Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/14.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services AWS CloudFormation部署失败,正在使用从其他模板导入的资源_Amazon Web Services_Amazon Cloudformation - Fatal编程技术网

Amazon web services AWS CloudFormation部署失败,正在使用从其他模板导入的资源

Amazon web services AWS CloudFormation部署失败,正在使用从其他模板导入的资源,amazon-web-services,amazon-cloudformation,Amazon Web Services,Amazon Cloudformation,我正在使用CloudFormation模板将我的基础设施部署到AWS。我有两个模板core.yaml和resources.yaml。core.yaml文件正在使用core.yaml中的资源将它们导入模板。resources.yaml文件正在导出资源。但是当我部署core.yaml文件时,它失败了。下面是我的代码 资源.yaml AWSTemplateFormatVersion: "2010-09-09" Description: "Permanent resourc

我正在使用CloudFormation模板将我的基础设施部署到AWS。我有两个模板core.yaml和resources.yaml。core.yaml文件正在使用core.yaml中的资源将它们导入模板。resources.yaml文件正在导出资源。但是当我部署core.yaml文件时,它失败了。下面是我的代码

资源.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: "Permanent resources to be imported"
Parameters:
  SSHLocation:
    Description: The IP address range that can be used to SSH to the EC2 instances
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: 0.0.0.0/0
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x
  DBInstanceIdentifier:
    Type: String
    Default: 'patheindbidentifier'
  DBName:
    Type: String
    Default: 'patheindb'
  DBUsername:
    Type: String
    Default: 'patheindbadmin'
  DBClass:
    Type: String
    Default: 'db.t2.micro'
  DBAllocatedStorage:
    Type: String
    Default: '5'
  DBPassword:
    Type: String

Resources:
  StorageBucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      BucketName: pathein-directory-storage
      AccessControl: PublicRead

  WebServerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      GroupDescription: Security Group for EC2 instances
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '80'
          ToPort: '80'
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp:
            Ref: SSHLocation

  DBSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      GroupDescription: Database security group
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '3306'
          ToPort: '3306'
          SourceSecurityGroupId: !GetAtt WebServerSecurityGroup.GroupId

  WebDatabase:
    Type: AWS::RDS::DBInstance
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      DBInstanceIdentifier: !Ref DBInstanceIdentifier
      DBName: !Ref DBName
      DBInstanceClass: !Ref DBClass
      AllocatedStorage: !Ref DBAllocatedStorage
      Engine: MySQL
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword
      VPCSecurityGroups:
        - !GetAtt DBSecurityGroup.GroupId

Outputs:
  StorageBucket:
    Description: "S3 storage bucket"
    Value: !Ref StorageBucket
    Export:
      Name: PatheinStorageBucket
  WebServerSecurityGroup:
    Description: "Web server security group"
    Value: !GetAtt WebServerSecurityGroup.GroupId
    Export:
      Name: PatheinWebServerSecurityGroup
  DBSecurityGroup:
    Description: "Database security group"
    Value: !Ref DBSecurityGroup
    Export:
      Name: PatheinDBSecurityGroup
  WebDatabase:
    Description: "Web database"
    Value: !Ref WebDatabase
    Export:
      Name: PatheinWebDatabases
  SSHLocation:
    Description: "SSH Location"
    Value: !Ref SSHLocation
    Export:
      Name: PatheinSSHLocation
  DatabaseHost:
    Description: "Database host"
    Value: !GetAtt WebDatabase.Endpoint.Address
  DatabasePort:
    Description: "Database port"
    Value: !GetAtt WebDatabase.Endpoint.Port
正如您在模板中看到的,我正在导出所有资源。我可以成功地将resources.yaml部署到AWS中

这是我的core.yaml文件

AWSTemplateFormatVersion: '2010-09-09'
Description: "Pathein Directory web application deployment template."
Parameters:
  KeyName:
    Default: 'PatheinDirectory'
    Type: String
  InstanceType:
    Default: 't2.micro'
    Type: String

Mappings:
  Region2Principal:
    us-east-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    us-west-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    us-west-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    eu-west-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    eu-west-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    eu-west-3:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-southeast-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-northeast-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-northeast-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-northeast-3:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-southeast-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-south-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    us-east-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ca-central-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    sa-east-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    cn-north-1:
      EC2Principal: ec2.amazonaws.com.cn
      OpsWorksPrincipal: opsworks.amazonaws.com.cn
    cn-northwest-1:
      EC2Principal: ec2.amazonaws.com.cn
      OpsWorksPrincipal: opsworks.amazonaws.com.cn
    eu-central-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    eu-north-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com

