Amazon web services AWS CloudFormation部署失败,正在使用从其他模板导入的资源
我正在使用CloudFormation模板将我的基础设施部署到AWS。我有两个模板core.yaml和resources.yaml。core.yaml文件正在使用core.yaml中的资源将它们导入模板。resources.yaml文件正在导出资源。但是当我部署core.yaml文件时,它失败了。下面是我的代码 资源.yamlAmazon web services AWS CloudFormation部署失败,正在使用从其他模板导入的资源,amazon-web-services,amazon-cloudformation,Amazon Web Services,Amazon Cloudformation,我正在使用CloudFormation模板将我的基础设施部署到AWS。我有两个模板core.yaml和resources.yaml。core.yaml文件正在使用core.yaml中的资源将它们导入模板。resources.yaml文件正在导出资源。但是当我部署core.yaml文件时,它失败了。下面是我的代码 资源.yaml AWSTemplateFormatVersion: "2010-09-09" Description: "Permanent resourc
AWSTemplateFormatVersion: "2010-09-09"
Description: "Permanent resources to be imported"
Parameters:
SSHLocation:
Description: The IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x
DBInstanceIdentifier:
Type: String
Default: 'patheindbidentifier'
DBName:
Type: String
Default: 'patheindb'
DBUsername:
Type: String
Default: 'patheindbadmin'
DBClass:
Type: String
Default: 'db.t2.micro'
DBAllocatedStorage:
Type: String
Default: '5'
DBPassword:
Type: String
Resources:
StorageBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
BucketName: pathein-directory-storage
AccessControl: PublicRead
WebServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
GroupDescription: Security Group for EC2 instances
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp:
Ref: SSHLocation
DBSecurityGroup:
Type: AWS::EC2::SecurityGroup
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
GroupDescription: Database security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '3306'
ToPort: '3306'
SourceSecurityGroupId: !GetAtt WebServerSecurityGroup.GroupId
WebDatabase:
Type: AWS::RDS::DBInstance
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
DBInstanceIdentifier: !Ref DBInstanceIdentifier
DBName: !Ref DBName
DBInstanceClass: !Ref DBClass
AllocatedStorage: !Ref DBAllocatedStorage
Engine: MySQL
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
VPCSecurityGroups:
- !GetAtt DBSecurityGroup.GroupId
Outputs:
StorageBucket:
Description: "S3 storage bucket"
Value: !Ref StorageBucket
Export:
Name: PatheinStorageBucket
WebServerSecurityGroup:
Description: "Web server security group"
Value: !GetAtt WebServerSecurityGroup.GroupId
Export:
Name: PatheinWebServerSecurityGroup
DBSecurityGroup:
Description: "Database security group"
Value: !Ref DBSecurityGroup
Export:
Name: PatheinDBSecurityGroup
WebDatabase:
Description: "Web database"
Value: !Ref WebDatabase
Export:
Name: PatheinWebDatabases
SSHLocation:
Description: "SSH Location"
Value: !Ref SSHLocation
Export:
Name: PatheinSSHLocation
DatabaseHost:
Description: "Database host"
Value: !GetAtt WebDatabase.Endpoint.Address
DatabasePort:
Description: "Database port"
Value: !GetAtt WebDatabase.Endpoint.Port
AWSTemplateFormatVersion: '2010-09-09'
Description: "Pathein Directory web application deployment template."
