CFN-INIT脚本问题导致AWS CloudFormation Stack创建失败

时间:2019-04-07 11:18:42

标签: amazon-web-services amazon-cloudformation autoscaling aws-load-balancer

我已经创建了2个模板-一个用于创建VPC和相关项,另一个用于使用从第一个模板导出的资源来创建2层Web应用程序的模板。我正在使用自动扩展组在私有子网中创建实例,并将其附加到公共子网中面向Web的负载均衡器。在公共子网中附加了一个NET网关。

VPC模板运行完美,所有资源均已创建并导出。 但是,应用程序创建堆栈失败。如果创建失败以及登录实例时,我在下面看到的日志中禁用了资源终止-

Complete!
+ /opt/aws/bin/cfn-init -v --stack Two-Tier --resource LaunchConfig -- 
configsets All --region us-east-1
+ /opt/aws/bin/cfn-signal -e 0 --stack Two-Tier --resource ExtAutoScaGrp --region us-east-1
ValidationError: Stack arn:aws:cloudformation:us-east-1:321777534159:stack/Two-Tier/13d87cf0-589f-11e9-aeab-1204ddd846a2 is in CREATE_FAILED state and cannot be signaled
Apr 06 19:23:06 cloud-init[2829]: util.py[WARNING]: Failed running /var/lib/cloud/instance/scripts/part-001 [1]
Apr 06 19:23:06 cloud-init[2829]: cc_scripts_user.py[WARNING]: Failed to run module scripts-user (scripts in /var/lib/cloud/instance/scripts)
Apr 06 19:23:06 cloud-init[2829]: util.py[WARNING]: Running module scripts-user (<module 'cloudinit.config.cc_scripts_user' from '/usr/lib/python2.7/dist-packages/cloudinit/config/cc_scripts_user.pyc'>) failed
Cloud-init v. 0.7.6 finished at Sat, 06 Apr 2019 19:23:06 +0000. Datasource DataSourceEc2.  Up 39.42 seconds

[root@ip-10-10-20-172 log]# cat /var/lib/cloud/instance/scripts/part-001
#!/bin/bash -ex
 yum update -y aws-cfn-bootstrap
/opt/aws/bin/cfn-init -v --stack Two-Tier --resource LaunchConfig --configsets All --region us-east-1
# Signal the status from cfn-init (via $?)
/opt/aws/bin/cfn-signal -e $? --stack Two-Tier --resource ExtAutoScaGrp --region us-east-1

以下cfn文件中没有-实例上创建cfn-hup.log,cfn-init-cmd.log,cfn-init.log或cfn-wire.log。这意味着CFN命令无法执行。 yum.log也为空。

但是,如果我从AWS Console Home终止实例,则通过Auto-Scaling启动新实例,这次我可以看到所有CFN文件均已创建,创建了自举脚本,并且一切都很好,应该如此。 我的VPC模板内容是-

AWSTemplateFormatVersion: 2010-09-09
Description: This template will create a VPC, 2 public subnets and 2 private subnet, a public security group, a private security group,  and a database security and export these values for cross stack reference
Metadata:
  'AWS::CloudFormation::Interface':
    ParameterGroups:
    - Label:
        default: 'VPC Parameters'
      Parameters:
      - ClassB
Parameters:
  ClassB:
    Description: 'Class B of VPC (10.XXX.0.0/16)'
    Type: Number
    Default: 0
    ConstraintDescription: 'Must be in the range [0-255]'
    MinValue: 0
    MaxValue: 255      
Resources:
  ar3vpc:
    Type: AWS::EC2::VPC
    Properties:
      EnableDnsSupport: 'true'
      EnableDnsHostnames: 'true'
      InstanceTenancy: default
      CidrBlock: !Sub '10.${ClassB}.0.0/16'
      Tags:
        - Key: Name
          Value: !Sub '10.${ClassB}.0.0/16'

  publicSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: !Select [0, !GetAZs '']
      CidrBlock: !Sub '10.${ClassB}.10.0/24'
      MapPublicIpOnLaunch: 'true'
      VpcId: !Ref ar3vpc
      Tags:
        - Key: Name
          Value: !Sub 'PUB-10.${ClassB}.10.0/24'

