![](/img/trans.png)
[英]How to add a security group to an existing EC2 instance with CloudFormation
[英]Update existing security group when creating new ec2 CloudFormation
我有使用這樣的cfn模板創建的ec2實例:
參數:
"VPCId": {
"Type": "AWS::EC2::VPC::Id"
"Description": "The VPC Id to where this instance is being created"
}
"Subnet": {
"Description": "Subnet to put Instance",
"Type": "AWS::EC2::Subnet::Id",
},
具有以下安全組:
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enables access to instance by port 80",
"VPCId": {
"Ref": "VPCId"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": {
"Ref": "ClientCIDR"
}
}
]
},
實例資源的一部分:
"WebServer": {
"Type": "AWS::EC2::Instance",
"Properties": {
"IamInstanceProfile": "access-profile",
"SecurityGroupIds": [
{ "Fn::GetAtt": [
"InstanceSecurityGroup",
"GroupId"
]
}
],
"SubnetId": {
"Ref": "Subnet"
},
我想使用另一個模板創建一些其他實例。 該實例應該可以通過端口22訪問上述實例,並在UserData中連接到該實例。
我不確定如何組織它,我看到的一種方法是在建立到第一個實例的ssh連接之前,使用aws cli通過UserData更新安全組。 如何使用資源進行組織? 我沒有找到任何有關此的信息或示例。 請幫忙! 謝謝!
您可以修改InstanceSecurityGroup
以允許從其他實例進行訪問:
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enables access to instance by port 80",
"VPCId": {
"Ref": "VPCId"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": {
"Ref": "ClientCIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"SourceSecurityGroupId": {
"Ref": "OtherInstancesSecurityGroup"
}
}
]
},
其中OtherInstancesSecurityGroup
是新的安全組,您將分配其他實例。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.