  Beanstalk2Route53HostedZoneId:
    us-east-1:
      HostedZoneId: Z3DZXE0Q79N41H
    us-west-1:
      HostedZoneId: Z1M58G0W56PQJA
    us-west-2:
      HostedZoneId: Z33MTJ483KN6FU
    eu-west-1:
      HostedZoneId: Z3NF1Z3NOM5OY2
    ap-northeast-1:
      HostedZoneId: Z2YN17T5R711GT
    ap-southeast-1:
      HostedZoneId: Z1WI8VXHPB1R38
    sa-east-1:
      HostedZoneId: Z2ES78Y61JGQKS

Resources:
  WebServerRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - Fn::FindInMap:
                    - Region2Principal
                    - Ref: AWS::Region
                    - EC2Principal
            Action:
              - sts:AssumeRole
      Path: /

  WebServerRolePolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: WebServerRole
      PolicyDocument:
        Statement:
          - Effect: Allow
            NotAction: iam:*
            Resource: '*'
      Roles:
        - Ref: WebServerRole

  WebServerInstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: /
      Roles:
        - Ref: WebServerRole

  Application:
    Type: AWS::ElasticBeanstalk::Application
    Properties:
      ApplicationName: PatheinDirectoryApplication
      Description: AWS Elastic Beanstalk Pathein Directory Laravel application

  ApplicationVersion:
    Type: AWS::ElasticBeanstalk::ApplicationVersion
    Properties:
      Description: Version 1.0
      ApplicationName:
        Ref: Application
      SourceBundle:
        S3Bucket:
          Fn::Join:
            - '-'
            - - elasticbeanstalk-samples
              - Ref: AWS::Region
        S3Key: php-sample.zip

  ApplicationConfigurationTemplate:
    Type: AWS::ElasticBeanstalk::ConfigurationTemplate
    Properties:
      ApplicationName:
        Ref: Application
      Description: SSH access to Pathein Directory Laravel application
      SolutionStackName: 64bit Amazon Linux 2 v3.1.0 running PHP 7.3
      OptionSettings:
        - Namespace: aws:autoscaling:launchconfiguration
          OptionName: EC2KeyName
          Value:
            Ref: KeyName
        - Namespace: aws:autoscaling:launchconfiguration
          OptionName: IamInstanceProfile
          Value:
            Ref: WebServerInstanceProfile
        - Namespace: aws:autoscaling:launchconfiguration
          OptionName: SecurityGroups
          Value:
            !ImportValue PatheinWebServerSecurityGroup

  Environment:
    Type: AWS::ElasticBeanstalk::Environment
    Properties:
      Description: AWS Elastic Beanstalk Environment running Pathein Directory Laravel application
      ApplicationName:
        Ref: Application
      EnvironmentName: PatheinDirectory
      TemplateName:
        Ref: ApplicationConfigurationTemplate
      VersionLabel:
        Ref: ApplicationVersion
      OptionSettings:
        - Namespace: aws:elasticbeanstalk:container:php:phpini
          OptionName: document_root
          Value: /public

  ElasticCacheSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable TCP connection on port 6379
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '11211'
          ToPort: '11211'
          SourceSecurityGroupId: !ImportValue PatheinWebServerSecurityGroup

  ElasticCacheCluster:
    Type: AWS::ElastiCache::CacheCluster
    Properties:
      AZMode: cross-az
      CacheNodeType: cache.t2.small
      Engine: memcached
      NumCacheNodes: '2'
      VpcSecurityGroupIds:
        - !GetAtt ElasticCacheSecurityGroup.GroupId
      PreferredAvailabilityZones:
        - !Select
          - 0
          - Fn::GetAZs: !Ref AWS::Region
        - !Select
          - 1
          - Fn::GetAZs: !Ref AWS::Region
部署core.yaml文件时失败。下面是我在日志中得到的错误

