具有嵌套资源的 Cloudformation 堆栈无法创建
[英]Cloudformation stack with nested resources fails to create
问题描述
I'm trying to define some common resources (specifically, a couple of IAM roles) that will be shared between two environments, via a nested stack.
我正在尝试通过嵌套堆栈定义将在两个环境之间共享的一些公共资源(特别是几个 IAM 角色)。 The first environment to use the nested stack's resources creates ok, but the second one fails when trying to run the nested stack.使用嵌套堆栈资源的第一个环境创建正常,但第二个环境在尝试运行嵌套堆栈时失败。 Am I not understanding something about how nested stacks work, or am I just doing something wrong?我是不了解嵌套堆栈的工作原理,还是我做错了什么?
My nested stack is defined as:我的嵌套堆栈定义为:
AWSTemplateFormatVersion: '2010-09-09'
Description: Defines common resources shared between environments.
Parameters:
ParentStage:
Type: String
Description: The Stage or environment name.
Default: ""
ParentVpcId:
Type: "AWS::EC2::VPC::Id"
Description: VpcId of your existing Virtual Private Cloud (VPC)
Default: ""
Resources:
LambdaFunctionSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Identifies Lamdba functions to VPC resources
GroupName: BBA-KTDO-SG-LambdaFunction
VpcId: !Ref ParentVpcId
RdsAccessSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allows Lambda functions access to RDS instances
GroupName: BBA-KTDO-SG-RDS
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 3306
ToPort: 3306
SourceSecurityGroupId: !Ref LambdaFunctionSG
VpcId: !Ref ParentVpcId
I've uploaded that YAML file to an S3 bucket, and I'm then trying to use it in two separate stack files (ie app_dev.yaml and app_prod.yaml ) as:我已将该 YAML 文件上传到 S3 存储桶,然后尝试在两个单独的堆栈文件中使用它(即app_dev.yaml和app_prod.yaml ):
Resources:
CommonResources:
Type: 'AWS::CloudFormation::Stack'
Properties:
TemplateURL: "https://my-buildbucket.s3-eu-west-1.amazonaws.com/common/common.yaml"
Parameters:
ParentStage: !Ref Stage
ParentVpcId: !Ref VpcId
And referring to its outputs as (eg):并将其输出称为(例如):
VpcConfig:
SecurityGroupIds:
- !GetAtt [ CommonResources, Outputs.LambdaFunctionSGId ]
The first environment creates fine, including the nested resources.第一个环境创建良好,包括嵌套资源。 When I try to run the second environment, it fails with error:当我尝试运行第二个环境时,它失败并出现错误:
Embedded stack arn:aws:cloudformation:eu-west-1:238165151424:stack/my-prod-stack-CommonResources-L94ZCIP0UD9W/f9d06dd0-994d-11eb-9802-02554f144c21 was not successfully created: The following resource(s) failed to create: [LambdaExecuteRole, LambdaFunctionSG].
Is it not possible to share a single resource definition between two separate stacks like this, or have I just missed something in the implementation?像这样在两个单独的堆栈之间共享单个资源定义是不可能的,或者我只是在实现中遗漏了一些东西?
1 个解决方案
解决方案1
0 已采纳 2021-04-11 18:21:52
As @jasonwadsworth mentioned that's correct names of the stacks are always amended with a random string at the end AWS::CloudFormation::Stack check the return values.正如@jasonwadsworth 提到的,堆栈的正确名称总是在AWS::CloudFormation::Stack末尾用随机字符串修改,检查返回值。 Use GetAtt to get the name of the stack and construct the output.使用GetAtt获取堆栈的名称并构造 output。 How do I pass values between nested stacks within the same parent stack in AWS CloudFormation? 如何在 AWS CloudFormation 的同一父堆栈内的嵌套堆栈之间传递值?
Plus use aws cloudformation package command for packaging the nested stacks, no need to manually upload them to s3 bucket.加上使用aws cloudformation package命令打包嵌套堆栈,无需手动将它们上传到 s3 存储桶。
someting like有点像
aws cloudformation package \
--template-file /path_to_template/template.json \
--s3-bucket bucket-name \
--output-template-file packaged-template.json
Take a look on the cloudformation output exports as well in case you are curious Difference between an Output & an Export如果您好奇,请查看cloudformation output 导出以及Output 和导出之间的区别
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.