我正在尝试为我正在创建的云形成堆栈创建一个IAM角色,而且我遇到了问题。我在第14行遇到了错误的Json错误,我不知道为什么。另外,我不确定我是否理解如何以正确的方式分配IAM角色。我将角色添加到实例的实例属性中。
另外,如何为ELB启用ssl终止?
{
"Resources": {
"ElasticSearchRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": [ "ec2.amazonaws.com" ]
},
"Action": [ "sts:AssumeRole" ]
}] //this is where im getting the error
},
"Path": "/"
}
},
"RolePolicies": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "root",
"PolicyDocument": {
"Version" : "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
},
"Roles": [{
"Ref": "RootRole"
}]
}
},
"ElasticSearchELB" : {
"Type" : "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties" : {
"SecurityGroups": [
"InstanceGroup",
"ELBGroup"
],
"AvailabilityZone" : "us-east-1a",
"Instances" : [ { "Ref" : "ElasticSearchNode1" },{ "Ref" : "ElasticSearchNode2" } ],
"Listeners" : [ {
"LoadBalancerPort" : "80",
"InstancePort" : [ { "Ref" : "ElasticSearchNode1" },{ "Ref" : "ElasticSearchNode2" } ],
"Protocol" : "HTTP"
} ],
"HealthCheck" : {
"Target" : { "Fn::Join" : [ "", ["HTTP:8888/", { "Ref" : "ElasticSearchNode1" }, "/"]]},
"HealthyThreshold" : "3",
"UnhealthyThreshold" : "5",
"Interval" : "30",
"Timeout" : "5"
},
"HealthCheck" : {
"Target" : { "Fn::Join" : [ "", ["HTTP:8888/", { "Ref" : "ElasticSearchNode2" }, "/"]]},
"HealthyThreshold" : "3",
"UnhealthyThreshold" : "5",
"Interval" : "30",
"Timeout" : "5"
}
}
},
"ElasticSearchBackups" : {
"Type" : "AWS::S3::Bucket",
"Properties" : {
"AccessControl" : "PublicRead",
}
},
"ELBGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "EC2 Instance access"
}
},
"InstanceGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "EC2 Instance access"
}
},
"WebPortELB2Instance" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "ELBGroup" },
"IpProtocol" : "tcp",
"ToPort" : "80",
"FromPort" : "80",
"SourceSecurityGroupName" : { "Ref" : "InstanceGroup" }
}
},
"WebPortInstance2ELB" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "InstanceGroup" },
"IpProtocol" : "tcp",
"ToPort" : "80",
"FromPort" : "80",
"SourceSecurityGroupName" : { "Ref" : "ELBGroup" }
}
},
"WebPortInstance2ELB" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "InstanceGroup" },
"IpProtocol" : "tcp",
"ToPort" : "8888",
"FromPort" : "8888",
"SourceSecurityGroupName" : { "Ref" : "ELBGroup" }
}
},
"WebPortELB2Instance" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "ELBGroup" },
"IpProtocol" : "tcp",
"ToPort" : "8888",
"FromPort" : "8888",
"SourceSecurityGroupName" : { "Ref" : "InstanceGroup" }
}
},
"WebPortInstance2ELBSSL" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "InstanceGroup" },
"IpProtocol" : "tcp",
"ToPort" : "443",
"FromPort" : "443",
"SourceSecurityGroupName" : { "Ref" : "ELBGroup" }
}
},
"WebPortELB2InstanceSSL" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "ELBGroup" },
"IpProtocol" : "tcp",
"ToPort" : "443",
"FromPort" : "443",
"SourceSecurityGroupName" : { "Ref" : "InstanceGroup" }
}
},
"ElasticSearchPort" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "InstanceGroup" },
"IpProtocol" : "tcp",
"ToPort" : "9300",
"FromPort" : "9300",
"SourceSecurityGroupName" : { "Ref" : "InstanceGroup" }
}
},
"SSHPort" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "InstanceGroup" },
"IpProtocol" : "tcp",
"ToPort" : "22",
"FromPort" : "22",
"CidrIp" : "0.0.0.0/0",
"SourceSecurityGroupName" : { "Ref" : "InstanceGroup" }
}
},
"ElasticSearchNode1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "m3.medium",
