我已经创建了2个模板-一个用于创建VPC和相关项,另一个用于使用从第一个模板导出的资源来创建2层Web应用程序的模板。我正在使用自动扩展组在私有子网中创建实例,并将其附加到公共子网中面向Web的负载均衡器。在公共子网中附加了一个NET网关。
VPC模板运行完美,所有资源均已创建并导出。 但是,应用程序创建堆栈失败。如果创建失败以及登录实例时,我在下面看到的日志中禁用了资源终止-
Complete!
+ /opt/aws/bin/cfn-init -v --stack Two-Tier --resource LaunchConfig --
configsets All --region us-east-1
+ /opt/aws/bin/cfn-signal -e 0 --stack Two-Tier --resource ExtAutoScaGrp --region us-east-1
ValidationError: Stack arn:aws:cloudformation:us-east-1:321777534159:stack/Two-Tier/13d87cf0-589f-11e9-aeab-1204ddd846a2 is in CREATE_FAILED state and cannot be signaled
Apr 06 19:23:06 cloud-init[2829]: util.py[WARNING]: Failed running /var/lib/cloud/instance/scripts/part-001 [1]
Apr 06 19:23:06 cloud-init[2829]: cc_scripts_user.py[WARNING]: Failed to run module scripts-user (scripts in /var/lib/cloud/instance/scripts)
Apr 06 19:23:06 cloud-init[2829]: util.py[WARNING]: Running module scripts-user (<module 'cloudinit.config.cc_scripts_user' from '/usr/lib/python2.7/dist-packages/cloudinit/config/cc_scripts_user.pyc'>) failed
Cloud-init v. 0.7.6 finished at Sat, 06 Apr 2019 19:23:06 +0000. Datasource DataSourceEc2. Up 39.42 seconds
[root@ip-10-10-20-172 log]# cat /var/lib/cloud/instance/scripts/part-001
#!/bin/bash -ex
yum update -y aws-cfn-bootstrap
/opt/aws/bin/cfn-init -v --stack Two-Tier --resource LaunchConfig --configsets All --region us-east-1
# Signal the status from cfn-init (via $?)
/opt/aws/bin/cfn-signal -e $? --stack Two-Tier --resource ExtAutoScaGrp --region us-east-1
以下cfn文件中没有-实例上创建cfn-hup.log,cfn-init-cmd.log,cfn-init.log或cfn-wire.log。这意味着CFN命令无法执行。 yum.log也为空。
但是,如果我从AWS Console Home终止实例,则通过Auto-Scaling启动新实例,这次我可以看到所有CFN文件均已创建,创建了自举脚本,并且一切都很好,应该如此。 我的VPC模板内容是-
AWSTemplateFormatVersion: 2010-09-09
Description: This template will create a VPC, 2 public subnets and 2 private subnet, a public security group, a private security group, and a database security and export these values for cross stack reference
Metadata:
'AWS::CloudFormation::Interface':
ParameterGroups:
- Label:
default: 'VPC Parameters'
Parameters:
- ClassB
Parameters:
ClassB:
Description: 'Class B of VPC (10.XXX.0.0/16)'
Type: Number
Default: 0
ConstraintDescription: 'Must be in the range [0-255]'
MinValue: 0
MaxValue: 255
Resources:
ar3vpc:
Type: AWS::EC2::VPC
Properties:
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
InstanceTenancy: default
CidrBlock: !Sub '10.${ClassB}.0.0/16'
Tags:
- Key: Name
Value: !Sub '10.${ClassB}.0.0/16'
publicSubnet1:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !Select [0, !GetAZs '']
CidrBlock: !Sub '10.${ClassB}.10.0/24'
MapPublicIpOnLaunch: 'true'
VpcId: !Ref ar3vpc
Tags:
- Key: Name
Value: !Sub 'PUB-10.${ClassB}.10.0/24'
publicSubnet2:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !Select [1, !GetAZs '']
CidrBlock: !Sub '10.${ClassB}.11.0/24'
MapPublicIpOnLaunch: 'true'
VpcId: !Ref ar3vpc
Tags:
- Key: Name
Value: !Sub 'PUB-10.${ClassB}.11.0/24'
privateSubnet1:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !Select [0, !GetAZs '']
CidrBlock: !Sub '10.${ClassB}.20.0/24'
MapPublicIpOnLaunch: 'false'
VpcId: !Ref ar3vpc
Tags:
- Key: Name
Value: !Sub 'PRI-10.${ClassB}.20.0/24'
privateSubnet2:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !Select [1, !GetAZs '']
CidrBlock: !Sub '10.${ClassB}.21.0/24'
MapPublicIpOnLaunch: 'false'
VpcId: !Ref ar3vpc
Tags:
- Key: Name