  publicSubnet2:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: !Select [1, !GetAZs '']
      CidrBlock: !Sub '10.${ClassB}.11.0/24'
      MapPublicIpOnLaunch: 'true'
      VpcId: !Ref ar3vpc
      Tags:
        - Key: Name
          Value: !Sub 'PUB-10.${ClassB}.11.0/24'
  privateSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: !Select [0, !GetAZs '']
      CidrBlock: !Sub '10.${ClassB}.20.0/24'
      MapPublicIpOnLaunch: 'false'
      VpcId: !Ref ar3vpc
      Tags:
        - Key: Name
          Value: !Sub 'PRI-10.${ClassB}.20.0/24'

  privateSubnet2:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: !Select [1, !GetAZs '']
      CidrBlock: !Sub '10.${ClassB}.21.0/24'
      MapPublicIpOnLaunch: 'false'
      VpcId: !Ref ar3vpc
      Tags:
        - Key: Name
          Value: !Sub 'PRI-10.${ClassB}.21.0/24'

  AR3InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
      - Key: Name
        Value: !Sub 'IGW-10.${ClassB}.0.0/16'

  AR3AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref AR3InternetGateway
      VpcId: !Ref ar3vpc

  AR3RouteTablePublic:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref ar3vpc
      Tags:
      - Key: Name
        Value: !Sub 'PublicRT-10.${ClassB}.0.0/16'

  AR3RouteTablePrivate:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref ar3vpc
      Tags:
      - Key: Name
        Value: !Sub 'PrivRT-10.${ClassB}.0.0/16'

  AR3PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: AR3AttachGateway
    Properties:
      RouteTableId: !Ref AR3RouteTablePublic
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref AR3InternetGateway

  publicSubnet2RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref publicSubnet2
      RouteTableId: !Ref AR3RouteTablePublic

  publicSubnet1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref publicSubnet1
      RouteTableId: !Ref AR3RouteTablePublic

  privateSubnet1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref privateSubnet1
      RouteTableId: !Ref AR3RouteTablePrivate

  privateSubnet2RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref privateSubnet2
      RouteTableId: !Ref AR3RouteTablePrivate

  publicSubnet1NetworkAclAssociation:
    Type: AWS::EC2::SubnetNetworkAclAssociation
    Properties:
      SubnetId: !Ref publicSubnet1
      NetworkAclId: !GetAtt
        - ar3vpc
        - DefaultNetworkAcl
  publicSubnet2NetworkAclAssociation:
    Type: AWS::EC2::SubnetNetworkAclAssociation
    Properties:
      SubnetId: !Ref publicSubnet2
      NetworkAclId: !GetAtt
        - ar3vpc
        - DefaultNetworkAcl

  privateSubnet1NetworkAclAssociation:
    Type: AWS::EC2::SubnetNetworkAclAssociation
    Properties:
      SubnetId: !Ref privateSubnet1
      NetworkAclId: !GetAtt
        - ar3vpc
        - DefaultNetworkAcl

  privateSubnet2NetworkAclAssociation:
    Type: AWS::EC2::SubnetNetworkAclAssociation
    Properties:
      SubnetId: !Ref privateSubnet2
      NetworkAclId: !GetAtt
        - ar3vpc
        - DefaultNetworkAcl

  WebDMZSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: WebDMZ
      GroupDescription: Security Group to allow public web access
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '80'
          ToPort: '80'
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: '443'
          ToPort: '443'
          CidrIp: 0.0.0.0/0    
      VpcId: !Ref ar3vpc
      Tags:
        - Key: Name
          Value: !Sub 'WebDMZ-SG-10.${ClassB}.0.0/16'

  PrivateSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      Tags:
        - Key: Name
          Value: !Sub 'PrivSG-10.${ClassB}.0.0/16'
      GroupName: PrivateSecurityGroup
      GroupDescription: Security Group to allow traffic internally coming from WebDMZSecurityGroup
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '80'
          ToPort: '80'
          SourceSecurityGroupId: !Ref WebDMZSecurityGroup
        - IpProtocol: tcp
          FromPort: '443'
          ToPort: '443'
          SourceSecurityGroupId: !Ref WebDMZSecurityGroup
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          SourceSecurityGroupId: !Ref BastHostSecurityGroup  
        - IpProtocol: icmp
          FromPort: '8'
          ToPort: '-1'
          SourceSecurityGroupId: !Ref WebDMZSecurityGroup
      VpcId: !Ref ar3vpc    
  DbSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      Tags:
        - Key: Name
          Value: !Sub 'DB-SG-10.${ClassB}.0.0/16'
      VpcId: !Ref ar3vpc
      GroupDescription: Security Group to allow Database connection from Private subnet
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '3306'
          ToPort: '3306'
          SourceSecurityGroupId: !Ref PrivateSecurityGroup

  BastHostSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: BastHostSG
      GroupDescription: Security Group to allow ssh access on Bastion host
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '80'
          ToPort: '80'
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: '443'
          ToPort: '443'
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp: 0.0.0.0/0   
      VpcId: !Ref ar3vpc
      Tags:
        - Key: Name
          Value: !Sub 'Bast-SG-10.${ClassB}.0.0/16'        
Outputs:
  VPCId:
    Description: VPC Created
    Value: !Ref ar3vpc
    Export:
      Name: !Sub '${AWS::StackName}-VPCID'
  PubSubnet1:
    Description: Public Subnet1 for web server
    Value: !Ref publicSubnet1
    Export:
      Name: !Sub '${AWS::StackName}-PubSubnetID1'
  PubSubnet2:
    Description: Public Subnet2 for web server
    Value: !Ref publicSubnet2
    Export:
      Name: !Sub '${AWS::StackName}-PubSubnetID2'
  privSubnet1:
    Description: Private Subnet1 for web server
    Value: !Ref privateSubnet1
    Export:
      Name: !Sub '${AWS::StackName}-PrivSubnetID1'
  privSubnet2:
    Description: Private Subnet2 for web server
    Value: !Ref privateSubnet2
    Export:
      Name: !Sub '${AWS::StackName}-PrivSubnetID2'    
  externalSecurityGroup:
    Description: Security group to allow traffic to internet
    Value: !Ref WebDMZSecurityGroup
    Export:
      Name: !Sub '${AWS::StackName}-WebSecurityGroup'
  privSecurityGroup:
    Description: Security Group for internal communication
    Value: !Ref PrivateSecurityGroup
    Export:
      Name: !Sub '${AWS::StackName}-PrivateSecurityGroup'
  DatabaseSG:
    Description: Security Group for Database communication
    Value: !Ref DbSecurityGroup
    Export:
      Name: !Sub '${AWS::StackName}-DatabaseSecurityGroup'
  BastSG:
    Description: Security Group for Bastion host 
    Value: !Ref BastHostSecurityGroup
    Export:
      Name: !Sub '${AWS::StackName}-BastHostSecurityGroup'
  GatewayToInternet:
    Description: Internet gateway attachment 
    Value: !Ref AR3AttachGateway
    Export:
      Name: !Sub '${AWS::StackName}-GatewayToInternet'    
  PrivRoute:
    Description: Private Route Table 
    Value: !Ref AR3RouteTablePrivate
    Export:
      Name: !Sub '${AWS::StackName}-PrivRoute'
  PubRoute:
    Description: Private Route Table 
    Value: !Ref AR3RouteTablePublic
    Export:
      Name: !Sub '${AWS::StackName}-PubRoute'    

