Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/react-native/7.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 如何在CloudFormation模板中为Elastic Beanstalk启动配置指定安全组?_Amazon Web Services_Amazon Elastic Beanstalk_Amazon Cloudformation_Aws Security Group - Fatal编程技术网
Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 如何在CloudFormation模板中为Elastic Beanstalk启动配置指定安全组?

Amazon web services 如何在CloudFormation模板中为Elastic Beanstalk启动配置指定安全组?

amazon-web-services amazon-cloudformation

Amazon web services 如何在CloudFormation模板中为Elastic Beanstalk启动配置指定安全组?,amazon-web-services,amazon-elastic-beanstalk,amazon-cloudformation,aws-security-group,Amazon Web Services,Amazon Elastic Beanstalk,Amazon Cloudformation,Aws Security Group,我在CloudFormation模板中定义了以下安全组: "APIInstanceSG": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Security Group for Application EC2 Instances, "VpcId": "vpc-10a75377", "Tags": [{ "Key": "Name", "Valu

我在CloudFormation模板中定义了以下安全组:

"APIInstanceSG": {
  "Type": "AWS::EC2::SecurityGroup",
  "Properties": {
    "GroupDescription": "Security Group for Application EC2 Instances,
    "VpcId": "vpc-10a75377",
    "Tags": [{
      "Key": "Name",
      "Value": "APIInstanceSG" }
    }]
  }
}
我还定义了一个弹性Beanstalk环境,其中包含以下内部选项设置:

{
  "Namespace": "aws:autoscaling:launchconfiguration",
  "OptionName": "SecurityGroups",
  "Value": { "Ref": "APIInstanceSG" }
}
当我使用此模板创建堆栈时,会在CloudFormation尝试创建EB环境之前创建安全组,但当它尝试创建EB环境时,会失败,出现以下错误:

配置验证异常:无效选项值:“sg-994fcbe4”(命名空间:“aws:autoscaling:launchconfiguration”,选项名称:“SecurityGroups”):安全组“sg-994fcbe4”不存在

sg-994fcbe4是创建的安全组的ID

Elastic Beanstalk环境配置如下:

"AspectAPIEnv": {
  "Type": "AWS::ElasticBeanstalk::Environment",
  "Properties": {
    "ApplicationName": "application-name",
    "EnvironmentName": "environment-name",
    "SolutionStackName": "64bit Amazon Linux 2016.09 v3.1.0 running Node.js",
    "Tier": {
      "Name": "WebServer",
      "Type": "Standard"
    },
    "OptionSettings": [
      {
        "Namespace": "aws:autoscaling:launchconfiguration",
        "OptionName": "EC2KeyName",
        "Value": "ec2-key"
      },
      {
        "Namespace": "aws:autoscaling:launchconfiguration",
        "OptionName": "IamInstanceProfile",
        "Value": "aws-elasticbeanstalk-ec2-role"
      },
      {
        "Namespace": "aws:autoscaling:launchconfiguration",
        "OptionName": "ImageId",
        "Value": "ami-d8356acf"
      },
      {
        "Namespace": "aws:autoscaling:launchconfiguration",
        "OptionName": "InstanceType",
        "Value": "t2.micro"
      },
      {
        "Namespace": "aws:autoscaling:launchconfiguration",
        "OptionName": "SecurityGroups",
        "Value": { "Ref": "APIInstanceSG" }
      },
      {
        "Namespace": "aws:autoscaling:trigger",
        "OptionName": "UpperThreshold",
        "Value": "6000000"
      },
      {
        "Namespace": "aws:autoscaling:updatepolicy:rollingupdate",
        "OptionName": "MaxBatchSize",
        "Value": "1"
      },
      {
        "Namespace": "aws:autoscaling:updatepolicy:rollingupdate",
        "OptionName": "MinInstancesInService",
        "Value": "1"
      },
      {
        "Namespace": "aws:autoscaling:updatepolicy:rollingupdate",
        "OptionName": "RollingUpdateEnabled",
        "Value": "true"
      },
      {
        "Namespace": "aws:autoscaling:updatepolicy:rollingupdate",
        "OptionName": "RollingUpdateType",
        "Value": "Health"
      },
      {
        "Namespace": "aws:elasticbeanstalk:command",
        "OptionName": "BatchSize",
        "Value": "30"
      },
      {
        "Namespace": "aws:elasticbeanstalk:container:nodejs",
        "OptionName": "NodeVersion",
        "Value": "6.2.2"
      },
      {
        "Namespace": "aws:elasticbeanstalk:environment",
        "OptionName": "ServiceRole",
        "Value": "aws-elasticbeanstalk-service-role"
      },
      {
        "Namespace": "aws:elasticbeanstalk:healthreporting:system",
        "OptionName": "SystemType",
        "Value": "enhanced"
      },
      {
        "Namespace": "aws:elasticbeanstalk:managedactions",
        "OptionName": "ManagedActionsEnabled",
        "Value": "true"
      },
      {
        "Namespace": "aws:elasticbeanstalk:managedactions",
        "OptionName": "PreferredStartTime",
        "Value": "SUN:09:02"
      },
      {
        "Namespace": "aws:elasticbeanstalk:managedactions:platformupdate",
        "OptionName": "UpdateLevel",
        "Value": "minor"
      },
      {
        "Namespace": "aws:elb:healthcheck",
        "OptionName": "Interval",
        "Value": "10"
      },
      {
        "Namespace": "aws:elb:loadbalancer",
        "OptionName": "CrossZone",
        "Value": "true"
      },
      {
        "Namespace": "aws:elb:loadbalancer",
        "OptionName": "LoadBalancerHTTPPort",
        "Value": "80"
      },
      {
        "Namespace": "aws:elb:loadbalancer",
        "OptionName": "SecurityGroups",
        "Value": { "Ref": "APILoadBalancerSG" }
      },
      {
        "Namespace": "aws:elb:loadbalancer",
        "OptionName": "ManagedSecurityGroup",
        "Value": { "Ref": "APILoadBalancerSG" }
      },
      {
        "Namespace": "aws:elb:policies",
        "OptionName": "ConnectionDrainingEnabled",
        "Value": "true"
      }
    ],
    "Tags": [
      {
        "Key": "Name",
        "Value": "AspectAPIEnv"
      }
    ]
  },
  "DependsOn": "RDSInstance"
}
要克服这一点:

