[英]Update existing security group when creating new ec2 CloudFormation
我有使用這樣的cfn模板創建的ec2實例:
參數:
"VPCId": {
"Type": "AWS::EC2::VPC::Id"
"Description": "The VPC Id to where this instance is being created"
}
"Subnet": {
"Description": "Subnet to put Instance",
"Type": "AWS::EC2::Subnet::Id",
},
具有以下安全組:
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enables access to instance by port 80",
"VPCId": {
"Ref": "VPCId"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": {
"Ref": "ClientCIDR"
}
}
]
},
實例資源的一部分:
"WebServer": {
"Type": "AWS::EC2::Instance",
"Properties": {
"IamInstanceProfile": "access-profile",
"SecurityGroupIds": [
{ "Fn::GetAtt": [
"InstanceSecurityGroup",
"GroupId"
]
}
],
"SubnetId": {
"Ref": "Subnet"
},
我想使用另一個模板創建一些其他實例。 該實例應該可以通過端口22訪問上述實例,並在UserData中連接到該實例。
我不確定如何組織它,我看到的一種方法是在建立到第一個實例的ssh連接之前,使用aws cli通過UserData更新安全組。 如何使用資源進行組織? 我沒有找到任何有關此的信息或示例。 請幫忙! 謝謝!
您可以修改InstanceSecurityGroup以允許從其他實例進行訪問:
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enables access to instance by port 80",
"VPCId": {
"Ref": "VPCId"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": {
"Ref": "ClientCIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"SourceSecurityGroupId": {
"Ref": "OtherInstancesSecurityGroup"
}
}
]
},
其中OtherInstancesSecurityGroup是新的安全組,您將分配其他實例。
如何使用CloudFormation將安全組添加到現有EC2實例
[英]How to add a security group to an existing EC2 instance with CloudFormation
具有VPC,子網和安全組選擇的EC2的CloudFormation模板(JSON)
[英]CloudFormation Template (JSON) for EC2 with VPC, Subnet & Security Group Choices
如何在Cloudformation內部的安全組中使用EC2 IP地址
[英]How to use an EC2 ip address in a Security Group inside cloudformation
數據庫實例和EC2安全組在不同的VPC,cloudFormation錯誤
[英]The DB instance and EC2 security group are in different VPCs, cloudFormation error
使用 CloudFormation 啟動 EC2 實例的安全組問題
[英]Security Group Issue with launching an EC2 instance with CloudFormation
Terraform 將現有安全組添加到新的 Auto Scaling ec2 組
[英]Terraform add existing security group to new auto scaling ec2 group
AWS-創建新的EC2安全組后如何接收SNS警報?
[英]AWS - How can I receive an SNS alert when a new EC2 Security Group is created?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.