Parameters:
KeyName:
Default: 'PatheinDirectory'
Type: String
InstanceType:
Default: 't2.micro'
Type: String
Mappings:
Region2Principal:
us-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-south-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-east-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ca-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
sa-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
cn-north-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
cn-northwest-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
eu-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-north-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
Beanstalk2Route53HostedZoneId:
us-east-1:
HostedZoneId: Z3DZXE0Q79N41H
us-west-1:
HostedZoneId: Z1M58G0W56PQJA
us-west-2:
HostedZoneId: Z33MTJ483KN6FU
eu-west-1:
HostedZoneId: Z3NF1Z3NOM5OY2
ap-northeast-1:
HostedZoneId: Z2YN17T5R711GT
ap-southeast-1:
HostedZoneId: Z1WI8VXHPB1R38
sa-east-1:
HostedZoneId: Z2ES78Y61JGQKS
Resources:
WebServerRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- Fn::FindInMap:
- Region2Principal
- Ref: AWS::Region
- EC2Principal
Action:
- sts:AssumeRole
Path: /
WebServerRolePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: WebServerRole
PolicyDocument:
Statement:
- Effect: Allow
NotAction: iam:*
Resource: '*'
Roles:
- Ref: WebServerRole
WebServerInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- Ref: WebServerRole
Application:
Type: AWS::ElasticBeanstalk::Application
Properties:
ApplicationName: PatheinDirectoryApplication
Description: AWS Elastic Beanstalk Pathein Directory Laravel application
ApplicationVersion:
Type: AWS::ElasticBeanstalk::ApplicationVersion
Properties:
Description: Version 1.0
ApplicationName:
Ref: Application
SourceBundle:
S3Bucket:
Fn::Join:
- '-'
- - elasticbeanstalk-samples
- Ref: AWS::Region
S3Key: php-sample.zip
ApplicationConfigurationTemplate:
Type: AWS::ElasticBeanstalk::ConfigurationTemplate
Properties:
ApplicationName:
Ref: Application
Description: SSH access to Pathein Directory Laravel application
SolutionStackName: 64bit Amazon Linux 2 v3.1.0 running PHP 7.3
OptionSettings:
- Namespace: aws:autoscaling:launchconfiguration
OptionName: EC2KeyName
Value:
Ref: KeyName
- Namespace: aws:autoscaling:launchconfiguration
OptionName: IamInstanceProfile
Value:
Ref: WebServerInstanceProfile
- Namespace: aws:autoscaling:launchconfiguration
OptionName: SecurityGroups
Value:
!ImportValue PatheinWebServerSecurityGroup
Environment:
Type: AWS::ElasticBeanstalk::Environment
Properties:
Description: AWS Elastic Beanstalk Environment running Pathein Directory Laravel application
ApplicationName:
Ref: Application
EnvironmentName: PatheinDirectory
TemplateName:
Ref: ApplicationConfigurationTemplate
VersionLabel:
Ref: ApplicationVersion
OptionSettings:
- Namespace: aws:elasticbeanstalk:container:php:phpini
OptionName: document_root
Value: /public
ElasticCacheSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable TCP connection on port 6379
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '11211'
ToPort: '11211'
SourceSecurityGroupId: !ImportValue PatheinWebServerSecurityGroup
ElasticCacheCluster:
Type: AWS::ElastiCache::CacheCluster
Properties:
AZMode: cross-az
CacheNodeType: cache.t2.small
Engine: memcached
NumCacheNodes: '2'
VpcSecurityGroupIds:
- !GetAtt ElasticCacheSecurityGroup.GroupId
PreferredAvailabilityZones:
- !Select
- 0
- Fn::GetAZs: !Ref AWS::Region
- !Select
- 1
- Fn::GetAZs: !Ref AWS::Region
{
"StackId": "arn:aws:cloudformation:eu-west-1:733553390213:stack/patheindirectory/5da3be20-ef6c-11ea-8dc6-0275bf88180c",
"EventId": "b7aa01e0-ef6c-11ea-b8c0-06e621efe3ec",
"StackName": "patheindirectory",
"LogicalResourceId": "patheindirectory",
"PhysicalResourceId": "arn:aws:cloudformation:eu-west-1:733553390213:stack/patheindirectory/5da3be20-ef6c-11ea-8dc6-0275bf88180c",
"ResourceType": "AWS::CloudFormation::Stack",
"Timestamp": "2020-09-05T11:41:20.498000+00:00",
"ResourceStatus": "ROLLBACK_IN_PROGRESS",
"ResourceStatusReason": "The following resource(s) failed to create: [ElasticCacheCluster, ApplicationConfigurationTemplate]. . Rollback requested by user."