Value: !Sub 'PRI-10.${ClassB}.21.0/24'
AR3InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub 'IGW-10.${ClassB}.0.0/16'
AR3AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref AR3InternetGateway
VpcId: !Ref ar3vpc
AR3RouteTablePublic:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref ar3vpc
Tags:
- Key: Name
Value: !Sub 'PublicRT-10.${ClassB}.0.0/16'
AR3RouteTablePrivate:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref ar3vpc
Tags:
- Key: Name
Value: !Sub 'PrivRT-10.${ClassB}.0.0/16'
AR3PublicRoute:
Type: AWS::EC2::Route
DependsOn: AR3AttachGateway
Properties:
RouteTableId: !Ref AR3RouteTablePublic
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref AR3InternetGateway
publicSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref publicSubnet2
RouteTableId: !Ref AR3RouteTablePublic
publicSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref publicSubnet1
RouteTableId: !Ref AR3RouteTablePublic
privateSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref privateSubnet1
RouteTableId: !Ref AR3RouteTablePrivate
privateSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref privateSubnet2
RouteTableId: !Ref AR3RouteTablePrivate
publicSubnet1NetworkAclAssociation:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
SubnetId: !Ref publicSubnet1
NetworkAclId: !GetAtt
- ar3vpc
- DefaultNetworkAcl
publicSubnet2NetworkAclAssociation:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
SubnetId: !Ref publicSubnet2
NetworkAclId: !GetAtt
- ar3vpc
- DefaultNetworkAcl
privateSubnet1NetworkAclAssociation:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
SubnetId: !Ref privateSubnet1
NetworkAclId: !GetAtt
- ar3vpc
- DefaultNetworkAcl
privateSubnet2NetworkAclAssociation:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
SubnetId: !Ref privateSubnet2
NetworkAclId: !GetAtt
- ar3vpc
- DefaultNetworkAcl
WebDMZSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: WebDMZ
GroupDescription: Security Group to allow public web access
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '443'
ToPort: '443'
CidrIp: 0.0.0.0/0
VpcId: !Ref ar3vpc
Tags:
- Key: Name
Value: !Sub 'WebDMZ-SG-10.${ClassB}.0.0/16'
PrivateSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
Tags:
- Key: Name
Value: !Sub 'PrivSG-10.${ClassB}.0.0/16'
GroupName: PrivateSecurityGroup
GroupDescription: Security Group to allow traffic internally coming from WebDMZSecurityGroup
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
SourceSecurityGroupId: !Ref WebDMZSecurityGroup
- IpProtocol: tcp
FromPort: '443'
ToPort: '443'
SourceSecurityGroupId: !Ref WebDMZSecurityGroup
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
SourceSecurityGroupId: !Ref BastHostSecurityGroup
- IpProtocol: icmp
FromPort: '8'
ToPort: '-1'
SourceSecurityGroupId: !Ref WebDMZSecurityGroup
VpcId: !Ref ar3vpc
DbSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
Tags:
- Key: Name
Value: !Sub 'DB-SG-10.${ClassB}.0.0/16'
VpcId: !Ref ar3vpc
GroupDescription: Security Group to allow Database connection from Private subnet
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '3306'
ToPort: '3306'
SourceSecurityGroupId: !Ref PrivateSecurityGroup
BastHostSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: BastHostSG
GroupDescription: Security Group to allow ssh access on Bastion host
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '443'
