stackoom
  简体   繁体   中英

How to add a security group to an existing EC2 instance with CloudFormation

 原文  2017-05-25 07:04:42       amazon-web-services/ amazon-cloudformation/ aws-security-group

Question

Currently, our AWS infrastructure has many instances which are attached to security groups, which I created in the console.

We are re-structuring our security groups with CloudFormation, thus we can have a comment and description in each rule.

My question is:

  • When I create a new Security Group with CloudFormation, how can I add it to an existing EC2 instance, without removing the instance
  • I saw some stack templates in AWS, but they only have a template to create a new Instance with a security group, so I have no idea how to create a stack for only security groups. And if I update the stack, does it apply to all instance immediately?
  • How can I export current security groups to JSON, so I don't have to re-create all the security groups in CloudFormation?

2 answers

solution1
 5  2017-05-25 07:32:45

You can't.

Amazon CloudFormation templates can create resources, and those resources can refer to other resources within the same template . For example, you could create a Security Group and an Instance, and configure the Instance to use the Security Group. When making such references within the template , resources can be referenced by name (eg SecurityGroup1 , Web Server ).

If you wish resources within a CloudFormation to be associated with resources that already exist, you will need to refer to the external resource via its unique ID .

For example, it is possible to create an Amazon EC2 instance within a CloudFormation template, and refer to an existing security group.

However, your need is the reverse! You wish to modify an existing resource to point to a new resource. For example, modify an existing Instance to point to a new Security Group. This is not possible within a CloudFormation template, because it can only create resources and configure those resources -- it cannot modify resources outside of the template.

Logically, security groups need to exist before creating an Amazon EC2 instance since the instance links to the security groups.

Exporting to JSON

If you wish to export an existing resource to a CloudFormation template (eg export current Security Group definitions), you could use:

solution2
 -2  2017-11-06 03:19:11

Adding security group(s) won't recreate your instance just modifies that.

You can test it:

  • add a security group, execute the changeset
  • add that security group to your instance (in same template) and make a changeset again 
 YourSecurityGroup: < enter code here > YourInstance: Properties: SecurityGroupIds: - !Ref YourSecurityGroup

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Update existing security group when creating new ec2 CloudFormation The DB instance and EC2 security group are in different VPCs, cloudFormation error Security Group Issue with launching an EC2 instance with CloudFormation How to automatically add an autoscaled EC2 instance to a Security Group? Boto3 How to add a security group to an ec2 instance How to use an EC2 ip address in a Security Group inside cloudformation Associate an existing EIP to EC2 Instance in CloudFormation How to add the ip of an instance in a vpc to the security group of rds ec2 classic instance with aws cli Boto3 add security group to EC2 instance Error when trying to add a Security group to an EC2 Instance
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM