAuthority.ps1
c:\cfn\modules\xAdcsDeployment_0.1.0.0.zip:
source: https://url.com/xAdcsDeployment_0.1.0.0.zip
c:\cfn\scripts\Unzip-Archive.ps1:
source: https://url.com/Unzip-Archive.ps1
services:
windows:
cfn-hup:
enabled: 'true'
ensureRunning: 'true'
files:
- c:\cfn\cfn-hup.conf
- c:\cfn\hooks.d\cfn-auto-reloader.conf
commands:
a-allow-hostname-update:
command:
Fn::Join:
- ''
- - powershell.exe -Command c:\cfn\scripts\cis_changes.ps1
waitAfterCompletion: '45'
a-disable-win-fw:
command:
Fn::Join:
- ''
- - powershell.exe -Command "Get-NetFirewallProfile | Set-NetFirewallProfile
-Enabled False"
waitAfterCompletion: '0'
b-set-execution-policy:
command: powershell.exe -command Set-ExecutionPolicy RemoteSigned -Force
waitAfterCompletion: '0'
c-unpack-dsc-resource:
command: powershell.exe -command c:\cfn\scripts\Unzip-Archive.ps1 -Source
c:\cfn\modules\xAdcsDeployment_0.1.0.0.zip -Destination 'C:\Program
Files\WindowsPowerShell\Modules'
waitAfterCompletion: '0'
rename:
commands:
a-set-static-ip:
command:
Fn::Join:
- ''
- - powershell.exe -ExecutionPolicy RemoteSigned -Command c:\cfn\scripts\Set-StaticIP.ps1
waitAfterCompletion: '45'
b-execute-powershell-script-RenameComputer:
command:
Fn::Join:
- ''
- - 'powershell.exe Rename-Computer -NewName '
- 'DC1'
- " -Restart"
waitAfterCompletion: forever
installADDS:
commands:
1-install-prereqs:
command:
Fn::Join:
- ''
- - powershell.exe -Command "Install-WindowsFeature AD-Domain-Services,
rsat-adds -IncludeAllSubFeature"
waitAfterCompletion: '0'
2-install-adds:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command '
- "\"Install-ADDSForest -DomainName "
- Ref: DomainDNSName
- " "
- "-SafeModeAdministratorPassword (ConvertTo-SecureString "
- "'"
- Ref: VcaADPassword
- "'"
- " -AsPlainText -Force) "
- "-DomainMode Win2012R2 "
- "-DomainNetbiosName "
- Ref: DomainNetBIOSName
- " "
- "-ForestMode Win2012R2 "
- "-Confirm:$false "
- -Force"
waitAfterCompletion: forever
3-restart-service:
command:
Fn::Join:
- ''
- - powershell.exe -Command Restart-Service NetLogon -EA 0
waitAfterCompletion: '30'
4-create-adminuser:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command '
- "\"New-ADUser "
- "-Name "
- Ref: ADUSER
- " "
- "-UserPrincipalName "
- Ref: ADUSER
- "@"
- Ref: DomainDNSName
- " "
- "-AccountPassword (ConvertTo-SecureString "
- "'"
- Ref: VcaADPassword
- "'"
- " -AsPlainText -Force) "
- "-Enabled $true "
- -PasswordNeverExpires $true"
waitAfterCompletion: '0'
5-update-adminuser:
command:
Fn::Join:
- ''
- - 'powershell.exe -ExecutionPolicy RemoteSigned -Command c:\cfn\scripts\ConvertTo-EnterpriseAdmin.ps1
-Members '
- Ref: ADUSER
waitAfterCompletion: '0'
