Currently, our AWS infrastructure has many instances which are attached to security groups, which I created in the console.
We are re-structuring our security groups with CloudFormation, thus we can have a comment and description in each rule.
My question is:
You can't.
Amazon CloudFormation templates can create resources, and those resources can refer to other resources within the same template . For example, you could create a Security Group and an Instance, and configure the Instance to use the Security Group. When making such references within the template , resources can be referenced by name (eg SecurityGroup1
, Web Server
).
If you wish resources within a CloudFormation to be associated with resources that already exist, you will need to refer to the external resource via its unique ID .
For example, it is possible to create an Amazon EC2 instance within a CloudFormation template, and refer to an existing security group.
However, your need is the reverse! You wish to modify an existing resource to point to a new resource. For example, modify an existing Instance to point to a new Security Group. This is not possible within a CloudFormation template, because it can only create resources and configure those resources -- it cannot modify resources outside of the template.
Logically, security groups need to exist before creating an Amazon EC2 instance since the instance links to the security groups.
Exporting to JSON
If you wish to export an existing resource to a CloudFormation template (eg export current Security Group definitions), you could use:
Adding security group(s) won't recreate your instance just modifies that.
You can test it:
YourSecurityGroup: < enter code here > YourInstance: Properties: SecurityGroupIds: - !Ref YourSecurityGroup
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.