ToPort: '443'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
VpcId: !Ref ar3vpc
Tags:
- Key: Name
Value: !Sub 'Bast-SG-10.${ClassB}.0.0/16'
Outputs:
VPCId:
Description: VPC Created
Value: !Ref ar3vpc
Export:
Name: !Sub '${AWS::StackName}-VPCID'
PubSubnet1:
Description: Public Subnet1 for web server
Value: !Ref publicSubnet1
Export:
Name: !Sub '${AWS::StackName}-PubSubnetID1'
PubSubnet2:
Description: Public Subnet2 for web server
Value: !Ref publicSubnet2
Export:
Name: !Sub '${AWS::StackName}-PubSubnetID2'
privSubnet1:
Description: Private Subnet1 for web server
Value: !Ref privateSubnet1
Export:
Name: !Sub '${AWS::StackName}-PrivSubnetID1'
privSubnet2:
Description: Private Subnet2 for web server
Value: !Ref privateSubnet2
Export:
Name: !Sub '${AWS::StackName}-PrivSubnetID2'
externalSecurityGroup:
Description: Security group to allow traffic to internet
Value: !Ref WebDMZSecurityGroup
Export:
Name: !Sub '${AWS::StackName}-WebSecurityGroup'
privSecurityGroup:
Description: Security Group for internal communication
Value: !Ref PrivateSecurityGroup
Export:
Name: !Sub '${AWS::StackName}-PrivateSecurityGroup'
DatabaseSG:
Description: Security Group for Database communication
Value: !Ref DbSecurityGroup
Export:
Name: !Sub '${AWS::StackName}-DatabaseSecurityGroup'
BastSG:
Description: Security Group for Bastion host
Value: !Ref BastHostSecurityGroup
Export:
Name: !Sub '${AWS::StackName}-BastHostSecurityGroup'
GatewayToInternet:
Description: Internet gateway attachment
Value: !Ref AR3AttachGateway
Export:
Name: !Sub '${AWS::StackName}-GatewayToInternet'
PrivRoute:
Description: Private Route Table
Value: !Ref AR3RouteTablePrivate
Export:
Name: !Sub '${AWS::StackName}-PrivRoute'
PubRoute:
Description: Private Route Table
Value: !Ref AR3RouteTablePublic
Export:
Name: !Sub '${AWS::StackName}-PubRoute'
我的应用模板为-
---
# This template will create a two tier deployment of LAMP stack by refering to an
# exisitn VPC resource - ar3vpcresource
#
#
AWSTemplateFormatVersion: 2010-09-09
Description: 2 tier deployment of LAMP Stack.
Parameters:
# Subnets:
# Type: 'List<AWS::EC2::Subnet::Id>'
# Description: The list of SubnetIds in your Virtual Private Cloud (VPC)
# ConstraintDescription: >-
# must be a list of at least two existing subnets associated with at least
# two different availability zones. They should be residing in the selected
# Virtual Private Cloud.
NetworkStackName:
Description: >-
Name of an active CloudFormation stack that contains the networking
resources, such as the subnet and security group, that will be used in
this stack.
Type: String
MinLength: 1
MaxLength: 255
AllowedPattern: '^[a-zA-Z][-a-zA-Z0-9]*$'
Default: Demo-Vpc
DBName:
Default: AR3Db
Description: MySQL database name
Type: String
MinLength: '1'
MaxLength: '64'
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
ConstraintDescription: must begin with a letter and contain only alphanumeric characters.
DBUser:
Default: dotsphere
Description: Username for MySQL database access
Type: String
MinLength: '1'
MaxLength: '16'
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
ConstraintDescription: must begin with a letter and contain only alphanumeric characters.
DBPassword:
NoEcho: 'true'
Description: Password for MySQL database access
Type: String
MinLength: '1'
MaxLength: '41'
AllowedPattern: '[a-zA-Z0-9]*'
ConstraintDescription: must contain only alphanumeric characters.
