允許同一安全組中的每個實例在Cloud Formation JSON之間相互共享任何數據?
[英]Allow every instance in the same Security Group to share any data between each other at Cloud Formation JSON?
問題描述
我正在構建Cloud Formation JSON來定義EC2實例和安全組。
我需要創建一個安全組,該安全組允許其中的每個實例在彼此之間共享任何數據。
我的JSON是這樣的:
"InternalSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : {"Ref" : "myVPC"},
"GroupDescription" : "Allow the machines in this group to share all kinds of traffic between each other",
"SecurityGroupIngress" : [
{
"IpProtocol" : "-1",
"FromPort": "-1",
"ToPort": "-1",
"SourceSecurityGroupId" : { "Ref" : "InternalSecurityGroup" }
}
],
"SecurityGroupEgress" : [
{
"IpProtocol" : "-1",
"FromPort": "-1",
"ToPort": "-1",
"DestinationSecurityGroupId" : { "Ref" : "InternalSecurityGroup" }
}
]
}
},
但這向我顯示了以下錯誤:
調用CreateStack操作時發生客戶端錯誤(ValidationError):資源之間的循環依賴關系
為了修復它,我將代碼更改為CidrIp而不是SourceSecurityGroupId,定義了實例所在的子網。
是否可以引用相同的安全組? 什么是實現我想要的最佳(或正確)方法?
2 個解決方案
解決方案1
4 2017-01-04 03:41:46
如文檔中所述,您可以使用AWS::EC2::SecurityGroupEgress和AWS::EC2::SecurityGroupIngress資源來定義自引用安全組規則:
重要
如果要在這些安全組的入口和出口規則中交叉引用兩個安全組,請使用
AWS::EC2::SecurityGroupEgress和AWS::EC2::SecurityGroupIngress資源來定義您的規則。 不要在AWS::EC2::SecurityGroup使用嵌入的入口和出口規則。 如果這樣做,它將導致循環依賴關系,而AWS CloudFormation不允許這樣做。
結果看起來像這樣:
{
"Resources":{
"myVPC":{
"Type":"AWS::EC2::VPC",
"Properties":{
"CidrBlock":"10.0.0.0/16"
}
},
"InternalSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"VpcId":{
"Ref":"myVPC"
},
"GroupDescription":"Allow the machines in this group to share all kinds of traffic between each other"
}
},
"InternalSecurityGroupIngress":{
"Type":"AWS::EC2::SecurityGroupIngress",
"Properties":{
"IpProtocol":"-1",
"FromPort":"-1",
"ToPort":"-1",
"SourceSecurityGroupId":{
"Ref":"InternalSecurityGroup"
},
"GroupId":{
"Ref":"InternalSecurityGroup"
}
}
},
"InternalSecurityGroupEgress":{
"Type":"AWS::EC2::SecurityGroupEgress",
"Properties":{
"IpProtocol":"-1",
"FromPort":"-1",
"ToPort":"-1",
"DestinationSecurityGroupId":{
"Ref":"InternalSecurityGroup"
},
"GroupId":{
"Ref":"InternalSecurityGroup"
}
}
}
}
}
解決方案2
1 2014-11-09 21:15:33
定義兩個安全組,這應該會更好一些:
"InternalSecurityGroup1" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : {"Ref" : "myVPC"},
"GroupDescription" : "Allow the machines in this group to share all kinds of traffic between each other",
"SecurityGroupIngress" : [ {
"IpProtocol" : "-1",
"FromPort": "-1",
"ToPort": "-1",
"SourceSecurityGroupId" : { "Ref" : "InternalSecurityGroup2" }
}
]
}
}
"InternalSecurityGroup2" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : {"Ref" : "myVPC"},
"GroupDescription" : "Allow the machines in this group to share all kinds of traffic between each other",
"SecurityGroupIngress" : [ {
"IpProtocol" : "-1",
"FromPort": "-1",
"ToPort": "-1",
"SourceSecurityGroupId" : { "Ref" : "InternalSecurityGroup1" }
}
]
}
}
除了$ .each循環外,是否還有其他方法可從json數組中獲取數據
[英]is there any other method to fetch the data from json array other then $.each loop
如何使用JSON模式中的任何定義來驗證數組中的每個實例
[英]How to validate every instance in an array with any definition in JSON schema
如何僅在其他屬性不存在時允許一個屬性並允許json模式中的任何其他屬性
[英]How to allow one property only if other is not present and allow any of other propeties in json schema
是否可以使用Cloud模板從用戶獲取“ instancecount”並相應地創建ec2實例?
[英]Is it possible to get “instancecount” from user and create ec2 instance accordingly by using Cloud formation template.?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.