"InstanceType": "m3.medium",
"IamInstanceProfile": "base-bootstrap",
"SecurityGroups": [
"Instance-Group"
],
"Roles": [ {
"Ref": "ElasticSearchRole"
} ],
"AvailabilityZone": "us-east-1e",
"KeyName": "bazu2-keypair",
"UserData": {
"Fn::Base64": "fqdn:elasticsearchnode1.n.chronotrack.com\nhostname:ElasticSearchNode1\nnode_name:ElasticSearchNode1\nenvironment:dev\nrun_list:recipe[ct-server-base::default]"
},
"Tags": [
{
"Key": "Name",
"Value": "ElasticSearchNode1"
}
]
}
},
"vol1": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": {
"Fn::GetAtt": [
"ElasticSearchNode1",
"AvailabilityZone"
]
},
"Size": "1024",
"VolumeType": "gp2",
"Tags": [
{
"Key": "Name",
"Value": "Storage"
}
]
}
},
"vol1attach": {
"Type": "AWS::EC2::VolumeAttachment",
"Properties": {
"Device": "/dev/sdc1",
"InstanceId": {
"Ref": "ElasticSearchNode1"
},
"VolumeId": {
"Ref": "vol1"
}
}
},
"vol2": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": {
"Fn::GetAtt": [
"ElasticSearchNode1",
"AvailabilityZone"
]
},
"Size": "1024",
"VolumeType": "gp2",
"Tags": [
{
"Key": "Name",
"Value": "Storage"
}
]
}
},
"vol2attach": {
"Type": "AWS::EC2::VolumeAttachment",
"Properties": {
"Device": "/dev/sdc2",
"InstanceId": {
"Ref": "ElasticSearchNode1"
},
"VolumeId": {
"Ref": "vol2"
}
}
},
"vol3": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": {
"Fn::GetAtt": [
"ElasticSearchNode1",
"AvailabilityZone"
]
},
"Size": "1024",
"VolumeType": "gp2",
"Tags": [
{
"Key": "Name",
"Value": "Storage"
}
]
}
},
"vol3attach": {
"Type": "AWS::EC2::VolumeAttachment",
"Properties": {
"Device": "/dev/sdc3",
"InstanceId": {
"Ref": "ElasticSearchNode1"
},
"VolumeId": {
"Ref": "vol3"
}
}
},
"ElasticSearchNode2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "m3.medium",
"InstanceType": "m3.medium",
"IamInstanceProfile": "base-bootstrap",
"SecurityGroups": [
"Instance-Group"
],
"Roles": [ {
"Ref": "ElasticSearchRole"
} ],
"AvailabilityZone": "us-east-1e",
"KeyName": "bazu2-keypair",
"UserData": {
"Fn::Base64": "fqdn:elasticsearchnode2.n.chronotrack.com\nhostname:ElasticSearchNode2\nnode_name:ElasticSearchNode2\nenvironment:dev\nrun_list:recipe[ct-server-base::default]"
},
"Tags": [
{
"Key": "Name",
"Value": "ElasticSearchNode2"
}
]
}
},
"vol1": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": {
"Fn::GetAtt": [
"ElasticSearchNode2",
"AvailabilityZone"
]
},
"Size": "1024",
"VolumeType": "gp2",
"Tags": [
{
"Key": "Name",
"Value": "Storage"
}
]
}
},
"vol1attach": {
"Type": "AWS::EC2::VolumeAttachment",
"Properties": {
"Device": "/dev/sdc1",
"InstanceId": {
"Ref": "ElasticSearchNode2"
},
"VolumeId": {
"Ref": "vol1"
}
}
},
"vol2": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": {
"Fn::GetAtt": [
"ElasticSearchNode2",
"AvailabilityZone"
]
},
"Size": "1024",
"VolumeType": "gp2",
"Tags": [
{
"Key": "Name",
"Value": "Storage"
}
]
}
},
"vol2attach": {
"Type": "AWS::EC2::VolumeAttachment",
"Properties": {
"Device": "/dev/sdc2",
"InstanceId": {
"Ref": "ElasticSearchNode2"
},
"VolumeId": {
"Ref": "vol2"
}
}
},
"vol3": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": {
"Fn::GetAtt": [
"ElasticSearchNode2",
"AvailabilityZone"
]
},
"Size": "1024",
"VolumeType": "gp2",
"Tags": [
{
"Key": "Name",
"Value": "Storage"
}
]
}
},
"vol3attach": {
"Type": "AWS::EC2::VolumeAttachment",
"Properties": {
"Device": "/dev/sdc3",
"InstanceId": {
"Ref": "ElasticSearchNode2"
},
"VolumeId": {
"Ref": "vol3"
}
}
}
}
}