AWS CloudFormation:新创建的 EC2 密钥对的“密钥对 ___ 不存在”错误
[英]AWS CloudFormation: “The key pair ___ does not exist” error for newly-created EC2 key pair
问题描述
I'm using a custom CloudFormation resource to generate an EC2 keypair for an automated install.
我正在使用自定义 CloudFormation 资源为自动安装生成 EC2 密钥对。 I'm trying to remove as many manual steps as possible for a highly-automated server setup.我正在尝试为高度自动化的服务器设置删除尽可能多的手动步骤。 Here is the portion of the CloudFormation template with the relevant code:这是带有相关代码的 CloudFormation 模板部分:
LambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
LambdaPolicy:
Type: AWS::IAM::Policy
DependsOn:
- LambdaRole
Properties:
PolicyName: CFNCustomSecretProviderPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- iam:CreateAccessKey
- iam:DeleteAccessKey
- iam:UpdateAccessKey
- ssm:PutParameter
- ssm:GetParameter
- ssm:DeleteParameter
- ec2:ImportKeyPair
- ec2:DeleteKeyPair
Resource:
- '*'
- Effect: Allow
Action:
- kms:Encrypt
Resource:
- '*'
- Action:
- logs:*
Resource: arn:aws:logs:*:*:*
Effect: Allow
Roles:
- !Ref 'LambdaRole'
CFNSecretProvider:
Type: AWS::Lambda::Function
DependsOn:
- LambdaPolicy
Properties:
Description: CloudFormation Custom:Secret implementation
Code:
S3Bucket: !Sub 'binxio-public-${AWS::Region}'
S3Key: lambdas/cfn-secret-provider-0.11.0.zip
Handler: secrets.handler
MemorySize: 128
Timeout: 30
Role: !GetAtt 'LambdaRole.Arn'
Runtime: python2.7
PrivateKey:
Type: Custom::RSAKey
DependsOn: CFNSecretProvider
Properties:
Name: /mainframe/onyx-private-key
KeyAlias: alias/aws/ssm
ServiceToken: !Join
- ":"
- - arn:aws:lambda
- !Ref "AWS::Region"
- !Ref "AWS::AccountId"
- !Ref CFNSecretProvider
CustomKeyPair:
Type: Custom::KeyPair
DependsOn:
- CFNSecretProvider
- PrivateKey
Properties:
Name: CustomKeyPair
PublicKeyMaterial: !GetAtt
- PrivateKey
- PublicKey
ServiceToken: !Join
- ":"
- - arn:aws:lambda
- !Ref "AWS::Region"
- !Ref "AWS::AccountId"
- !Ref CFNSecretProvider
EC2Instance:
Type: AWS::EC2::Instance
DependsOn:
- CustomKeyPair
- InstanceProfile
Properties:
IamInstanceProfile: !Ref InstanceProfile
InstanceType: !Ref InstanceType
ImageId: !FindInMap [AWSRegionToAMI, !Ref "AWS::Region", AMI]
KeyName: !Ref CustomKeyPair
...
Everything in this seems to work great up until the instance is created.在创建实例之前,这一切似乎都很好。 It fails claiming the keypair doesn't exist, even though the keypair is there after it runs, and I can query it:它无法声称密钥对不存在,即使密钥对在运行后存在,我可以查询它:
∴ aws ec2 describe-key-pairs --region=us-east-2 --profile=mainframe-
personal
{
"KeyPairs": [
{
"KeyFingerprint": "90:42:11:40:a5:9b:66:af:78:ce:b4:d1:54:07:95:27",
"KeyName": "CustomKeyPair"
},
{
"KeyFingerprint": "27:5c:bf:4a:b2:f6:75:3b:8c:c3:1b:57:0d:7e:28:de:8e:cd:90:69",
"KeyName": "default"
}
]
}
The error I'm getting in the CloudFormation event log is The key pair 'arn:aws:ec2:us-east-2:685716241758:keypair/CustomKeyPair' does not exist .我在 CloudFormation 事件日志中得到的错误是The key pair 'arn:aws:ec2:us-east-2:685716241758:keypair/CustomKeyPair' does not exist 。 That ARN is exactly what is shown in the resource list.该 ARN 正是资源列表中显示的内容。 Is there some reason that CloudFormation can't find this keypair? CloudFormation 是否有某种原因找不到此密钥对?
1 个解决方案
解决方案1
3 已采纳 2018-05-02 06:42:59
The AWS::EC2::Instance - AWS CloudFormation documentation says: AWS::EC2::Instance - AWS CloudFormation文档说:
KeyName: Provides the name of the Amazon EC2 key pair.
The error message is suggesting that an ARN was passed.错误消息表明ARN已通过。 Instead, try just passing the name (the last part of the ARN).相反,尝试只传递名称(ARN 的最后一部分)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.