Cloudformation AWS:在安全组之间进行选择
Cloudformation AWS: choose between Security Groups
我正在设计一个cloudformation模板,但我需要在几个安全组之间进行选择
我已经定义了一个参数和两个条件来启用一个或另一个具有相同名称的策略(以保持依赖关系)
但是模板不适用于这两个选项,
当参数具有 True 选项时,堆栈工作,并且值为 False 时显示以下错误:
Template format error: Unresolved resource dependencies [mySecurityGroup] in the Resources block of the template
这是模板的片段:
Parameters:
KeyName:
Description: EC2 KeyPair
Type: 'AWS::EC2::KeyPair::KeyName'
Reception:
Description: Enable reception
Default: False
Type: String
AllowedValues:
- True
- False
Conditions:
Enable:
!Equals [True, !Ref Reception]
Disable:
!Equals [False, !Ref Reception]
Resources:
myVPC:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
InstanceTenancy: default
Tags:
- Key: Name
Value: myVPC
mySubNet:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref myVPC
CidrBlock: 10.0.0.0/24
Tags:
- Key: Name
Value: mySubNet
mySecurityGroup:
Condition: Disable
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref myVPC
GroupDescription: Security Group for EC2
SecurityGroupIngress:
- IpProtocol: udp
FromPort: 4114
ToPort: 4114
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: mySecurityGroup
mySecurityGroup:
Condition: Enable
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref myVPC
GroupDescription: Security Group for EC2
SecurityGroupIngress:
- IpProtocol: udp
FromPort: 5683
ToPort: 5683
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: mySecurityGroup
myEC2:
Type: 'AWS::EC2::Instance'
Properties:
KeyName: !Ref KeyName
ImageId: ami-028188d9b49b32a80
InstanceType: t2.nano
NetworkInterfaces:
- SubnetId: !Ref mySubNet
AssociatePublicIpAddress: 'true'
DeviceIndex: 0
GroupSet:
- !Ref mySecurityGroup
Tags:
- Key: Name
Value: myEC2
我不确定哪个是正确的方法
见鬼,我不能发表评论,因为我的 Rep 是 48,而不是 50。:(
无论如何,我对你的问题没有真正的答案,但我希望我这里的内容能帮助你。
- 在您的参数部分,您有以下内容:
Conditions:
Enable:
!Equals [True, !Ref Reception]
Disable:
!Equals [False, !Ref Reception]
1a。这是行不通的。你只需要一个条件语句:
Conditions: # Checks to see if Conditional Values are True
ReceptionYes: !Equals [ !Ref Reception, True]
- 这是它变粘的地方。
您需要在资源中添加条件行,例如(我被卡住的地方,就是将此行放在下面的位置):
!If [ReceptionYes, !Ref mySecurityGroup2, !Ref mySecurityGroup1]
第一个 !Ref 如果为真,否则使用第二个 !Ref
现在,在理论中,你应该能够做到以下几点:
mySecurityGroup1:
Condition: Disable
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref myVPC
GroupDescription: Security Group for EC2
SecurityGroupIngress:
- IpProtocol: udp
FromPort: 4114
ToPort: 4114
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: mySecurityGroup
mySecurityGroup2:
Condition: Enable
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref myVPC
GroupDescription: Security Group for EC2
SecurityGroupIngress:
- IpProtocol: udp
FromPort: 5683
ToPort: 5683
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: mySecurityGroup
好吧,如果这不起作用,我希望它能让您更接近答案。 :D
我正在设计一个cloudformation模板,但我需要在几个安全组之间进行选择
我已经定义了一个参数和两个条件来启用一个或另一个具有相同名称的策略(以保持依赖关系)
但是模板不适用于这两个选项,
当参数具有 True 选项时,堆栈工作,并且值为 False 时显示以下错误:
Template format error: Unresolved resource dependencies [mySecurityGroup] in the Resources block of the template
这是模板的片段:
Parameters:
KeyName:
Description: EC2 KeyPair
Type: 'AWS::EC2::KeyPair::KeyName'
Reception:
Description: Enable reception
Default: False
Type: String
AllowedValues:
- True
- False
Conditions:
Enable:
!Equals [True, !Ref Reception]
Disable:
!Equals [False, !Ref Reception]
Resources:
myVPC:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
InstanceTenancy: default
Tags:
- Key: Name
Value: myVPC
mySubNet:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref myVPC
CidrBlock: 10.0.0.0/24
Tags:
- Key: Name
Value: mySubNet
mySecurityGroup:
Condition: Disable
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref myVPC
GroupDescription: Security Group for EC2
SecurityGroupIngress:
- IpProtocol: udp
FromPort: 4114
ToPort: 4114
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: mySecurityGroup
mySecurityGroup:
Condition: Enable
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref myVPC
GroupDescription: Security Group for EC2
SecurityGroupIngress:
- IpProtocol: udp
FromPort: 5683
ToPort: 5683
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: mySecurityGroup
myEC2:
Type: 'AWS::EC2::Instance'
Properties:
KeyName: !Ref KeyName
ImageId: ami-028188d9b49b32a80
InstanceType: t2.nano
NetworkInterfaces:
- SubnetId: !Ref mySubNet
AssociatePublicIpAddress: 'true'
DeviceIndex: 0
GroupSet:
- !Ref mySecurityGroup
Tags:
- Key: Name
Value: myEC2
我不确定哪个是正确的方法
见鬼,我不能发表评论,因为我的 Rep 是 48,而不是 50。:(
无论如何,我对你的问题没有真正的答案,但我希望我这里的内容能帮助你。
- 在您的参数部分,您有以下内容:
Conditions:
Enable:
!Equals [True, !Ref Reception]
Disable:
!Equals [False, !Ref Reception]
1a。这是行不通的。你只需要一个条件语句:
Conditions: # Checks to see if Conditional Values are True
ReceptionYes: !Equals [ !Ref Reception, True]
- 这是它变粘的地方。
您需要在资源中添加条件行,例如(我被卡住的地方,就是将此行放在下面的位置):
!If [ReceptionYes, !Ref mySecurityGroup2, !Ref mySecurityGroup1]
第一个 !Ref 如果为真,否则使用第二个 !Ref
现在,在理论中,你应该能够做到以下几点:
mySecurityGroup1:
Condition: Disable
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref myVPC
GroupDescription: Security Group for EC2
SecurityGroupIngress:
- IpProtocol: udp
FromPort: 4114
ToPort: 4114
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: mySecurityGroup
mySecurityGroup2:
Condition: Enable
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref myVPC
GroupDescription: Security Group for EC2
SecurityGroupIngress:
- IpProtocol: udp
FromPort: 5683
ToPort: 5683
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: mySecurityGroup
好吧,如果这不起作用,我希望它能让您更接近答案。 :D