堆栈内存溢出
  简体   繁体   English

创建新的ec2 CloudFormation时更新现有的安全组

[英]Update existing security group when creating new ec2 CloudFormation

 原文  2016-10-03 17:25:49       amazon-web-services/ amazon-ec2/ amazon-cloudformation

问题描述

I have ec2 instance which was created using such cfn template: 我有使用这样的cfn模板创建的ec2实例:

Parameters: 参数: 

"VPCId": {
    "Type":  "AWS::EC2::VPC::Id"
    "Description": "The VPC Id to where this instance is being created"
}
"Subnet": {
  "Description": "Subnet to put Instance",
  "Type": "AWS::EC2::Subnet::Id",
},

Have the following Security Group: 具有以下安全组: 

"InstanceSecurityGroup": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "Enables access to instance by port 80",
        "VPCId": {
            "Ref": "VPCId"
        },
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "FromPort": "80",
            "ToPort": "80",
            "CidrIp": {
              "Ref": "ClientCIDR"
            }
          }
        ]
      },

And part of Instance Resource: 实例资源的一部分: 

"WebServer": {
  "Type": "AWS::EC2::Instance",
  "Properties": {
    "IamInstanceProfile": "access-profile",
    "SecurityGroupIds": [
      { "Fn::GetAtt": [
          "InstanceSecurityGroup",
          "GroupId"
        ]
      }
    ],
    "SubnetId": {
      "Ref": "Subnet"
    },

I want to create a few another instances using another template. 我想使用另一个模板创建一些其他实例。 This instances should have access to the above instance by port 22 and connect to it in UserData. 该实例应该可以通过端口22访问上述实例,并在UserData中连接到该实例。

I'm not sure how it can be organized, the one way i see is update security group using aws cli through UserData before establishing ssh connection to the first instance. 我不确定如何组织它,我看到的一种方法是在建立到第一个实例的ssh连接之前,使用aws cli通过UserData更新安全组。 How it can be organized using resources? 如何使用资源进行组织? I didn't find any information or examples regarding this. 我没有找到任何有关此的信息或示例。 Please help! 请帮忙! Thanks! 谢谢!

1 个解决方案

解决方案1
 2 已采纳  2016-10-03 17:46:17

You can modify the InstanceSecurityGroup to allow access from the other instances: 您可以修改InstanceSecurityGroup以允许从其他实例进行访问: 

"InstanceSecurityGroup": {
  "Type": "AWS::EC2::SecurityGroup",
  "Properties": {
    "GroupDescription": "Enables access to instance by port 80",
    "VPCId": {
        "Ref": "VPCId"
    },
    "SecurityGroupIngress": [
      {
        "IpProtocol": "tcp",
        "FromPort": "80",
        "ToPort": "80",
        "CidrIp": {
          "Ref": "ClientCIDR"
        }
      },
      {
        "IpProtocol": "tcp",
        "FromPort": "22",
        "ToPort": "22",
        "SourceSecurityGroupId": {
          "Ref": "OtherInstancesSecurityGroup"
        }
      }
    ]
  },

where OtherInstancesSecurityGroup is a new Security Group you will assign the the other instances. 其中OtherInstancesSecurityGroup是新的安全组,您将分配其他实例。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用CloudFormation将安全组添加到现有EC2实例 - How to add a security group to an existing EC2 instance with CloudFormation 具有VPC,子网和安全组选择的EC2的CloudFormation模板(JSON) - CloudFormation Template (JSON) for EC2 with VPC, Subnet & Security Group Choices 如何在Cloudformation内部的安全组中使用EC2 IP地址 - How to use an EC2 ip address in a Security Group inside cloudformation 数据库实例和EC2安全组在不同的VPC,cloudFormation错误 - The DB instance and EC2 security group are in different VPCs, cloudFormation error 使用 CloudFormation 启动 EC2 实例的安全组问题 - Security Group Issue with launching an EC2 instance with CloudFormation Terraform 将现有安全组添加到新的 Auto Scaling ec2 组 - Terraform add existing security group to new auto scaling ec2 group 如何更改现有亚马逊 EC2 ubuntu 的安全组 - How to change security group for existing amazon EC2 ubuntu 将现有EIP与CloudFormation中的EC2实例相关联 - Associate an existing EIP to EC2 Instance in CloudFormation AWS-创建新的EC2安全组后如何接收SNS警报? - AWS - How can I receive an SNS alert when a new EC2 Security Group is created? 创建新的EC2实例时,我可以使用现有的密钥对吗? - Can I use an existing key pair when creating a new EC2 instance?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM