我正在尝试启动CloudFormation 模板示例如下所述开始使用 CloudFormation。
我删除了默认 VPC,添加了新 VPC(10.0.0.0/16),并在其中创建了新子网(10.0.0.0/24)。根据 AWS 文档,我无法将自己的 VPC 设置为默认 VPC,现在我的 CloudFormation 模板无法启动。
我看到这个错误:
根据https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-cloudformer-default-vpc/,我可以通过描述我的新 VPC 来解决这个问题,但我不知道为什么这是正确的。
答案1
如果您想继续使用已删除的默认 VPC,则必须联系 AWS 支持以重新创建它。您正在使用的模板中的 AWS 资源依赖于它。
否则,您必须对其进行一些自定义,以便可以将其与非默认 VPC 一起使用。建议进行以下更改:
0) 将您的 VPC ID 和子网 ID 作为 CloudFormation 参数传递:
"myVPC": {
"Description" : "Id of my VPC",
"Type" : "String",
"Default" : "vpc-XXXXXXXX"
},
"MySubnet": {
"Description" : "My subnet from my VPC",
"Type": "String",
"Default": "subnet-YYYYYYYY"
},
"RDSSubnets": {
"Description" : "RDS subnets from my VPC",
"Type": "CommaDelimitedList",
"Default": "subnet-YYYYYYY1,subnet-YYYYYY2"
},
1) 必须在由 VPC ID 标识的新 VPC 内创建安全组:
"DBSecurityGroup": {
"Type": "AWS::RDS::DBSecurityGroup",
"Properties": {
===>>> "EC2VpcId" : { "Ref" : "myVPC" }, <<<====
"DBSecurityGroupIngress": { "EC2SecurityGroupName": { "Ref": "WebServerSecurityGroup"} },
"GroupDescription" : "Frontend Access"
}
},
"WebServerSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
===>>> "VpcId" : {"Ref" : "myVPC"}, <<<====
"GroupDescription" : "Enable HTTP access via port 80 and SSH access",
"SecurityGroupIngress" : [
{"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"},
{"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHLocation"}}
]
}
}
2)更改您的 EC2 实例以使用您的 VPC 子网 1:
"WebServer": {
"Type": "AWS::EC2::Instance",
...
"Properties": {
"SubnetId": { "Ref": "MySubnet1" },
...
3) 使用专用于 RDS 的 VPC 子网创建 RDS DB 子网组(您需要在 VPC 所在区域的至少两个可用区域中创建 VPC 子网):
"MyDBSubnetGroup" : {
"Type" : "AWS::RDS::DBSubnetGroup",
"Properties" : {
"DBSubnetGroupDescription" : "Subnets available for the RDS DB Instance",
"SubnetIds" : { "Ref" : "RDSSubnets" },
}
},
4)更改您的 RDS 实例以使用您的 VPC 子网和安全组(将DBSecurityGroups参数替换为VPCSecurityGroups):
"DBInstance" : {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"DBSubnetGroupName" : { "Ref" : "MyDBSubnetGroup" },
"VPCSecurityGroups" : [ { "Ref" : "DBSecurityGroup" } ],
...
您可以在 AWS 文档中找到有关使用的参数的更多详细信息:
- http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-ec2.html
- http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-rds.html
- http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html
- http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html
- http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html
- http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbsubnet-group.html