添加现有安全组 CloudFormation EC2 模板

添加现有安全组 CloudFormation EC2 模板

无需设置入口和出口规则,如何在 CloudFormation 模板中引用现有的 EC2 安全组?

   Resources:
      EC2Instance:
        Type: AWS::EC2::Instance
        Properties:
          InstanceType:
            Ref: InstanceType
          SecurityGroups:
          - Ref: InstanceSecurityGroup
          KeyName:
            Ref: KeyName
          ImageId:
            Fn::FindInMap:
            - AWSRegionArch2AMI
            - Ref: AWS::Region
            - Fn::FindInMap:
              - AWSInstanceType2Arch
              - Ref: InstanceType
              - Arch
      InstanceSecurityGroup:
        Type: AWS::EC2::SecurityGroup
        Properties:
          GroupDescription: Existing Groups
          SecurityGroupIds:
          - Ref: sg-12345
          - Ref: sg-12312

  SecurityGroupIngress:
  - IpProtocol: tcp
    FromPort: 80
    ToPort: 80
    CidrIp: 0.0.0.0/0
  SecurityGroupEgress:
  - IpProtocol: tcp
    FromPort: 80
    ToPort: 80
    CidrIp: 0.0.0.0/0

答案1

为此,您只需将它们直接添加到 SecurityGroupIds 下的 EC2 资源属性中:

Resources:
    EC2Instance:
        Type: AWS::EC2::Instance
        Properties:
            InstanceType:
                Ref: InstanceType
            SecurityGroupIds:
              - sg-12345
              - sg-12312
            KeyName: 
                Ref: KeyName
            ImageId: 
                Fn::FindInMap:
                - AWSRegionArch2AMI
                - Ref: AWS::Region
                - Fn::FindInMap:
                  - AWSInstanceType2Arch
                  - Ref: InstanceType
                  - Arch

相关内容