{
            "StackId": "arn:aws:cloudformation:eu-west-1:733553390213:stack/patheindirectory/5da3be20-ef6c-11ea-8dc6-0275bf88180c",
            "EventId": "b7aa01e0-ef6c-11ea-b8c0-06e621efe3ec",
            "StackName": "patheindirectory",
            "LogicalResourceId": "patheindirectory",
            "PhysicalResourceId": "arn:aws:cloudformation:eu-west-1:733553390213:stack/patheindirectory/5da3be20-ef6c-11ea-8dc6-0275bf88180c",
            "ResourceType": "AWS::CloudFormation::Stack",
            "Timestamp": "2020-09-05T11:41:20.498000+00:00",
            "ResourceStatus": "ROLLBACK_IN_PROGRESS",
            "ResourceStatusReason": "The following resource(s) failed to create: [ElasticCacheCluster, ApplicationConfigurationTemplate]. . Rollback requested by user."
        },

通常,在CloudFormation控制台中查看堆栈事件时,可以找到更详细的错误消息。在本例中,我得到了
ApplicationConfigurationTemplate
资源的两个错误:

1
未找到名为“运行PHP 7.3的64位Amazon Linux 2 v3.1.0”的解决方案堆栈
: 问题是您指定的版本仅为。您可以检查当前的平台版本。因此,我必须更新SolutionStackName属性:
SolutionStackName:64位运行PHP7.3的Amazon Linux 2 v3.1.1

2
配置验证异常:无效选项值:“sg xxx”(命名空间:“aws:autoscaling:launchconfiguration”,选项名称:“SecurityGroups”):安全组“sg xxx”不存在
:这与以下代码段有关:

    - Namespace: aws:autoscaling:launchconfiguration
      OptionName: SecurityGroups
      Value:
        !ImportValue PatheinWebServerSecurityGroup
问题在于,在这种情况下,需要的不是逻辑ID(安全组ID),而是安全组的物理ID(安全组名称)。这意味着您必须向resources.yaml模板添加另一个导出,如下所示:

  WebServerSecurityGroupName:
    Description: "Web server security group name"
    Value: !Ref WebServerSecurityGroup
    Export:
      Name: PatheinWebServerSecurityGroupName
然后可以将其导入core.yaml:

- Namespace: aws:autoscaling:launchconfiguration
  OptionName: SecurityGroups
  Value:
    !ImportValue PatheinWebServerSecurityGroupName

请注意,您仍然需要导出逻辑ID,因为它由
ElasticCacheSecurityGroup

使用。您有一个有趣的案例显示了CloudFormation中的不一致性。在某些情况下需要安全组(SG)ID(对于
ElasticCacheCluster
),在其他情况下需要SG名称(对于
ApplicationConfiguration Template
)。因此,在您的情况下,您需要从
resources.yaml
导出这两个文件,并分别在
core.yaml
中导入它们。还需要更新
SolutionStackName

下面是固定模板。我验证了他们在
us-east-1
地区工作和部署。我只验证了它们的部署,而不是结果资源的功能

resources.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: "Permanent resources to be imported"
Parameters:
  SSHLocation:
    Description: The IP address range that can be used to SSH to the EC2 instances
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: 0.0.0.0/0
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x
  DBInstanceIdentifier:
    Type: String
    Default: 'patheindbidentifier'
  DBName:
    Type: String
    Default: 'patheindb'
  DBUsername:
    Type: String
    Default: 'patheindbadmin'
  DBClass:
    Type: String
    Default: 'db.t2.micro'
  DBAllocatedStorage:
    Type: String
    Default: '5'
  DBPassword:
    Type: String

Resources:
  StorageBucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      BucketName: pathein-directory-storage-32112
      AccessControl: PublicRead

  WebServerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      GroupDescription: Security Group for EC2 instances
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '80'
          ToPort: '80'
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp:
            Ref: SSHLocation

  DBSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      GroupDescription: Database security group
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '3306'
          ToPort: '3306'
          SourceSecurityGroupId: !GetAtt WebServerSecurityGroup.GroupId

  WebDatabase:
    Type: AWS::RDS::DBInstance
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      DBInstanceIdentifier: !Ref DBInstanceIdentifier
      DBName: !Ref DBName
      DBInstanceClass: !Ref DBClass
      AllocatedStorage: !Ref DBAllocatedStorage
      Engine: MySQL
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword
      VPCSecurityGroups:
        - !GetAtt DBSecurityGroup.GroupId