},
通常,在CloudFormation控制台中查看堆栈事件时,可以找到更详细的错误消息。在本例中,我得到了
ApplicationConfigurationTemplate未找到名为“运行PHP 7.3的64位Amazon Linux 2 v3.1.0”的解决方案堆栈SolutionStackName:64位运行PHP7.3的Amazon Linux 2 v3.1.1
2配置验证异常:无效选项值:“sg xxx”(命名空间:“aws:autoscaling:launchconfiguration”,选项名称:“SecurityGroups”):安全组“sg xxx”不存在
:这与以下代码段有关:
- Namespace: aws:autoscaling:launchconfiguration
OptionName: SecurityGroups
Value:
!ImportValue PatheinWebServerSecurityGroup
问题在于,在这种情况下,需要的不是逻辑ID(安全组ID),而是安全组的物理ID(安全组名称)。这意味着您必须向resources.yaml模板添加另一个导出,如下所示:
WebServerSecurityGroupName:
Description: "Web server security group name"
Value: !Ref WebServerSecurityGroup
Export:
Name: PatheinWebServerSecurityGroupName
然后可以将其导入core.yaml:
- Namespace: aws:autoscaling:launchconfiguration
OptionName: SecurityGroups
Value:
!ImportValue PatheinWebServerSecurityGroupName
请注意,您仍然需要导出逻辑ID,因为它由ElasticCacheSecurityGroup
使用。您有一个有趣的案例显示了CloudFormation中的不一致性。在某些情况下需要安全组(SG)ID(对于ElasticCacheCluster
),在其他情况下需要SG名称(对于ApplicationConfiguration Template
)。因此,在您的情况下,您需要从resources.yaml
导出这两个文件,并分别在core.yaml
中导入它们。还需要更新SolutionStackName
下面是固定模板。我验证了他们在us-east-1
地区工作和部署。我只验证了它们的部署,而不是结果资源的功能
resources.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: "Permanent resources to be imported"
Parameters:
SSHLocation:
Description: The IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x
DBInstanceIdentifier:
Type: String
Default: 'patheindbidentifier'
DBName:
Type: String
Default: 'patheindb'
DBUsername:
Type: String
Default: 'patheindbadmin'
DBClass:
Type: String
Default: 'db.t2.micro'
DBAllocatedStorage:
Type: String
Default: '5'
DBPassword:
Type: String
Resources:
StorageBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
BucketName: pathein-directory-storage-32112
AccessControl: PublicRead
WebServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
GroupDescription: Security Group for EC2 instances
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp:
Ref: SSHLocation
DBSecurityGroup:
Type: AWS::EC2::SecurityGroup
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
GroupDescription: Database security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '3306'
ToPort: '3306'
SourceSecurityGroupId: !GetAtt WebServerSecurityGroup.GroupId
WebDatabase:
Type: AWS::RDS::DBInstance
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
DBInstanceIdentifier: !Ref DBInstanceIdentifier
DBName: !Ref DBName
DBInstanceClass: !Ref DBClass
AllocatedStorage: !Ref DBAllocatedStorage
Engine: MySQL
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
VPCSecurityGroups:
- !GetAtt DBSecurityGroup.GroupId
Outputs:
StorageBucket:
Description: "S3 storage bucket"
Value: !Ref StorageBucket
Export:
Name: PatheinStorageBucket
WebServerSecurityGroupName:
Description: "Web server security group"
Value: !Ref WebServerSecurityGroup
Export:
Name: PatheinWebServerSecurityGroupName
WebServerSecurityGroupId:
Description: "Web server security group"
Value: !GetAtt WebServerSecurityGroup.GroupId
Export:
Name: PatheinWebServerSecurityGroupId
DBSecurityGroup:
Description: "Database security group"
Value: !Ref DBSecurityGroup
Export:
Name: PatheinDBSecurityGroup
WebDatabase:
Description: "Web database"
Value: !Ref WebDatabase
Export:
Name: PatheinWebDatabases
SSHLocation:
Description: "SSH Location"
Value: !Ref SSHLocation
Export:
Name: PatheinSSHLocation
DatabaseHost:
Description: "Database host"
Value: !GetAtt WebDatabase.Endpoint.Address
DatabasePort:
Description: "Database port"
Value: !GetAtt WebDatabase.Endpoint.Port
AWSTemplateFormatVersion: '2010-09-09'
Description: "Pathein Directory web application deployment template."
