[英]Update existing security group when creating new ec2 CloudFormation
我有使用这样的cfn模板创建的ec2实例:
参数:
"VPCId": {
"Type": "AWS::EC2::VPC::Id"
"Description": "The VPC Id to where this instance is being created"
}
"Subnet": {
"Description": "Subnet to put Instance",
"Type": "AWS::EC2::Subnet::Id",
},
具有以下安全组:
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enables access to instance by port 80",
"VPCId": {
"Ref": "VPCId"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": {
"Ref": "ClientCIDR"
}
}
]
},
实例资源的一部分:
"WebServer": {
"Type": "AWS::EC2::Instance",
"Properties": {
"IamInstanceProfile": "access-profile",
"SecurityGroupIds": [
{ "Fn::GetAtt": [
"InstanceSecurityGroup",
"GroupId"
]
}
],
"SubnetId": {
"Ref": "Subnet"
},
我想使用另一个模板创建一些其他实例。 该实例应该可以通过端口22访问上述实例,并在UserData中连接到该实例。
我不确定如何组织它,我看到的一种方法是在建立到第一个实例的ssh连接之前,使用aws cli通过UserData更新安全组。 如何使用资源进行组织? 我没有找到任何有关此的信息或示例。 请帮忙! 谢谢!
您可以修改InstanceSecurityGroup以允许从其他实例进行访问:
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enables access to instance by port 80",
"VPCId": {
"Ref": "VPCId"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": {
"Ref": "ClientCIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"SourceSecurityGroupId": {
"Ref": "OtherInstancesSecurityGroup"
}
}
]
},
其中OtherInstancesSecurityGroup是新的安全组,您将分配其他实例。
如何使用CloudFormation将安全组添加到现有EC2实例
[英]How to add a security group to an existing EC2 instance with CloudFormation
具有VPC,子网和安全组选择的EC2的CloudFormation模板(JSON)
[英]CloudFormation Template (JSON) for EC2 with VPC, Subnet & Security Group Choices
如何在Cloudformation内部的安全组中使用EC2 IP地址
[英]How to use an EC2 ip address in a Security Group inside cloudformation
数据库实例和EC2安全组在不同的VPC,cloudFormation错误
[英]The DB instance and EC2 security group are in different VPCs, cloudFormation error
使用 CloudFormation 启动 EC2 实例的安全组问题
[英]Security Group Issue with launching an EC2 instance with CloudFormation
Terraform 将现有安全组添加到新的 Auto Scaling ec2 组
[英]Terraform add existing security group to new auto scaling ec2 group
AWS-创建新的EC2安全组后如何接收SNS警报?
[英]AWS - How can I receive an SNS alert when a new EC2 Security Group is created?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.