Outputs:
  StorageBucket:
    Description: "S3 storage bucket"
    Value: !Ref StorageBucket
    Export:
      Name: PatheinStorageBucket
  WebServerSecurityGroupName:
    Description: "Web server security group"
    Value: !Ref WebServerSecurityGroup
    Export:
      Name: PatheinWebServerSecurityGroupName
  WebServerSecurityGroupId:
    Description: "Web server security group"
    Value: !GetAtt WebServerSecurityGroup.GroupId
    Export:
      Name: PatheinWebServerSecurityGroupId      
  DBSecurityGroup:
    Description: "Database security group"
    Value: !Ref DBSecurityGroup
    Export:
      Name: PatheinDBSecurityGroup
  WebDatabase:
    Description: "Web database"
    Value: !Ref WebDatabase
    Export:
      Name: PatheinWebDatabases
  SSHLocation:
    Description: "SSH Location"
    Value: !Ref SSHLocation
    Export:
      Name: PatheinSSHLocation
  DatabaseHost:
    Description: "Database host"
    Value: !GetAtt WebDatabase.Endpoint.Address
  DatabasePort:
    Description: "Database port"
    Value: !GetAtt WebDatabase.Endpoint.Port
AWSTemplateFormatVersion: '2010-09-09'
Description: "Pathein Directory web application deployment template."
Parameters:
  KeyName:
    Default: 'PatheinDirectory'
    Type: String
  InstanceType:
    Default: 't2.micro'
    Type: String

Mappings:
  Region2Principal:
    us-east-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    us-west-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    us-west-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    eu-west-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    eu-west-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    eu-west-3:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-southeast-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-northeast-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-northeast-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-northeast-3:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-southeast-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-south-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    us-east-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ca-central-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    sa-east-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    cn-north-1:
      EC2Principal: ec2.amazonaws.com.cn
      OpsWorksPrincipal: opsworks.amazonaws.com.cn
    cn-northwest-1:
      EC2Principal: ec2.amazonaws.com.cn
      OpsWorksPrincipal: opsworks.amazonaws.com.cn
    eu-central-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    eu-north-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com

  Beanstalk2Route53HostedZoneId:
    us-east-1:
      HostedZoneId: Z3DZXE0Q79N41H
    us-west-1:
      HostedZoneId: Z1M58G0W56PQJA
    us-west-2:
      HostedZoneId: Z33MTJ483KN6FU
    eu-west-1:
      HostedZoneId: Z3NF1Z3NOM5OY2
    ap-northeast-1:
      HostedZoneId: Z2YN17T5R711GT
    ap-southeast-1:
      HostedZoneId: Z1WI8VXHPB1R38
    sa-east-1:
      HostedZoneId: Z2ES78Y61JGQKS

Resources:
  WebServerRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - Fn::FindInMap:
                    - Region2Principal
                    - Ref: AWS::Region
                    - EC2Principal
            Action:
              - sts:AssumeRole
      Path: /

  WebServerRolePolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: WebServerRole
      PolicyDocument:
        Statement:
          - Effect: Allow
            NotAction: iam:*
            Resource: '*'
      Roles:
        - Ref: WebServerRole

  WebServerInstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: /
      Roles:
        - Ref: WebServerRole

  Application:
    Type: AWS::ElasticBeanstalk::Application
    Properties:
      ApplicationName: PatheinDirectoryApplication
      Description: AWS Elastic Beanstalk Pathein Directory Laravel application

  ApplicationVersion:
    Type: AWS::ElasticBeanstalk::ApplicationVersion
    Properties:
      Description: Version 1.0
      ApplicationName:
        Ref: Application
      SourceBundle:
        S3Bucket:
          Fn::Join:
            - '-'
            - - elasticbeanstalk-samples
              - Ref: AWS::Region
        S3Key: php-sample.zip

  ApplicationConfigurationTemplate:
    Type: AWS::ElasticBeanstalk::ConfigurationTemplate
    Properties:
      ApplicationName:
        Ref: Application
      Description: SSH access to Pathein Directory Laravel application
      SolutionStackName: 64bit Amazon Linux 2 v3.1.1 running PHP 7.3
      OptionSettings:
        - Namespace: aws:autoscaling:launchconfiguration
          OptionName: EC2KeyName
          Value:
            Ref: KeyName
        - Namespace: aws:autoscaling:launchconfiguration
          OptionName: IamInstanceProfile
          Value:
            Ref: WebServerInstanceProfile
        - Namespace: aws:autoscaling:launchconfiguration
          OptionName: SecurityGroups
          Value:
            !ImportValue PatheinWebServerSecurityGroupName

  Environment:
    Type: AWS::ElasticBeanstalk::Environment
    Properties:
      Description: AWS Elastic Beanstalk Environment running Pathein Directory Laravel application
      ApplicationName:
        Ref: Application
      EnvironmentName: PatheinDirectory
      TemplateName:
        Ref: ApplicationConfigurationTemplate
      VersionLabel:
        Ref: ApplicationVersion
      OptionSettings:
        - Namespace: aws:elasticbeanstalk:container:php:phpini
          OptionName: document_root
          Value: /public

  ElasticCacheSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable TCP connection on port 6379
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '11211'
          ToPort: '11211'
          SourceSecurityGroupId: !ImportValue PatheinWebServerSecurityGroupId

  ElasticCacheCluster:
    Type: AWS::ElastiCache::CacheCluster
    Properties:
      AZMode: cross-az
      CacheNodeType: cache.t2.small
      Engine: memcached
      NumCacheNodes: '2'
      VpcSecurityGroupIds:
        - !GetAtt ElasticCacheSecurityGroup.GroupId
      PreferredAvailabilityZones:
        - !Select
          - 0
          - Fn::GetAZs: !Ref AWS::Region
        - !Select
          - 1
          - Fn::GetAZs: !Ref AWS::Region
core.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: "Permanent resources to be imported"
Parameters:
  SSHLocation:
    Description: The IP address range that can be used to SSH to the EC2 instances
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: 0.0.0.0/0
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x
  DBInstanceIdentifier:
    Type: String
    Default: 'patheindbidentifier'
  DBName:
    Type: String
    Default: 'patheindb'
  DBUsername:
    Type: String
    Default: 'patheindbadmin'
  DBClass:
    Type: String
    Default: 'db.t2.micro'
  DBAllocatedStorage:
    Type: String
    Default: '5'
  DBPassword:
    Type: String

Resources:
  StorageBucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      BucketName: pathein-directory-storage-32112
      AccessControl: PublicRead

  WebServerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      GroupDescription: Security Group for EC2 instances
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '80'
          ToPort: '80'
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp:
            Ref: SSHLocation

  DBSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      GroupDescription: Database security group
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '3306'
          ToPort: '3306'
          SourceSecurityGroupId: !GetAtt WebServerSecurityGroup.GroupId

  WebDatabase:
    Type: AWS::RDS::DBInstance
    DeletionPolicy: Retain
    UpdateReplacePolicy: Retain
    Properties:
      DBInstanceIdentifier: !Ref DBInstanceIdentifier
      DBName: !Ref DBName
      DBInstanceClass: !Ref DBClass
      AllocatedStorage: !Ref DBAllocatedStorage
      Engine: MySQL
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword
      VPCSecurityGroups:
        - !GetAtt DBSecurityGroup.GroupId

Outputs:
  StorageBucket:
    Description: "S3 storage bucket"
    Value: !Ref StorageBucket
    Export:
      Name: PatheinStorageBucket
  WebServerSecurityGroupName:
    Description: "Web server security group"
    Value: !Ref WebServerSecurityGroup
    Export:
      Name: PatheinWebServerSecurityGroupName
  WebServerSecurityGroupId:
    Description: "Web server security group"
    Value: !GetAtt WebServerSecurityGroup.GroupId
    Export:
      Name: PatheinWebServerSecurityGroupId      
  DBSecurityGroup:
    Description: "Database security group"
    Value: !Ref DBSecurityGroup
    Export:
      Name: PatheinDBSecurityGroup
  WebDatabase:
    Description: "Web database"
    Value: !Ref WebDatabase
    Export:
      Name: PatheinWebDatabases
  SSHLocation:
    Description: "SSH Location"
    Value: !Ref SSHLocation
    Export:
      Name: PatheinSSHLocation
  DatabaseHost:
    Description: "Database host"
    Value: !GetAtt WebDatabase.Endpoint.Address
  DatabasePort:
    Description: "Database port"
    Value: !GetAtt WebDatabase.Endpoint.Port
AWSTemplateFormatVersion: '2010-09-09'
Description: "Pathein Directory web application deployment template."
Parameters:
  KeyName:
    Default: 'PatheinDirectory'
    Type: String
  InstanceType:
    Default: 't2.micro'
    Type: String

Mappings:
  Region2Principal:
    us-east-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    us-west-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    us-west-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    eu-west-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    eu-west-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    eu-west-3:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-southeast-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-northeast-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-northeast-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-northeast-3:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-southeast-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ap-south-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    us-east-2:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    ca-central-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    sa-east-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    cn-north-1:
      EC2Principal: ec2.amazonaws.com.cn
      OpsWorksPrincipal: opsworks.amazonaws.com.cn
    cn-northwest-1:
      EC2Principal: ec2.amazonaws.com.cn
      OpsWorksPrincipal: opsworks.amazonaws.com.cn
    eu-central-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com
    eu-north-1:
      EC2Principal: ec2.amazonaws.com
      OpsWorksPrincipal: opsworks.amazonaws.com

