cfn-lint抱怨通过这种方式对可用区进行硬编码:
Resources:
SubnetWest2a:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-west-2a
CidrBlock: 10.0.0.0/24
VpcId: !Ref GlobalVPC
SubnetWest2b:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-west-2b
CidrBlock: 10.0.1.0/24
VpcId: !Ref GlobalVPC
SubnetWest2c:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-west-2c
CidrBlock: 10.0.2.0/24
VpcId: !Ref GlobalVPC
所以我是这样做的:
Resources:
#...
SubnetWest1:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.0.0/24
VpcId: !Ref GlobalVPC
AvailabilityZone: !Select
- 0
- Fn::GetAZs: !Ref 'AWS::Region'
SubnetWest2:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.1.0/24
VpcId: !Ref GlobalVPC
AvailabilityZone: !Select
- 1
- Fn::GetAZs: !Ref 'AWS::Region'
SubnetWest3:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.2.0/24
VpcId: !Ref GlobalVPC
AvailabilityZone: !Select
- 2
- Fn::GetAZs: !Ref 'AWS::Region'
但是警告来自Fn::GetAZs docs:
类似于来自describe-availability-zones AWS CLI命令的响应,不能保证Fn :: GetAZs函数的结果顺序,并且在添加新的可用区时可能会更改。
取决于这些子网和CIDR块的节是:
GlobalDBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Multi-AZ RDS subnet group
SubnetIds:
- !Ref SubnetWest1
- !Ref SubnetWest2
- !Ref SubnetWest3
鉴于这两个互斥的最佳实践提示,有没有更好的方法来发现(或更好的方法来为多可用区RDS创建此相互依赖的资源集合) ),并在每次运行此堆栈时获得确定性结果?