Parameters:
KeyName:
Default: 'PatheinDirectory'
Type: String
InstanceType:
Default: 't2.micro'
Type: String
Mappings:
Region2Principal:
us-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-south-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-east-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ca-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
sa-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
cn-north-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
cn-northwest-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
eu-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-north-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
Beanstalk2Route53HostedZoneId:
us-east-1:
HostedZoneId: Z3DZXE0Q79N41H
us-west-1:
HostedZoneId: Z1M58G0W56PQJA
us-west-2:
HostedZoneId: Z33MTJ483KN6FU
eu-west-1:
HostedZoneId: Z3NF1Z3NOM5OY2
ap-northeast-1:
HostedZoneId: Z2YN17T5R711GT
ap-southeast-1:
HostedZoneId: Z1WI8VXHPB1R38
sa-east-1:
HostedZoneId: Z2ES78Y61JGQKS
Resources:
WebServerRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- Fn::FindInMap:
- Region2Principal
- Ref: AWS::Region
- EC2Principal
Action:
- sts:AssumeRole
Path: /
WebServerRolePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: WebServerRole
PolicyDocument:
Statement:
- Effect: Allow
NotAction: iam:*
Resource: '*'
Roles:
- Ref: WebServerRole
WebServerInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- Ref: WebServerRole
Application:
Type: AWS::ElasticBeanstalk::Application
Properties:
ApplicationName: PatheinDirectoryApplication
Description: AWS Elastic Beanstalk Pathein Directory Laravel application
ApplicationVersion:
Type: AWS::ElasticBeanstalk::ApplicationVersion
Properties:
Description: Version 1.0
ApplicationName:
Ref: Application
SourceBundle:
S3Bucket:
Fn::Join:
- '-'
- - elasticbeanstalk-samples
- Ref: AWS::Region
S3Key: php-sample.zip
ApplicationConfigurationTemplate:
Type: AWS::ElasticBeanstalk::ConfigurationTemplate
Properties:
ApplicationName:
Ref: Application
Description: SSH access to Pathein Directory Laravel application
SolutionStackName: 64bit Amazon Linux 2 v3.1.1 running PHP 7.3
OptionSettings:
- Namespace: aws:autoscaling:launchconfiguration
OptionName: EC2KeyName
Value:
Ref: KeyName
- Namespace: aws:autoscaling:launchconfiguration
OptionName: IamInstanceProfile
Value:
Ref: WebServerInstanceProfile
- Namespace: aws:autoscaling:launchconfiguration
OptionName: SecurityGroups
Value:
!ImportValue PatheinWebServerSecurityGroupName
Environment:
Type: AWS::ElasticBeanstalk::Environment
Properties:
Description: AWS Elastic Beanstalk Environment running Pathein Directory Laravel application
ApplicationName:
Ref: Application
EnvironmentName: PatheinDirectory
TemplateName:
Ref: ApplicationConfigurationTemplate
VersionLabel:
Ref: ApplicationVersion
OptionSettings:
- Namespace: aws:elasticbeanstalk:container:php:phpini
OptionName: document_root
Value: /public
ElasticCacheSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable TCP connection on port 6379
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '11211'
ToPort: '11211'
SourceSecurityGroupId: !ImportValue PatheinWebServerSecurityGroupId
ElasticCacheCluster:
Type: AWS::ElastiCache::CacheCluster
Properties:
AZMode: cross-az
CacheNodeType: cache.t2.small
Engine: memcached
NumCacheNodes: '2'
VpcSecurityGroupIds:
- !GetAtt ElasticCacheSecurityGroup.GroupId
PreferredAvailabilityZones:
- !Select
- 0
- Fn::GetAZs: !Ref AWS::Region
- !Select
- 1
- Fn::GetAZs: !Ref AWS::Region
core.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: "Permanent resources to be imported"
Parameters:
SSHLocation:
Description: The IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x
DBInstanceIdentifier:
Type: String
Default: 'patheindbidentifier'
DBName:
Type: String
Default: 'patheindb'
DBUsername:
Type: String
Default: 'patheindbadmin'
DBClass:
Type: String
Default: 'db.t2.micro'
DBAllocatedStorage:
Type: String
Default: '5'
DBPassword:
Type: String
Resources:
StorageBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
BucketName: pathein-directory-storage-32112
AccessControl: PublicRead
WebServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
GroupDescription: Security Group for EC2 instances
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp:
Ref: SSHLocation
DBSecurityGroup:
Type: AWS::EC2::SecurityGroup
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
GroupDescription: Database security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '3306'
ToPort: '3306'
SourceSecurityGroupId: !GetAtt WebServerSecurityGroup.GroupId
WebDatabase:
Type: AWS::RDS::DBInstance
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
DBInstanceIdentifier: !Ref DBInstanceIdentifier
DBName: !Ref DBName
DBInstanceClass: !Ref DBClass
AllocatedStorage: !Ref DBAllocatedStorage
Engine: MySQL
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
VPCSecurityGroups:
- !GetAtt DBSecurityGroup.GroupId
Outputs:
StorageBucket:
Description: "S3 storage bucket"
Value: !Ref StorageBucket
Export:
Name: PatheinStorageBucket
WebServerSecurityGroupName:
Description: "Web server security group"
Value: !Ref WebServerSecurityGroup
Export:
Name: PatheinWebServerSecurityGroupName
WebServerSecurityGroupId:
Description: "Web server security group"
Value: !GetAtt WebServerSecurityGroup.GroupId
Export:
Name: PatheinWebServerSecurityGroupId
DBSecurityGroup:
Description: "Database security group"
Value: !Ref DBSecurityGroup
Export:
Name: PatheinDBSecurityGroup
WebDatabase:
Description: "Web database"
Value: !Ref WebDatabase
Export:
Name: PatheinWebDatabases
SSHLocation:
Description: "SSH Location"
Value: !Ref SSHLocation
Export:
Name: PatheinSSHLocation
DatabaseHost:
Description: "Database host"
Value: !GetAtt WebDatabase.Endpoint.Address
DatabasePort:
Description: "Database port"
Value: !GetAtt WebDatabase.Endpoint.Port
AWSTemplateFormatVersion: '2010-09-09'
Description: "Pathein Directory web application deployment template."