我的应用模板为-

---
# This template will create a two tier deployment of LAMP stack by refering to an 
# exisitn VPC resource - ar3vpcresource
#
#
AWSTemplateFormatVersion: 2010-09-09
Description: 2 tier deployment of LAMP Stack.
Parameters:
#  Subnets:
#   Type: 'List<AWS::EC2::Subnet::Id>'
#    Description: The list of SubnetIds in your Virtual Private Cloud (VPC)
#    ConstraintDescription: >-
#      must be a list of at least two existing subnets associated with at least
#      two different availability zones. They should be residing in the selected
#      Virtual Private Cloud.
  NetworkStackName:
    Description: >-
      Name of an active CloudFormation stack that contains the networking
      resources, such as the subnet and security group, that will be used in
      this stack.
    Type: String
    MinLength: 1
    MaxLength: 255
    AllowedPattern: '^[a-zA-Z][-a-zA-Z0-9]*$'
    Default: Demo-Vpc
  DBName:
    Default: AR3Db
    Description: MySQL database name
    Type: String
    MinLength: '1'
    MaxLength: '64'
    AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
    ConstraintDescription: must begin with a letter and contain only alphanumeric characters.
  DBUser:
    Default: dotsphere
    Description: Username for MySQL database access
    Type: String
    MinLength: '1'
    MaxLength: '16'
    AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
    ConstraintDescription: must begin with a letter and contain only alphanumeric characters.
  DBPassword:
    NoEcho: 'true'
    Description: Password for MySQL database access
    Type: String
    MinLength: '1'
    MaxLength: '41'
    AllowedPattern: '[a-zA-Z0-9]*'
    ConstraintDescription: must contain only alphanumeric characters.
  DBRootPassword:
    NoEcho: 'true'
    Description: Root password for MySQL
    Type: String
    MinLength: '1'
    MaxLength: '41'
    AllowedPattern: '[a-zA-Z0-9]*'
    ConstraintDescription: must contain only alphanumeric characters.  
  InstanceType:
    Description: EC2 Instance Type
    Type: String
    Default: t2.micro
    AllowedValues:
      - t1.micro
      - t2.nano
      - t2.micro
      - t2.small
      - t2.medium
      - t2.large
      - m1.small
      - m1.medium
      - m1.large
      - m1.xlarge
      - m2.xlarge
      - m2.2xlarge
      - m2.4xlarge
      - m3.medium
      - m3.large
      - m3.xlarge
      - m3.2xlarge
      - m4.large
      - m4.xlarge
      - m4.2xlarge
      - m4.4xlarge
      - m4.10xlarge
      - c1.medium
      - c1.xlarge
      - c3.large
      - c3.xlarge
      - c3.2xlarge
      - c3.4xlarge
      - c3.8xlarge
      - c4.large
      - c4.xlarge
      - c4.2xlarge
      - c4.4xlarge
      - c4.8xlarge
      - g2.2xlarge
      - g2.8xlarge
      - r3.large
      - r3.xlarge
      - r3.2xlarge
      - r3.4xlarge
      - r3.8xlarge
      - i2.xlarge
      - i2.2xlarge
      - i2.4xlarge
      - i2.8xlarge
      - d2.xlarge
      - d2.2xlarge
      - d2.4xlarge
      - d2.8xlarge
      - hi1.4xlarge
      - hs1.8xlarge
      - cr1.8xlarge
      - cc2.8xlarge
      - cg1.4xlarge
    ConstraintDescription: Must be a valid Instance type.
  WebServerCapacity:
    Default: '2'
    Description: The initial number of WebServer instances
    Type: Number
    MinValue: '1'
    MaxValue: '2'
    ConstraintDescription: must be between 1 and 2 EC2 instances.  
  KeyName:
    Description: Existing KeyPair name
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: Must be an existing KeyPair from the region where instance is being created.

