这让我很生气,无论我尝试什么,我在创建堆栈时总是会遇到以下错误:
*The parameter groupName cannot be used with the parameter subnet*
我有三重检查的安全组,子网在同一个VPC中。任何建议都会很棒,谢谢
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Microsoft SQL 2012 R2 Test Application Stack",
"Parameters" : {
"pInstanceName" : {
"Description" : "Instance name (up to 15 characters)",
"Type" : "String",
"MinLength" : "1",
"MaxLength" : "15",
"AllowedPattern" : "[a-zA-Z0-9]+",
"Default" : "aws2xxxxxxxxxxx"
},
"pInstanceType" : {
"Description" : "EC2 instance type",
"Type" : "String",
"AllowedValues" : [ "t1.micro", "t2.micro", "t2.small", "t2.medium", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "g2.2xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "d2.xlarge", "d2.2xlarge", "d2.4xlarge", "d2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"],
"ConstraintDescription" : "must be a valid EC2 instance type",
"Default" : "t2.small"
},
"pAmi" : {
"Description" : "AMI required to provision instance",
"Type" : "String",
"Default" : "ami-55084526"
},
"pVolumeSize" : {
"Description" : "Root volume size",
"Type" : "String",
"Default" : "60"
},
"pKeyPairName" : {
"Description" : "Name of key pair to use",
"Type" : "String",
"Default" : "win_keys"
},
"pAz" : {
"Description" : "Availability Zone of instance",
"Type" : "String",
"AllowedValues" : [
"eu-west-1b",
"eu-west-1c"
],
"Default" : "eu-west-1b"
},
"pVpcId" : {
"Description" : "VPC-ID",
"Type" : "AWS::EC2::VPC::Id",
"Default" : "vpc-7xxxx513"
},
"pVpcName" : {
"Description" : "VPC of instance",
"Type" : "String",
"MinLength" : "3",
"MaxLength" : "4",
"AllowedPattern" : "^(aws)\\d",
"Default" : "aws"
},
"pEnvironment" : {
"Description" : "Environment",
"Type" : "String",
"Default" : "preProduction",
"AllowedValues" : [
"development",
"test",
"preProduction",
"production"
],
"ConstraintDescription" : "specify environment stack"
},
"pSystem" : {
"Description" : "Application or System instance is part of",
"Type" : "String",
"Default" : "n/a"
},
"pDefaultSg" : {
"Description" : "Default VPC Security Groups",
"Type" : "List<AWS::EC2::SecurityGroup::Id>",
"Default" : "sg-24xxxx41,sg-2xxxx342,sg-235bxxxx"
},
"pServerRole" : {
"Description" : "Role of the instance",
"Type" : "String",
"Default" : "n/a"
},
"pOwnerContact" : {
"Description" : "Owner email address responsible for instance",
"Type" : "String",
"AllowedPattern" : "([a-zA-Z0-9]|-|\\.)+@([a-zA-Z0-9]|-|\\.)+",
"ConstraintDescription" : "Owner email address: email@domain.com",
"Default" : "xxxx@domain.com"
},
"pDepartment" : {
"Description" : "Department responsible for instance ",
"Type" : "String",
"Default" : "n/a"
},
"pProjectCode" : {
"Description" : "Project or Cost Centre code",
"Type" : "String",
"MinLength" : "1",
"MaxLength" : "30",
"Default" : "n/a"
},
"pVersion" : {
"Description" : "Version of resource",
"Type" : "String",
"Default" : "n/a"
},
