我编写了一个 CloudFormation 模板,它创建了一个 AutoScaling 组,该组依次启动每个环境的服务器。
到目前为止,该公司一直在 us-west-2 地区工作,其安全组映射如下:
"SecurityGroupMap" : {
"DEV" : { "sg" : "sg-d111acbe" },
"Load" : { "sg" : "sg-d111acbe" },
"Staging" : { "sg" : "sg-d123acbe" },
"Prod-US" : { "sg" : "sg-d145acbe" }
},
现在有了新的动机,我的老板希望我们能够在另一个地区开始构建该 CloudFormation 模板。
由于它是另一个区域,我需要提前手动创建所需的安全组并在模板中更新它们的 ID。
我想知道,这样的写作方法是否可行:
"SecurityGroupMap" : {
"RegionMap": {
"us-east-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
"us-east-2" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
"us-west-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
"us-west-2" : { "DEV" : "sg-d143acbe", "Load" : "sg-d143acbe", "Staging" : "sg-d143acbe", "Prod-US" : "sg-d143acbe" },
"eu-west-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
"eu-central-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
"eu-west-2" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" }
},
如果是的话,遗嘱会是什么样[ { "Fn::FindInMap" : } ]的?
答案1
在第二个示例中,您嵌套了太多映射。我建议您删除RegionMap并将区域直接置于其下SecurityGroupMap。之后,您可以使用以下命令引用一个安全组:
{ "Fn::FindInMap" : [ "SecurityGroupMap", { "Ref" : "AWS::Region" }, "DEV"] }