Parameters:
KeyName:
Default: 'PatheinDirectory'
Type: String
InstanceType:
Default: 't2.micro'
Type: String
Mappings:
Region2Principal:
us-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-south-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-east-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ca-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
sa-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
cn-north-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
cn-northwest-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
eu-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-north-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
Beanstalk2Route53HostedZoneId:
us-east-1:
HostedZoneId: Z3DZXE0Q79N41H
us-west-1:
HostedZoneId: Z1M58G0W56PQJA
us-west-2:
HostedZoneId: Z33MTJ483KN6FU
eu-west-1:
HostedZoneId: Z3NF1Z3NOM5OY2
ap-northeast-1:
HostedZoneId: Z2YN17T5R711GT
ap-southeast-1:
HostedZoneId: Z1WI8VXHPB1R38
sa-east-1:
HostedZoneId: Z2ES78Y61JGQKS
Resources:
WebServerRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- Fn::FindInMap:
- Region2Principal
- Ref: AWS::Region
- EC2Principal
Action:
- sts:AssumeRole
Path: /
WebServerRolePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: WebServerRole
PolicyDocument:
Statement:
- Effect: Allow
NotAction: iam:*
Resource: '*'
Roles:
- Ref: WebServerRole
WebServerInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- Ref: WebServerRole
Application:
Type: AWS::ElasticBeanstalk::Application
Properties:
ApplicationName: PatheinDirectoryApplication
Description: AWS Elastic Beanstalk Pathein Directory Laravel application
ApplicationVersion:
Type: AWS::ElasticBeanstalk::ApplicationVersion
Properties:
Description: Version 1.0
ApplicationName:
Ref: Application
SourceBundle:
S3Bucket:
Fn::Join:
- '-'
- - elasticbeanstalk-samples
- Ref: AWS::Region
S3Key: php-sample.zip
ApplicationConfigurationTemplate:
Type: AWS::ElasticBeanstalk::ConfigurationTemplate
Properties:
ApplicationName:
Ref: Application
Description: SSH access to Pathein Directory Laravel application
SolutionStackName: 64bit Amazon Linux 2 v3.1.1 running PHP 7.3
OptionSettings:
- Namespace: aws:autoscaling:launchconfiguration
OptionName: EC2KeyName
Value:
Ref: KeyName
- Namespace: aws:autoscaling:launchconfiguration
OptionName: IamInstanceProfile
Value:
Ref: WebServerInstanceProfile
- Namespace: aws:autoscaling:launchconfiguration
OptionName: SecurityGroups
Value:
!ImportValue PatheinWebServerSecurityGroupName
Environment:
Type: AWS::ElasticBeanstalk::Environment
Properties:
Description: AWS Elastic Beanstalk Environment running Pathein Directory Laravel application
ApplicationName:
Ref: Application
EnvironmentName: PatheinDirectory
TemplateName:
Ref: ApplicationConfigurationTemplate
VersionLabel:
Ref: ApplicationVersion
OptionSettings:
- Namespace: aws:elasticbeanstalk:container:php:phpini
OptionName: document_root
Value: /public
ElasticCacheSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable TCP connection on port 6379
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '11211'
ToPort: '11211'
SourceSecurityGroupId: !ImportValue PatheinWebServerSecurityGroupId
ElasticCacheCluster:
Type: AWS::ElastiCache::CacheCluster
Properties:
AZMode: cross-az
CacheNodeType: cache.t2.small
Engine: memcached
NumCacheNodes: '2'
VpcSecurityGroupIds:
- !GetAtt ElasticCacheSecurityGroup.GroupId
PreferredAvailabilityZones:
- !Select
- 0
- Fn::GetAZs: !Ref AWS::Region
- !Select
- 1
- Fn::GetAZs: !Ref AWS::Region
您好,我已经修复了PHP映像问题。但它仍在抱怨安全小组不存在。我检查了控制台,它存在。如何修复它?您是否已为物理资源ID添加了新的导出到resources.yaml,如我在2中所述。?我编辑了我的答案,以包含相应的代码示例。@WaiYanHein没问题。:-)