  ModuleName:
    Description: The name of the JavaScript file that will be used for amilookup
    Type: String
    Default: amilookup
  S3Bucket:
    Description: The name of the bucket that contains your packaged source
    Type: String
    Default: ar3resource
  S3Key:
    Description: The name of the ZIP package
    Type: String
    Default: amilookup.zip
Mappings:    
  AWSInstanceType2Arch:
    t1.micro:
      Arch: HVM64
    t2.nano:
      Arch: HVM64
    t2.micro:
      Arch: HVM64
    t2.small:
      Arch: HVM64
    t2.medium:
      Arch: HVM64
    t2.large:
      Arch: HVM64
    m1.small:
      Arch: HVM64
    m1.medium:
      Arch: HVM64
    m1.large:
      Arch: HVM64
    m1.xlarge:
      Arch: HVM64
    m2.xlarge:
      Arch: HVM64
    m2.2xlarge:
      Arch: HVM64
    m2.4xlarge:
      Arch: HVM64
    m3.medium:
      Arch: HVM64
    m3.large:
      Arch: HVM64
    m3.xlarge:
      Arch: HVM64
    m3.2xlarge:
      Arch: HVM64
    m4.large:
      Arch: HVM64
    m4.xlarge:
      Arch: HVM64
    m4.2xlarge:
      Arch: HVM64
    m4.4xlarge:
      Arch: HVM64
    m4.10xlarge:
      Arch: HVM64
    c1.medium:
      Arch: HVM64
    c1.xlarge:
      Arch: HVM64
    c3.large:
      Arch: HVM64
    c3.xlarge:
      Arch: HVM64
    c3.2xlarge:
      Arch: HVM64
    c3.4xlarge:
      Arch: HVM64
    c3.8xlarge:
      Arch: HVM64
    c4.large:
      Arch: HVM64
    c4.xlarge:
      Arch: HVM64
    c4.2xlarge:
      Arch: HVM64
    c4.4xlarge:
      Arch: HVM64
    c4.8xlarge:
      Arch: HVM64
    g2.2xlarge:
      Arch: HVMG2
    g2.8xlarge:
      Arch: HVMG2
    r3.large:
      Arch: HVM64
    r3.xlarge:
      Arch: HVM64
    r3.2xlarge:
      Arch: HVM64
    r3.4xlarge:
      Arch: HVM64
    r3.8xlarge:
      Arch: HVM64
    i2.xlarge:
      Arch: HVM64
    i2.2xlarge:
      Arch: HVM64
    i2.4xlarge:
      Arch: HVM64
    i2.8xlarge:
      Arch: HVM64
    d2.xlarge:
      Arch: HVM64
    d2.2xlarge:
      Arch: HVM64
    d2.4xlarge:
      Arch: HVM64
    d2.8xlarge:
      Arch: HVM64
    hi1.4xlarge:
      Arch: HVM64
    hs1.8xlarge:
      Arch: HVM64
    cr1.8xlarge:
      Arch: HVM64
    cc2.8xlarge:
      Arch: HVM64