"pCreationDate" : {
"Description" : "Creation date of instance",
"Type" : "String",
"AllowedPattern" : "^\\d{4}(-\\d{2}){2}",
"Default" : "2016-10-25"
}
},
"Resources" : {
"sgTestPre" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Security Group for Test environments",
"VpcId" : { "Ref" : "pVpcId" },
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "3389",
"ToPort" : "3389",
"CidrIp" : "192.168.0.0/16"
} ]
}
},
"ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"ImageId" : { "Ref" : "pAmi" },
"InstanceType" : { "Ref" : "pInstanceType" },
"KeyName" : { "Ref" : "pKeyPairName" },
"SecurityGroupIds" : [
{"Fn::Join":
[",",
{"Ref": "pDefaultSg"}
]
},
{ "Fn::GetAtt": ["sgTestPre", "GroupId"] }
],
"SubnetId" : "subnet-3xxxx948",
"BlockDeviceMappings" : [ {
"DeviceName" : "/dev/sda1",
"Ebs" : { "VolumeSize" : {"Ref": "pVolumeSize"} }
} ],
"Tags" : [
{
"Key" : "Name",
"Value" : { "Ref" : "pInstanceName" }
},
{
"Key" : "Environment",
"Value" : { "Ref" : "pEnvironment" }
},
{
"Key" : "System",
"Value" : { "Ref" : "pSystem" }
},
{
"Key" : "ServerRole",
"Value" : { "Ref" : "pServerRole" }
},
{
"Key" : "OwnerContact",
"Value" : { "Ref" : "pOwnerContact" }
},
{
"Key" : "Department",
"Value" : { "Ref" : "pDepartment" }
},
{
"Key" : "ProjectCode",
"Value" : { "Ref" : "pProjectCode" }
},
{
"Key" : "VpcName",
"Value" : { "Ref" : "pVpcName" }
},
{
"Key" : "Version",
"Value" : { "Ref" : "pVersion" }
},
{
"Key" : "CreationDate",
"Value" : { "Ref" : "pCreationDate" }
}
]
}
}
},
"Outputs" : {
}
}
答案 0 :(得分:2)
确保您引用的是实际的SecurityGroup ID ,而不是名称;使用内在函数 Fn:GetAtt 收集所有你的ids
{“Fn :: GetAtt”:[“MySecurityGroupResourceName”,“GroupId”]}
当您使用 Ref 时,如果使用默认的VPC而不是ID,您将获得该名称。来自文档:
“...当您将AWS :: EC2 :: SecurityGroup类型指定为Ref函数的参数时,AWS CloudFormation 将返回安全组名称或安全组ID(对于EC2-不属于默认VPC的VPC安全组)....“
答案 1 :(得分:0)
以下是使cft工作所需的修改。
在参数部分使用CommaDelimitedList,而不是使用SGs列表。
"pDefaultSg" : {
"Description" : "Default VPC Security Groups",
"Type": "CommaDelimitedList",
"Default" : "sg-xxxxx,sg-xxxxx,sg-xxxx"
},
在Ec2实例创建中,使用以下部分附加sgs。
"SecurityGroupIds" : [{ "Fn::Select" : [ "0", {"Ref" : "pDefaultSg"} ] },{ "Fn::Select" : [ "1", {"Ref" : "pDefaultSg"} ] },{ "Fn::Select" : [ "2", {"Ref" : "pDefaultSg"} ] },{ "Fn::GetAtt": ["sgTestPre", "GroupId"] }],
希望这对你有所帮助。
答案 2 :(得分:0)
尽管我有不同的原因,但给出了相同的错误。 Google将我带到这里,所以我会加一个答案,以防万一。
与您的代码段不同,我在创建EC2实例时使用的是SecurityGroups。
安全组
[EC2-Classic,默认VPC]安全组的名称。对于非默认VPC,必须使用安全组ID。
因此,请改用SecurityGroupIds。如其他解决方案所述,您可以通过以下方式获取该ID:
{“ Fn :: GetAtt”:[“ MySecurityGroupResourceName”,“ GroupId”]}
因此,我的最终创建块如下:
"MyEc2Instance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"AvailabilityZone": "us-east-1a",
"ImageId": "ami-04bf6dcdc9ab498ca",
"InstanceType": "t2.micro",
"KeyName": { "Ref": "MyKeyName" },
"SecurityGroupIds": [{ "Fn::GetAtt" : ["MySecurityGroup", "GroupId"] }],
"SourceDestCheck": false,
"SubnetId": { "Ref": "MySubnet" }
}
},