我正在尝试创建一个 cloudformation 模板,该模板将包含一个带有 EIP 的 ec2 实例和一个 elasticsearch 域等。问题是我正在创建一个循环依赖关系,我无法弄清楚如何解耦。这就是它。
ec2 实例需要 elasticsearch 域的地址,因此我将其添加到 UserData 中的文件中。
elasticsearch AccessPolicies 需要 EC2 实例的公共 IP 来允许从该服务器进行访问。
就是这样。Elasticsearch 依赖于 ec2 实例的 EIP,而 ec2 实例依赖于 elasticsearch 域的地址。因此,我尝试使用 EIPAssociation 来延迟创建 EC2Instance 的需要,直到创建 ElasticSearch 域之后。但仍然没有运气。
有人能解决这个问题吗?我知道我可以有一个基于 IAM 的 AccessPolicy,但我更愿意使用 IP。
提前致谢。
以下是代码:
"MyEIP" : {
"Type" : "AWS::EC2::EIP"
},
"ElasticsearchDomain": {
"Type": "AWS::Elasticsearch::Domain",
"Properties": {
"ElasticsearchClusterConfig": {
"DedicatedMasterEnabled": "false",
"InstanceCount": "1",
"ZoneAwarenessEnabled": "false",
"InstanceType": "t2.micro.elasticsearch"
},
"EBSOptions": {
"EBSEnabled": true,
"Iops": 0,
"VolumeSize": 10,
"VolumeType": "gp2"
},
"SnapshotOptions": {
"AutomatedSnapshotStartHour": "0"
},
"AccessPolicies":{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": { "Fn::Join" : [ "", [
"arn:aws:es:us-east-1:00000000000:domain/",
{ "Ref" : "ElasticsearchDomain" },
"/*"
]]},
"Condition": {
"IpAddress": {
"aws:SourceIp": { "Ref" : "MyEIP" }
}
}
}
]
},
"AdvancedOptions": {
"rest.action.multi.allow_explicit_index": "true"
}
}
},
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "64"]},
"KeyName" : { "Ref" : "KeyName" },
"InstanceType" : { "Ref": "ServerInstanceType" },
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
"Tags": [{
"Key" : "Name",
"Value" : {
"Fn::Join" : [ "", [
{ "Ref" : "AWS::StackName" }
]]
}
}],
"UserData" : { "Fn::Base64" : { "Fn::Join" : [ "", [
"#!/bin/bash -ex\n",
"echo \"",
"STACK_NAME=", { "Ref" : "AWS::StackName"}, "\n",
"ELASTICSEARCH_CLIENT=https://", { "Fn::GetAtt": [ "ElasticsearchDomain", "DomainEndpoint" ] }, "/\n",
"\n",
"\" > /etc/uni_creds\n"
]]}}
}
},
"EIPAssociation" : {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"EIP": { "Ref" : "MyEIP" },
"InstanceId": { "Ref" : "Ec2Instance" }
}
}
答案1
我认为我已经解决了我的问题。虽然我收到一条错误消息,指出 EC2 实例、elasticsearch 域和 EIP 或 EIPAssociation 之间存在循环依赖关系,但实际错误是我在 elasticsearch 域中引用了 elasticsearch 域。
"ElasticsearchDomain": {
"Type": "AWS::Elasticsearch::Domain"
...
{ "Ref" : "ElasticsearchDomain" },
}
这显然会引起问题。错误消息让我走上了错误的道路。无论如何,这是一个愚蠢的错误。希望没有其他人遇到这种情况。