Cloudformation + EBS。如何创建静态IP并通过它路由所有出站应用服务器流量?

时间:2018-02-16 09:09:00

标签: amazon-web-services elastic-beanstalk amazon-cloudformation elastic-ip

我有以下Cloudformation配置,它执行以下操作:

  • 创建和Elasticbeanstalk app
  • 将域名链接到其loadbalancer

我需要能够访问FTP服务器,但他们只允许列入白名单的IP地址。

我如何在配置中创建静态(弹性?)IP,通过它路由流量,并且如果我多次运行此Cloudformation,IP保持不变?

AWSTemplateFormatVersion: '2010-09-09'
Parameters:
  S3Bucket:
    Type: String
    Description: S3 Bucket containing zip file
  RolePath:
    Type: String
    Description: RolePath
  HostedZoneName:
    Type: String
    Description: HostedZoneName
  QueueNamePrefix:
    Type: String
    Description: QueueNamePrefix
  AppDebug:
    Type: String
    Description: Debug
    Default: 'false'
  AppDnsCname:
    Type: String
    Description: AppDnsCname
  Environment:
    Type: String
    Description: Environment
  AppName:
    Type: String
    Description: AppName
  AWSRegion:
    Type: String
    Description: AWSRegion
  AppHealthCheckPath:
    Type: String
    Description: Path for container health check
Description: Elastic Beanstalk application & IAM policies
Resources:
  ElasticBeanstalkProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: !Ref 'RolePath'
      Roles:
        - !Ref 'ElasticBeanstalkRole'
  ElasticBeanstalkRole:
    Type: AWS::IAM::Role
    Properties:
      Path: !Ref 'RolePath'
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier
        - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess
        - arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess
        - arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker
        - arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier
        - arn:aws:iam::aws:policy/AmazonSQSFullAccess
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - ec2.amazonaws.com
            Action:
              - sts:AssumeRole
      Policies: []
  ElasticBeanstalkApplication:
    Type: AWS::ElasticBeanstalk::Application
    Properties:
      Description: !Ref 'AppName'
  ElasticBeanstalkVersion:
    Type: AWS::ElasticBeanstalk::ApplicationVersion
    Properties:
      ApplicationName: !Ref 'ElasticBeanstalkApplication'
      Description: Source Code
      SourceBundle:
        S3Bucket: !Ref 'S3Bucket'
        S3Key: !Ref 'S3ZipKey'
  ElasticBeanstalkConfigurationTemplate:
    Type: AWS::ElasticBeanstalk::ConfigurationTemplate
    DependsOn:
      - ElasticBeanstalkProfile
    Properties:
      Description: my-app Configuration Template
      ApplicationName: !Ref 'ElasticBeanstalkApplication'
      SolutionStackName: 64bit Amazon Linux 2017.09 v2.8.4 running Multi-container Docker 17.09.1-ce (Generic)
      OptionSettings:
        - Namespace: aws:elasticbeanstalk:environment
          OptionName: EnvironmentType
          Value: LoadBalanced
        - Namespace: aws:elasticbeanstalk:application
          OptionName: Application Healthcheck URL
          Value: !Ref 'AppHealthCheckPath'
        - Namespace: aws:elasticbeanstalk:cloudwatch:logs
          OptionName: StreamLogs
          Value: true
        - Namespace: aws:elasticbeanstalk:cloudwatch:logs
          OptionName: DeleteOnTerminate
          Value: false
        - Namespace: aws:elasticbeanstalk:cloudwatch:logs
          OptionName: RetentionInDays
          Value: 180
        - Namespace: aws:autoscaling:launchconfiguration
          OptionName: IamInstanceProfile
          Value: !GetAtt 'ElasticBeanstalkProfile.Arn'
        - Namespace: aws:elasticbeanstalk:application:environment
          OptionName: DEBUG
          Value: !Ref 'AppDebug'
        - Namespace: aws:elasticbeanstalk:application:environment
          OptionName: AWS_REGION
          Value: !Ref 'AWSRegion'
        - Namespace: aws:elasticbeanstalk:application:environment
        - Namespace: aws:autoscaling:launchconfiguration
          OptionName: InstanceType
          Value: "t2.small"
        - Namespace: aws:elasticbeanstalk:healthreporting:system
          OptionName: SystemType
          Value: "enhanced"
  MyAppDNS:
    Type: AWS::Route53::RecordSetGroup
    DependsOn: ElasticBeanstalkEnvironment
    Properties:
      HostedZoneName: !Ref 'HostedZoneName'
      RecordSets:
        - Name: !Ref 'AppDnsCname'
          Type: CNAME
          TTL: '60'
          ResourceRecords:
            - !GetAtt 'ElasticBeanstalkEnvironment.EndpointURL'
  ElasticBeanstalkEnvironment:
    Type: AWS::ElasticBeanstalk::Environment
    Properties:
      Description: !Ref 'Environment'
      ApplicationName: !Ref 'ElasticBeanstalkApplication'
      TemplateName: !Ref 'ElasticBeanstalkConfigurationTemplate'
      VersionLabel: !Ref 'ElasticBeanstalkVersion'
      Tier:
        Type: Standard
        Name: WebServer

1 个答案:

答案 0 :(得分:0)

通过CloudFormation使用弹性IP资源关联。

创建弹性IP资源:

Type: "AWS::EC2::EIP"
Properties:
   InstanceId: String
   Domain: String

将弹性IP资源与您的EC2实例资源相关联:

Type: "AWS::EC2::EIPAssociation"
Properties:
  AllocationId: String
  EIP: String
  InstanceId: String
  NetworkInterfaceId: String
  PrivateIpAddress: String

请勿忘记使用!Ref加入这两项内容 最后,这是一个关于如何做到这一点的官方例子。 Assigning an Amazon EC2 Elastic IP Using AWS::EC2::EIP Snippet

相关问题
最新问题