DBRootPassword:
NoEcho: 'true'
Description: Root password for MySQL
Type: String
MinLength: '1'
MaxLength: '41'
AllowedPattern: '[a-zA-Z0-9]*'
ConstraintDescription: must contain only alphanumeric characters.
InstanceType:
Description: EC2 Instance Type
Type: String
Default: t2.micro
AllowedValues:
- t1.micro
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- m1.small
- m1.medium
- m1.large
- m1.xlarge
- m2.xlarge
- m2.2xlarge
- m2.4xlarge
- m3.medium
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
- c1.medium
- c1.xlarge
- c3.large
- c3.xlarge
- c3.2xlarge
- c3.4xlarge
- c3.8xlarge
- c4.large
- c4.xlarge
- c4.2xlarge
- c4.4xlarge
- c4.8xlarge
- g2.2xlarge
- g2.8xlarge
- r3.large
- r3.xlarge
- r3.2xlarge
- r3.4xlarge
- r3.8xlarge
- i2.xlarge
- i2.2xlarge
- i2.4xlarge
- i2.8xlarge
- d2.xlarge
- d2.2xlarge
- d2.4xlarge
- d2.8xlarge
- hi1.4xlarge
- hs1.8xlarge
- cr1.8xlarge
- cc2.8xlarge
- cg1.4xlarge
ConstraintDescription: Must be a valid Instance type.
WebServerCapacity:
Default: '2'
Description: The initial number of WebServer instances
Type: Number
MinValue: '1'
MaxValue: '2'
ConstraintDescription: must be between 1 and 2 EC2 instances.
KeyName:
Description: Existing KeyPair name
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: Must be an existing KeyPair from the region where instance is being created.
ModuleName:
Description: The name of the JavaScript file that will be used for amilookup
Type: String
Default: amilookup
S3Bucket:
Description: The name of the bucket that contains your packaged source
Type: String
Default: ar3resource
S3Key:
Description: The name of the ZIP package
Type: String
Default: amilookup.zip
Mappings:
AWSInstanceType2Arch:
t1.micro:
Arch: HVM64
t2.nano:
Arch: HVM64
t2.micro:
Arch: HVM64
t2.small:
Arch: HVM64
t2.medium:
Arch: HVM64
t2.large:
Arch: HVM64
m1.small:
Arch: HVM64
m1.medium:
Arch: HVM64
m1.large:
Arch: HVM64
m1.xlarge:
Arch: HVM64
m2.xlarge:
Arch: HVM64
m2.2xlarge:
Arch: HVM64
m2.4xlarge:
Arch: HVM64
m3.medium:
Arch: HVM64
m3.large:
Arch: HVM64
m3.xlarge:
Arch: HVM64
m3.2xlarge:
Arch: HVM64
m4.large:
Arch: HVM64
m4.xlarge:
Arch: HVM64
m4.2xlarge:
Arch: HVM64
m4.4xlarge:
Arch: HVM64
m4.10xlarge:
Arch: HVM64
c1.medium:
Arch: HVM64
c1.xlarge:
Arch: HVM64
c3.large:
Arch: HVM64
c3.xlarge:
Arch: HVM64
c3.2xlarge:
Arch: HVM64
c3.4xlarge:
Arch: HVM64
c3.8xlarge:
Arch: HVM64
c4.large:
Arch: HVM64
c4.xlarge:
Arch: HVM64
c4.2xlarge:
Arch: HVM64
c4.4xlarge:
Arch: HVM64
c4.8xlarge:
Arch: HVM64
g2.2xlarge:
Arch: HVMG2
g2.8xlarge:
Arch: HVMG2
r3.large:
Arch: HVM64
r3.xlarge:
Arch: HVM64
r3.2xlarge:
Arch: HVM64
r3.4xlarge:
Arch: HVM64
r3.8xlarge:
Arch: HVM64
i2.xlarge:
Arch: HVM64
i2.2xlarge:
Arch: HVM64
i2.4xlarge:
Arch: HVM64
i2.8xlarge:
Arch: HVM64
d2.xlarge:
Arch: HVM64
d2.2xlarge:
Arch: HVM64
