![](/img/trans.png)
[英]Cloudformation “AWS::EC2::SecurityGroup” object with the Reason “No default VPC for this user”
[英]How to use existing VPC in AWS CloudFormation template for new SecurityGroup
我正在嘗試 EC2 實例(新)、安全組(新)和 VPC(現有)。 這是我的 cloudformation 模板。
當我在 Stack 中運行模板時,出現錯誤,因為*"Value () for parameter groupId is invalid. The value cannot be empty"*
。 如何解決這個問題?
模板:
Parameters:
VPCID:
Description: Name of an existing VPC
Type: AWS::EC2::VPC::Id
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
InstanceType:
Description: EC2 instance type
Type: String
Default: t2.medium
AllowedValues:
- t2.medium
- t2.large
AccessLocation:
Description: The IP address range that can be used to access to the EC2 instances
Type: String
Resources:
EC2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref 'InstanceType'
SecurityGroups:
- !Ref 'InstanceSecurityGroup'
KeyName: !Ref 'KeyName'
ImageId: !Ref 'ImageId'
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPCID
GroupDescription: Enable SSH
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: !Ref 'AccessLocation'
SecurityGroups只能用於默認 VPC 。 由於您將VPCID
顯式分配給InstanceSecurityGroup
,因此這將被視為非默認值,從而導致部署失敗。
您必須在您的情況下使用SecurityGroupIds (不是SecurityGroups
),因為您的 VPC 使用將被視為非默認:
SecurityGroupIds:
- !GetAtt 'InstanceSecurityGroup.GroupId'
SecurityGroups
屬性中的EC2Instance
資源中的錯誤。 SecurityGroups
需要一個GroupId
數組,但是當您使用!Ref InstanceSecurityGroup
這將返回ResourceId
。 因此,您需要使用GetAtt
來獲取GroupId
。
Parameters:
VPCID:
Description: Name of an existing VPC
Type: AWS::EC2::VPC::Id
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
InstanceType:
Description: EC2 instance type
Type: String
Default: t2.medium
AllowedValues:
- t2.medium
- t2.large
AccessLocation:
Description: The IP address range that can be used to access to the EC2 instances
Type: String
Resources:
EC2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref 'InstanceType'
SecurityGroups:
- !GetAtt InstanceSecurityGroup.GroupId
KeyName: !Ref 'KeyName'
ImageId: !Ref 'ImageId'
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPCID
GroupDescription: Enable SSH
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: !Ref 'AccessLocation'
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.