您需要从AWS CLI更改EB安全组,但无法从AWS Web控制台进行更改

考虑到您已经拥有AWS CLI,如果要更改安全组,则需要执行以下命令:

aws elasticbeanstalk update-environment –environment-name –option-settings Namespace=aws:autoscaling:launchconfiguration,OptionName=SecurityGroups,Value=””

您应该在LC定义中设置DependsOn属性,以确保它在堆栈创建期间存在于SG之前。否则,您不能保证引用将起作用

"APIInstanceSG": {
  "Type": "AWS::EC2::SecurityGroup",
  "Properties": {
    "GroupDescription": "Security Group for Application EC2 Instances,
    "VpcId": "vpc-10a75377",
    "Tags": [{
      "Key": "Name",
      "Value": "APIInstanceSG" }
    }]
  },
  "DependsOn" : "APIInstanceSG"
}

在模板中,而不是

"DependsOn" : "RDSInstance"
写:

"DependsOn": ["APIInstanceSG", "RDSInstance"]
更多信息:

查看您的AWS::ElasticBeanstalk::Environment资源后,我能够重现您遇到的错误。正如Marc Young在对您的问题的评论中所建议的,您并没有为您的环境指定专有网络。由于您的安全组位于专有网络中,因此无法从不在同一专有网络中的资源访问它

要修复此问题,必须将以下配置选项添加到环境中:

{
  "Namespace" : "aws:ec2:vpc",
  "OptionName" : "VPCId",
  "Value" : "vpc-10a75377"
},
如果指定VPC,则使用更新的模板创建堆栈将失败,并显示一条错误消息,说明您还需要指定环境子网,因此您必须添加以下选项:

{
  "Namespace" : "aws:ec2:vpc",
  "OptionName" : "Subnets",
  "Value" : <insert the subnet for your instances here>
},
{
  "Namespace" : "aws:ec2:vpc",
  "OptionName" : "ELBSubnets",
  "Value" : <insert the subnet for your load balancer here>
}

{
“名称空间”:“aws:ec2:vpc”,
“OptionName”:“子网”,
“价值”:
},
{
“名称空间”:“aws:ec2:vpc”,
“OptionName”:“子网”,
“价值”:
}
您可以在中的VPC中检查Beanstalk应用程序的工作示例。

您确定启动配置与安全组在同一VPC中?是的,所有实例都在VPCI中。您可以向我们显示Beanstalk环境资源的模板片段吗?当然,现在刚刚添加了它谢谢,我补充了一个答案@MarcYoung的做法是正确的,您的环境资源缺少VPC选项设置。我需要能够将此作为cloudformation模板的一部分