configureSites:
commands:
a-rename-default-site:
command:
Fn::Join:
- ''
- - 'powershell.exe '
- "\""
- Get-ADObject -SearchBase (Get-ADRootDSE).ConfigurationNamingContext
-filter {Name -eq 'Default-First-Site-Name'} | Rename-ADObject -NewName
AZ1
- "\""
waitAfterCompletion: '0'
b-create-site-2:
command:
Fn::Join:
- ''
- - powershell.exe New-ADReplicationSite AZ2
waitAfterCompletion: '0'
c-create-publicsubnet-1:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command New-ADReplicationSubnet -Name '
- 172.30.209.0/24
- " -Site AZ1"
waitAfterCompletion: '0'
d-create-publicsubnet-2:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command New-ADReplicationSubnet -Name '
- 172.30.210.0/24
- " -Site AZ2"
waitAfterCompletion: '0'
e-create-privatesubnet-1:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command New-ADReplicationSubnet -Name '
- 172.30.212.0/24
- " -Site AZ1"
waitAfterCompletion: '0'
f-create-privatesubnet-2:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command New-ADReplicationSubnet -Name '
- 172.30.213.0/24
- " -Site AZ2"
waitAfterCompletion: '0'
g-set-site-link:
command:
Fn::Join:
- ''
- - powershell.exe -Command "
- Get-ADReplicationSiteLink -Filter * | Set-ADReplicationSiteLink
-SitesIncluded @{add='AZ2'} -ReplicationFrequencyInMinutes 15"
waitAfterCompletion: '0'
installADCS:
commands:
a-install-ca:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command c:\cfn\scripts\New-CertificateAuthority.ps1
-Username '
- Ref: ADUSER
- " -Password "
- "'"
- Ref: ADPassword
- "'"
- " -DomainDNSName "
- Ref: DomainDNSName
waitAfterCompletion: '0'
b-update-gpo:
command: powershell.exe -command c:\cfn\scripts\bootstrap.ps1
waitAfterCompletion: '0'
Properties:
DisableApiTermination: False
ImageId:
Fn::FindInMap:
- AmiMap
- Ref: AWS::Region
- win2012r2
InstanceType: t2.large
IamInstanceProfile:
Ref: ADProfile
SubnetId: subnet-11111111
Tags:
- Key: Name
Value:
Fn::Join: [ "_", [ "ee" , Ref: EnvironmentType,"AD","1" ] ]
-
Key: "Product"
Value:
Ref: Product
-
Key: "Environment"
Value:
Ref: EnvironmentType
-
Key: "Role"
Value:
Ref: Role
BlockDeviceMappings:
- DeviceName: "/dev/sda1"
Ebs:
VolumeSize: '150'
VolumeType: gp2
SecurityGroupIds:
- Ref: DomainControllerSG
- sg-0000
PrivateIpAddress:
Ref: Server1PrivateIP
KeyName:
Ref: SSHkeyPair
UserData:
Fn::Base64:
Fn::Join:
- ''
- - "<script>\n"
- 'cfn-init.exe -v -c config -s '
- Ref: AWS::StackId
- " -r DomainController1"
- " --region "
- Ref: AWS::Region
- "\n"
- "</script>\n"
DomainController1:
类型:AWS::EC2::实例
元数据:
AWS::CloudFormation::Init:
配置集:
配置:
-设置
-改名
-安装添加
-配置站点
-安装ADC
-定稿
设置:
文件夹:
c:\cfn\cfn-hup.conf:
内容:
Fn::加入:
- ''
--“[main]\n”
