有没有办法在自动扩展组+启动配置中将IPv6地址自动分配给EC2实例?
VPC和子网都是为IPv6设置的。手动创建的实例是可以的。 我也可以手动分配它们,但我似乎无法在CloudFormation中找到一种方法。
答案 0 :(得分:1)
目前的状态是CloudFormation对IPv6的支持是可行的。不好玩或完整,但你可以用它构建一个堆栈 - 我必须使用2个自定义资源:
这是我的设置:
forall (E : Element) (W : Wrapper E), some_proposition E WVPCipv6:
Type: "AWS::EC2::VPCCidrBlock"
Properties:
VpcId: !Ref VPC
AmazonProvidedIpv6CidrBlock: true
VPCipv6Prefix:
Type: Custom::Variable
Properties:
ServiceToken: !GetAtt [ IdentityFunc, Arn ]
Value: !Select [ 0, !Split [ "00::/", !Select [ 0, !GetAtt VPC.Ipv6CidrBlocks ] ] ]
是一个"身份功能"在Lambda中实现"自定义变量",as described in this answer。与这个链接的答案不同,我直接在同一个堆栈中实现该功能,因此更容易维护。 See here for the gist
IdentityFunc RouteInternet6:
Type: "AWS::EC2::Route"
Properties:
RouteTableId: !Ref RouteTableMain
DestinationIpv6CidrBlock: "::/0"
GatewayId: !Ref IGWPublicNet
DependsOn:
- IGWNetAttachment
是对堆栈中定义的IGWNetAttachment的引用。如果您不等待,可能无法正确设置路线
AWS::EC2::VPCGatewayAttachment关于被注释掉的SubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !Select [ 0, !GetAZs { Ref: "AWS::Region" } ]
CidrBlock: 172.20.0.0/24
MapPublicIpOnLaunch: true
# The following does not work if MapPublicIpOnLaunch because of EC2 bug
## AssignIpv6AddressOnCreation: true
Ipv6CidrBlock: !Sub "${VPCipv6Prefix.Value}00::/64"
VpcId:
Ref: VPC
- 这通常是你想要做的,但显然,EC2 API中的一个错误阻止了它的运行 - 没有CloudFormation的错误。这在this AWS forums thread中有记录,以及我接下来将要介绍的解决方案。
AssignIpv6AddressOnCreation问题:这是lambda设置:
AssignIpv6AddressOnCreation这就是你如何使用它:
IPv6WorkaroundRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
Policies:
- PolicyName: !Sub "ipv6-fix-logs-${AWS::StackName}"
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
- PolicyName: !Sub "ipv6-fix-modify-${AWS::StackName}"
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ec2:ModifySubnetAttribute
Resource: "*"
IPv6WorkaroundLambda:
Type: AWS::Lambda::Function
Properties:
Handler: "index.lambda_handler"
Code: #import cfnresponse below required to send respose back to CFN
ZipFile:
Fn::Sub: |
import cfnresponse
import boto3
def lambda_handler(event, context):
if event['RequestType'] is 'Delete':
cfnresponse.send(event, context, cfnresponse.SUCCESS)
return
responseValue = event['ResourceProperties']['SubnetId']
ec2 = boto3.client('ec2', region_name='${AWS::Region}')
ec2.modify_subnet_attribute(AssignIpv6AddressOnCreation={
'Value': True
},
SubnetId=responseValue)
responseData = {}
responseData['SubnetId'] = responseValue
cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, "CustomResourcePhysicalID")
Runtime: python2.7
Role: !GetAtt IPv6WorkaroundRole.Arn
Timeout: 30
此调用与autoscaling组竞争以完成设置,但它不太可能丢失 - 我运行了几十次,并且在第一个实例启动之前正确设置字段从未出现过问题。
答案 1 :(得分:0)
我遇到了一个非常类似的问题,并与AWS Support就此进行了聊天。目前的状态是CloudFormation中的IPv6支持非常有限。
我们最终为许多特定于IPv6的事情创建了自定义资源。我们有一个自定义资源:
自定义资源只是执行“原始”API调用的Lambda函数,以及授予Lambda足够权限来执行该API调用的IAM角色。