您好我已经为Amazon cloudformation的Instance资源编写了以下模板。当我声明“AssociatePublicIpAddress”:“true”时,以下代码正常工作,但当我使用 False 声明相同的属性时,例如“AssociatePublicIpAddress”:“false”。用户数据无效。附上的是代码。对此的任何建议都会很好。
"InstanceABC": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"Comment": "Install prepration for CloudWatch Log Agent",
"AWS::CloudFormation::Init": {
"config": {
"files": {
"/var/log/abccw.conf": {
"content": {"Fn::Join": ["",[
"[general]\n",
"state_file= /var/awslogs/agent-state\n",
"[/var/log/cfcw.log]\n",
"file = /var/log/cfcw.log\n",
"log_group_name = ",{"Ref": "CloudWatchLogGroupProtectV"},"\n",
"log_stream_name = ProtectVLog\n",
"datetime_format = %d/%b/%Y:%H:%M:%S"
]]},
"mode": "000400",
"owner": "root",
"group": "root"
},
"/etc/cfn/cfn-hup.conf": {
"content": {"Fn::Join": ["",[
"[main]\n",
"stack=",{"Ref": "AWS::StackId"},"\n",
"region=",{"Ref": "AWS::Region"},"\n"
]]},
"mode": "000400",
"owner": "root",
"group": "root"
},
"/etc/cfn/hooks.d/cfn-auto-reloader.conf": {"content": {"Fn::Join": ["",[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.InstanceABC.Metadata.AWS::CloudFormation::Init\n",
"action=/opt/aws/bin/cfn-init -s ",{"Ref": "AWS::StackId"}," -r InstanceABC "," --region ",{"Ref": "AWS::Region"},"\n",
"runas=root\n"
]]}}
}}}
},
"Properties": {
"ImageId": {"Ref": "someImageID"},
"InstanceType": {"Ref": "someInstanceType"},
"KeyName": {"Ref": "someKeyPairName"},
"IamInstanceProfile": {"Ref": "IAMProfilesome"},
"DisableApiTermination": "False",
"Tags": [{"Key": "Name","Value": "ABCInstance"}],
"NetworkInterfaces": [{"AssociatePublicIpAddress": "true","DeviceIndex": "0","DeleteOnTermination": "true","SubnetId": {"Ref": "SomeSubnet"},"GroupSet": [{"Ref": "SecurityGroupSome"}]}],
"BlockDeviceMappings": [{"DeviceName": "/dev/xvda","Ebs": {"VolumeType": "gp2","DeleteOnTermination": "false","VolumeSize": "8"}}],
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/sh \n",
"# Get the latest CloudFormation package\n",
"apt-get update\n",
"apt-get -y install python-setuptools\n",
"wget -P /root https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
"mkdir -p /root/aws-cfn-bootstrap-latest\n",
"tar xvfz /root/aws-cfn-bootstrap-latest.tar.gz --strip-components=1 -C /root/aws-cfn-bootstrap-latest\n",
"easy_install /root/aws-cfn-bootstrap-latest/\n",
"# Start cfn-init\n",
"/usr/local/bin/cfn-init -s ",{"Ref": "AWS::StackId"}," -r InstanceABC "," --region ",{"Ref": "AWS::Region"}," || error_exit 'Failed to run cfn-init'\n",
"# Start up the cfn-hup daemon to listen for changes to the EC2 instance metadata\n",
"/usr/local/bin/cfn-hup || error_exit 'Failed to start cfn-hup'\n",
"# Get the CloudWatch Logs agent\n",
"wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py\n",
"# Install the CloudWatch Logs agent\n",
"python awslogs-agent-setup.py -n -r ",{"Ref": "AWS::Region"}," -c /var/log/abccw.conf || error_exit 'Failed to run CloudWatch Logs agent setup'\n",
"# All done so signal success\n",
"/usr/local/bin/cfn-signal -e $? "," --stack ",{"Ref": "AWS::StackName"}," --resource InstanceABC "," --region ",{"Ref": "AWS::Region"},"\n",
"echo \"************************************************************\" >> /var/log/cfcw.log \n",
"echo \"Instance ABC Logs: Start\" >> /var/log/cfcw.log \n",
"echo \"------------------------------------------------\" >> /var/log/cfcw.log \n",
"echo \"------------------------------------------------\" >> /var/log/cfcw.log \n",
"echo \"Instance ABC Logs: End\" >> /var/log/cfcw.log \n",
"echo \"************************************************************\" >> /var/log/cfcw.log \n",
]]}}
}
}
提前致谢
答案 0 :(得分:0)
@Robbie在评论中走在正确的轨道上。
实例无法连接到公共互联网以提取您在用户数据中引用的内容。如果您需要这个并且您希望它在私有子网中工作,您需要在您的VPC中使用NAT机器来代理来自互联网的流量。