Resources:
  AR3NATGateway:
    Type: 'AWS::EC2::NatGateway'
    Properties:
      AllocationId: !GetAtt
        - GatewayElasticIp
        - AllocationId
      SubnetId:   
        !ImportValue 
        'Fn::Sub': '${NetworkStackName}-PubSubnetID1'
  GatewayElasticIp:
    Type: 'AWS::EC2::EIP'
    Properties:
      Domain: vpc
  PrivateRouteToInternet:
    Type: 'AWS::EC2::Route'
    Properties:
      RouteTableId:
        !ImportValue 
        'Fn::Sub': '${NetworkStackName}-PrivRoute'
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref AR3NATGateway    
  ExternalALB:
    Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
    Properties:
      Subnets: 
      - !ImportValue 
        'Fn::Sub': '${NetworkStackName}-PubSubnetID1'
      - !ImportValue 
        'Fn::Sub': '${NetworkStackName}-PubSubnetID2'  
      SecurityGroups: 
      - !ImportValue 
        'Fn::Sub': '${NetworkStackName}-WebSecurityGroup'
  ExternalALBListener:
    Type: 'AWS::ElasticLoadBalancingV2::Listener'
    Properties:
      DefaultActions:
        - Type: forward
          TargetGroupArn: !Ref ExtALBTargetGroup
      LoadBalancerArn: !Ref ExternalALB
      Port: '80'
      Protocol: HTTP
  ExtALBTargetGroup:
    Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
    Properties:
      HealthCheckIntervalSeconds: '10'
      HealthCheckTimeoutSeconds: '5'
      HealthyThresholdCount: '2'
      Port: '80'
      Protocol: HTTP
      UnhealthyThresholdCount: '5'
      VpcId: !ImportValue 
        'Fn::Sub': '${NetworkStackName}-VPCID'
      TargetGroupAttributes:
        - Key: stickiness.enabled
          Value: 'true'
        - Key: stickiness.type
          Value: lb_cookie
        - Key: stickiness.lb_cookie.duration_seconds
          Value: '30'
  ExtAutoScaGrp:
    Type: 'AWS::AutoScaling::AutoScalingGroup'
    Properties:
      VPCZoneIdentifier:
      - !ImportValue 
        'Fn::Sub': '${NetworkStackName}-PrivSubnetID1'
      - !ImportValue 
        'Fn::Sub': '${NetworkStackName}-PrivSubnetID2'
      LaunchConfigurationName: !Ref LaunchConfig
      MinSize: '1'
      MaxSize: '2'
      DesiredCapacity: !Ref WebServerCapacity
      TargetGroupARNs:
        - !Ref ExtALBTargetGroup
    CreationPolicy:
      ResourceSignal:
        Timeout: PT5M
        Count: !Ref WebServerCapacity
    UpdatePolicy:
      AutoScalingRollingUpdate:
        MinInstancesInService: '1'
        MaxBatchSize: '1'
        PauseTime: PT15M
        WaitOnResourceSignals: 'true'
  LaunchConfig:
    Type: 'AWS::AutoScaling::LaunchConfiguration'
    Metadata:
      'AWS::CloudFormation::Init':
        configSets:
          All:
            - ConfigureSvr
        ConfigureSvr:    
          packages:
            yum:
              httpd: []
              mysql-server: []
              mysql-libs: []
              php: []
              php-mysql: []
          files:
            /var/www/html/index.html:
              content: !Sub |
                <html>
                  <body>
                    <h1>AR3 Web </h1>
                    <h2>This is a test web page!!</h2>
                    Created from Stack - ${AWS::StackName}
                  </body
                </html>
              mode: '000644'
              owner: root
              group: root
            /etc/cfn/cfn-hup.conf:
              content: !Sub |
                [main]
                stack=${AWS::StackId}
                region=${AWS::Region}
                interval=1
              mode: '000400'
              owner: root
              group: root
            /etc/cfn/hooks.d/cfn-auto-reloader.conf:
              content: !Sub |
                [cfn-auto-reloader-hook]
                triggers=post.update
                path=Resources.LaunchConfig.Metadata.AWS::CloudFormation::Init
                action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --region ${AWS::Region}
                runas=root
              mode: '000400'
              owner: root
              group: root
          services:
            sysvinit:
              httpd:
                enabled: 'true'
                ensureRunning: 'true'
              cfn-hup:
                enabled: 'true'
                ensureRunning: 'true'
                files:
                  - /etc/cfn/cfn-hup.conf
                  - /etc/cfn/hooks.d/cfn-auto-reloader.conf
    Properties:
      InstanceType: !Ref InstanceType
      ImageId: !GetAtt
        - AMIInfo
        - Id      
      KeyName: !Ref KeyName
      SecurityGroups:
        - !ImportValue
          'Fn::Sub': '${NetworkStackName}-PrivateSecurityGroup'
      UserData:
        'Fn::Base64': !Sub |
          #!/bin/bash -ex
           yum update -y aws-cfn-bootstrap
          /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --configsets All --region ${AWS::Region}
          # Signal the status from cfn-init (via $?)
          /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource ExtAutoScaGrp --region ${AWS::Region}
  AMIInfo:
    Type: 'Custom::AMIInfo'
    Properties:
      ServiceToken: !GetAtt
        - AMIInfoFunction
        - Arn
      Region: !Ref 'AWS::Region'
      Architecture: !FindInMap [ AWSInstanceType2Arch, !Ref InstanceType, Arch ]
  AMIInfoFunction:
    Type: 'AWS::Lambda::Function'
    Properties:
      Code:
        S3Bucket: !Ref S3Bucket
        S3Key: !Ref S3Key
      Handler: !Join
        - ''
        - - !Ref ModuleName
          - .handler
      Role: !GetAtt     
        - LambdaExecutionRole
        - Arn
      Runtime: nodejs8.10
      Timeout: '30'  
  LambdaExecutionRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      Path: /
      Policies:
        - PolicyName: root
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - 'logs:CreateLogGroup'
                  - 'logs:CreateLogStream'
                  - 'logs:PutLogEvents'
                Resource: 'arn:aws:logs:*:*:*'
              - Effect: Allow
                Action:
                  - 'ec2:DescribeImages'
                Resource: '*'
Outputs:
  WebsiteURL:
    Description: URL for newly created Webserver stack
    Value: !Join 
      - ''
      - - 'http://'
        - !GetAtt 
          - ExternalALB
          - DNSName                        

由于我仍在努力寻找自己在AWS世界中的立足之地,因此非常感谢您的帮助

0 个答案:

没有答案