-堆叠=
-参考:AWS::StackName
-“\n”
-区域=
-参考:AWS::地区
-“\n”
c:\cfn\hooks.d\cfn-auto-reloader.conf:
内容:
Fn::加入:
- ''
--“[cfn自动装载机挂钩]\n”
-'triggers=post.update\n'
-'path=Resources.DomainController1.Metadata.AWS::CloudFormation::Init\n'
-'action=cfn-init.exe-v-c config-s'
-参考:AWS::StackId
-“-r域控制器1”
-“--地区”
-参考:AWS::地区
-“\n”
c:\cfn\scripts\Set-StaticIP.ps1:
内容:
Fn::加入:
- ''
--“$netip=获取NetIPConfiguration;”
-“$ipconfig=Get-NetIPAddress |?{$\.IpAddress-eq$netip.IPv4Address.IpAddress};”
-获取NetAdapter |设置NetIPInterface-已禁用DHCP;
-获取NetAdapter |新NetIPAddress-AddressFamily IPv4-IPAddress
$netip.IPv4Address.IpAddress-前缀长度$ipconfig.PrefixLength
-DefaultGateway$netip.IPv4DefaultGateway.NextHop;
-获取NetAdapter |设置DnsClientServerAddress-服务器地址$netip.DNSServer.ServerAddresses;
-“\n”
c:\cfn\scripts\bootstrap.ps1:
内容:
Fn::加入:
- ''
--“导入模块组策略”
-“\n”
-'尝试{调用WebRequesthttps://s3-us-gov-west-1.amazonaws.com/vocera-boxes-ic5vda9lly/open/DefaultDomainPolicy.zip -输出文件c:\DefaultDomainPolicy.zip'
-“\n”
-'powershell.exe-命令c:\cfn\scripts\Unzip-Archive.ps1-源“c:\DefaultDomainPolicy.zip”-目标“c:\”}
-“\n”
-“抓{}”
-“\n”
-'导入gpo-BackupGpoName“默认域策略”-TargetName“默认域策略”-路径C:\DefaultDomainPolicy'
-“\n”
-“gpupdate/force”
-“\n”
c:\cfn\scripts\cis\u changes.ps1:
资料来源:https://url.com/cis_changes.ps1
'c:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml':
资料来源:https://url.com/cis_config.xml
c:\cfn\scripts\ConvertTo-EnterpriseAdmin.ps1:
资料来源:https://url.com/ConvertTo-EnterpriseAdmin.ps1
c:\cfn\scripts\New-CertificateAuthority.ps1:
资料来源:https://url.com/New-CertificateAuthority.ps1
c:\cfn\modules\xAdcsDeployment\u 0.1.0.0.zip:
资料来源:https://url.com/xAdcsDeployment_0.1.0.0.zip
c:\cfn\scripts\Unzip-Archive.ps1:
资料来源:https://url.com/Unzip-Archive.ps1
服务:
窗户:
胡主席:
启用:“真”
确保运行:“正确”
文件夹:
-c:\cfn\cfn-hup.conf
-c:\cfn\hooks.d\cfn-auto-reloader.conf
命令:
a-allow-hostname-update:
命令:
Fn::加入:
- ''
--powershell.exe-命令c:\cfn\scripts\cis\u changes.ps1
完成后等待:“45”
a-disable-win-fw:
命令:
Fn::加入:
- ''
--powershell.exe-命令“获取NetFirewallProfile |设置NetFirewallProfile
-启用“假”
waitAfterCompletion:“0”
b-集-执行-策略:
命令:powershell.exe-命令集ExecutionPolicy RemoteSigned-Force
waitAfterCompletion:“0”
c-unpack-dsc-resource:
命令:powershell.exe-命令c:\cfn\scripts\Unzip-Archive.ps1-源
c:\cfn\modules\xAdcsDeployment\u 0.1.0.0.zip-目标'c:\Program
文件\WindowsPowerShell\Modules'
waitAfterCompletion:“0”
重命名:
命令:
a-set-static-ip:
命令:
Fn::加入:
- ''
--powershell.exe-ExecutionPolicy RemoteSigned-c:\cfn\scripts\Set-StaticIP.ps1命令
完成后等待:“45”
b-execute-powershell-script-rename计算机:
命令:
Fn::加入:
- ''
--“powershell.exe重命名计算机-新名称”
-“DC1”
-“-重新启动”
完成后等待:永远
他补充说:
命令:
1-安装-预需求:
命令:
Fn::加入:
- ''
--powershell.exe-命令“安装WindowsF”