  Beanstalk2Route53HostedZoneId:
    us-east-1:
      HostedZoneId: Z3DZXE0Q79N41H
    us-west-1:
      HostedZoneId: Z1M58G0W56PQJA
    us-west-2:
      HostedZoneId: Z33MTJ483KN6FU
    eu-west-1:
      HostedZoneId: Z3NF1Z3NOM5OY2
    ap-northeast-1:
      HostedZoneId: Z2YN17T5R711GT
    ap-southeast-1:
      HostedZoneId: Z1WI8VXHPB1R38
    sa-east-1:
      HostedZoneId: Z2ES78Y61JGQKS

Resources:
  WebServerRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - Fn::FindInMap:
                    - Region2Principal
                    - Ref: AWS::Region
                    - EC2Principal
            Action:
              - sts:AssumeRole
      Path: /

  WebServerRolePolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: WebServerRole
      PolicyDocument:
        Statement:
          - Effect: Allow
            NotAction: iam:*
            Resource: '*'
      Roles:
        - Ref: WebServerRole

  WebServerInstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: /
      Roles:
        - Ref: WebServerRole

  Application:
    Type: AWS::ElasticBeanstalk::Application
    Properties:
      ApplicationName: PatheinDirectoryApplication
      Description: AWS Elastic Beanstalk Pathein Directory Laravel application

  ApplicationVersion:
    Type: AWS::ElasticBeanstalk::ApplicationVersion
    Properties:
      Description: Version 1.0
      ApplicationName:
        Ref: Application
      SourceBundle:
        S3Bucket:
          Fn::Join:
            - '-'
            - - elasticbeanstalk-samples
              - Ref: AWS::Region
        S3Key: php-sample.zip

  ApplicationConfigurationTemplate:
    Type: AWS::ElasticBeanstalk::ConfigurationTemplate
    Properties:
      ApplicationName:
        Ref: Application
      Description: SSH access to Pathein Directory Laravel application
      SolutionStackName: 64bit Amazon Linux 2 v3.1.1 running PHP 7.3
      OptionSettings:
        - Namespace: aws:autoscaling:launchconfiguration
          OptionName: EC2KeyName
          Value:
            Ref: KeyName
        - Namespace: aws:autoscaling:launchconfiguration
          OptionName: IamInstanceProfile
          Value:
            Ref: WebServerInstanceProfile
        - Namespace: aws:autoscaling:launchconfiguration
          OptionName: SecurityGroups
          Value:
            !ImportValue PatheinWebServerSecurityGroupName

  Environment:
    Type: AWS::ElasticBeanstalk::Environment
    Properties:
      Description: AWS Elastic Beanstalk Environment running Pathein Directory Laravel application
      ApplicationName:
        Ref: Application
      EnvironmentName: PatheinDirectory
      TemplateName:
        Ref: ApplicationConfigurationTemplate
      VersionLabel:
        Ref: ApplicationVersion
      OptionSettings:
        - Namespace: aws:elasticbeanstalk:container:php:phpini
          OptionName: document_root
          Value: /public

  ElasticCacheSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable TCP connection on port 6379
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '11211'
          ToPort: '11211'
          SourceSecurityGroupId: !ImportValue PatheinWebServerSecurityGroupId

  ElasticCacheCluster:
    Type: AWS::ElastiCache::CacheCluster
    Properties:
      AZMode: cross-az
      CacheNodeType: cache.t2.small
      Engine: memcached
      NumCacheNodes: '2'
      VpcSecurityGroupIds:
        - !GetAtt ElasticCacheSecurityGroup.GroupId
      PreferredAvailabilityZones:
        - !Select
          - 0
          - Fn::GetAZs: !Ref AWS::Region
        - !Select
          - 1
          - Fn::GetAZs: !Ref AWS::Region

您好,我已经修复了PHP映像问题。但它仍在抱怨安全小组不存在。我检查了控制台,它存在。如何修复它?您是否已为物理资源ID添加了新的导出到resources.yaml,如我在2中所述。?我编辑了我的答案,以包含相应的代码示例。@WaiYanHein没问题。:-)