CloudFormation：简单的例子

Question

我想在ELB（Elastic Load Balancer）后面构建EC2。

这样做的yaml / json代码是什么？

Answer 1

看起来您正在使用CloudFormation模板设计器。使用设计器时，它会为您生成CloudFormation模板。您可以通过选择屏幕左下方的“模板”选项卡来查看此信息。您还可以选择JSON或YAML。

Answer 2

如果您正在使用Cloud Formation设计器在json / yaml中查找示例模板，则可以使用this sample templates provided by AWS.

以下是简单1 EC2 / 1 ELB堆栈的示例CF模板

AWSTemplateFormatVersion: '2010-09-09'
Description: '1 EC2 Instance and 1 ELB'
Parameters:
  AppServer:
    Description: Hostname of Server
    Type: String
    Default: ec2instance01
    MinLength: '1'
    MaxLength: '16'
    AllowedPattern: '[0-9a-zA-Z-]*'
    ConstraintDescription: 'Must contain valid DNS characters, AD length limit.'
  AMI:
    Description: AMI to deploy AWSLinux Instances
    Type: String
    Default: ami-xxxxxxxx
  InstanceType:
    Description: Application EC2 instance type
    Type: String
    Default: t2.micro
    AllowedValues:
      - t2.micro
      - t2.2xlarge
      - m4.2xlarge
    ConstraintDescription: Must be a valid EC2 instance type.
  VPCID:
    Description: Name of the VPC
    Type: 'AWS::EC2::VPC::Id'
    Default: vpc-xxxxxxxx
    ConstraintDescription: Must be a valid VPC.
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
    Type: 'AWS::EC2::KeyPair::KeyName'
    Default: XXXX-key
    MinLength: '1'
    MaxLength: '255'
    AllowedPattern: '[\x20-\x7E]*'
    ConstraintDescription: Must contain only ASCII characters.
  SubnetIdPrivateEastC:
    Description: Private subnet for confidential apps in us-east-1c
    Type: 'AWS::EC2::Subnet::Id'
    Default: subnet-xxxxxxxx
    MinLength: '1'
    MaxLength: '255'
    ConstraintDescription: Must be a valid Private Subnet.
  SubnetIdPrivateEastD:
    Description: Private subnet for confidential apps in us-east-1d
    Type: 'AWS::EC2::Subnet::Id'
    Default: subnet-xxxxxxxx
    MinLength: '1'
    MaxLength: '255'
    ConstraintDescription: Must be a valid Private Subnet.
  InstanceProfile:
    Description: Instance Profile Name
    Type: String
    Default: xxxx-role
    MinLength: '0'
    MaxLength: '255'
    AllowedPattern: '[\x20-\x7E]*'
    ConstraintDescription: Must contain a vailed instance profile name
  RootVolumeSize:
    Description: Size (GB) of root EBS volume for application instance
    Type: Number
    Default: '10'
    MinValue: '10'
    MaxValue: '1024'
  SwapDisk:
    Description: Size (GB) of application EBS volume for instance
    Type: Number
    Default: '2'
    MinValue: '2'
    MaxValue: '128'
  SubnetAvailabilityZone:
    Description: Availability Zone for subnet
    Type: String
    Default: us-east-1d
    AllowedValues:
      - us-east-1c
      - us-east-1d
    ConstraintDescription: Must be a valid Availability zone.
  PrivateSubnets:
    Type: List<AWS::EC2::Subnet::Id>
    Description: 'Private subnet for the ELB in us-east-1c and us-east-1d'
    Default: "subnet-xxxxxxxx,subnet-xxxxxxxx"
Resources:
  ec2instance01:
    Type: 'AWS::EC2::Instance'
    Properties:
      DisableApiTermination: 'true'
      AvailabilityZone: us-east-1d
      ImageId:
        Ref: AMI
      InstanceType:
        Ref: InstanceType
      KeyName:
        Ref: KeyName
      SecurityGroupIds:
        - Ref: WebSG
      IamInstanceProfile:
        Ref: InstanceProfile
      SubnetId:
        Ref: SubnetIdPrivateEastD
      #EbsOptimized: true
      BlockDeviceMappings:
        - DeviceName: /dev/xvda
          Ebs:
            VolumeSize:
              Ref: RootVolumeSize
            VolumeType: gp2
        - DeviceName: /dev/sds
          Ebs:
            VolumeSize:
              Ref: SwapDisk
            VolumeType: gp2
      Tags:
        - Key: Name
          Value:
            Ref: AppServer
      UserData:
        'Fn::Base64': !Sub |-
          #!/bin/bash -v
          yum update -y aws-cfn-bootstrap
          exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
          date > /home/ec2-user/starttime

          date > /home/ec2-user/stoptime
          echo END
  WebSG:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Web SG
      VpcId:
        Ref: VPCID
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp: 10.0.0.0/8
      Tags:
        - Key: Name
          Value: web_sg
  ElbSG:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: ELB SG
      VpcId:
        Ref: VPCID
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '443'
          ToPort: '443'
          CidrIp: '0.0.0.0/0'
      Tags:
        - Key: Name
          Value: elb_sg
  ElasticLoadBalancer:
    Type: AWS::ElasticLoadBalancing::LoadBalancer
    DependsOn:
      - ec2instance01
    Properties:
      LoadBalancerName: elb_01
      SecurityGroups:
        - Ref: ElbSG
      Subnets: !Ref PrivateSubnets
      Scheme: internal
      Instances:
        - Ref: ec2instance01
      Listeners:
        - LoadBalancerPort: '80'
          InstancePort: '8080'
          InstanceProtocol: HTTP
          Protocol: HTTP
      AccessLoggingPolicy:
        EmitInterval: '60'
        Enabled: 'False'
        S3BucketName: elb-logs
        S3BucketPrefix: ELB
      HealthCheck:
        Target: TCP:8080
        HealthyThreshold: '5'
        UnhealthyThreshold: '10'
        Interval: '30'
        Timeout: '5'
      ConnectionDrainingPolicy:
        Enabled: true
        Timeout: '60'
      Tags:
        - Key: Name
          Value: ELB_Name
Outputs:
  ElbDNS:
    Description: ELB DNS
    Value:
      'Fn::GetAtt':
        - ElasticLoadBalancer
        - DNSName
  AppServerPrivateIP:
    Description: Private IP address of instance ec2instance01
    Value:
      'Fn::GetAtt':
        - ec2instance01
        - PrivateIp