d2.4xlarge:
Arch: HVM64
d2.8xlarge:
Arch: HVM64
hi1.4xlarge:
Arch: HVM64
hs1.8xlarge:
Arch: HVM64
cr1.8xlarge:
Arch: HVM64
cc2.8xlarge:
Arch: HVM64
Resources:
AR3NATGateway:
Type: 'AWS::EC2::NatGateway'
Properties:
AllocationId: !GetAtt
- GatewayElasticIp
- AllocationId
SubnetId:
!ImportValue
'Fn::Sub': '${NetworkStackName}-PubSubnetID1'
GatewayElasticIp:
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
PrivateRouteToInternet:
Type: 'AWS::EC2::Route'
Properties:
RouteTableId:
!ImportValue
'Fn::Sub': '${NetworkStackName}-PrivRoute'
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref AR3NATGateway
ExternalALB:
Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
Properties:
Subnets:
- !ImportValue
'Fn::Sub': '${NetworkStackName}-PubSubnetID1'
- !ImportValue
'Fn::Sub': '${NetworkStackName}-PubSubnetID2'
SecurityGroups:
- !ImportValue
'Fn::Sub': '${NetworkStackName}-WebSecurityGroup'
ExternalALBListener:
Type: 'AWS::ElasticLoadBalancingV2::Listener'
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref ExtALBTargetGroup
LoadBalancerArn: !Ref ExternalALB
Port: '80'
Protocol: HTTP
ExtALBTargetGroup:
Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
Properties:
HealthCheckIntervalSeconds: '10'
HealthCheckTimeoutSeconds: '5'
HealthyThresholdCount: '2'
Port: '80'
Protocol: HTTP
UnhealthyThresholdCount: '5'
VpcId: !ImportValue
'Fn::Sub': '${NetworkStackName}-VPCID'
TargetGroupAttributes:
- Key: stickiness.enabled
Value: 'true'
- Key: stickiness.type
Value: lb_cookie
- Key: stickiness.lb_cookie.duration_seconds
Value: '30'
ExtAutoScaGrp:
Type: 'AWS::AutoScaling::AutoScalingGroup'
Properties:
VPCZoneIdentifier:
- !ImportValue
'Fn::Sub': '${NetworkStackName}-PrivSubnetID1'
- !ImportValue
'Fn::Sub': '${NetworkStackName}-PrivSubnetID2'
LaunchConfigurationName: !Ref LaunchConfig
MinSize: '1'
MaxSize: '2'
DesiredCapacity: !Ref WebServerCapacity
TargetGroupARNs:
- !Ref ExtALBTargetGroup
CreationPolicy:
ResourceSignal:
Timeout: PT5M
Count: !Ref WebServerCapacity
UpdatePolicy:
AutoScalingRollingUpdate:
MinInstancesInService: '1'
MaxBatchSize: '1'
PauseTime: PT15M
WaitOnResourceSignals: 'true'
LaunchConfig:
Type: 'AWS::AutoScaling::LaunchConfiguration'
Metadata:
'AWS::CloudFormation::Init':
configSets:
All:
- ConfigureSvr
ConfigureSvr:
packages:
yum:
httpd: []
mysql-server: []
mysql-libs: []
php: []
php-mysql: []
files:
/var/www/html/index.html:
content: !Sub |
<html>
<body>
<h1>AR3 Web </h1>
<h2>This is a test web page!!</h2>
Created from Stack - ${AWS::StackName}
</body
</html>
mode: '000644'
owner: root
group: root
/etc/cfn/cfn-hup.conf:
content: !Sub |
[main]
stack=${AWS::StackId}
region=${AWS::Region}
interval=1
mode: '000400'
owner: root
group: root
/etc/cfn/hooks.d/cfn-auto-reloader.conf:
content: !Sub |
[cfn-auto-reloader-hook]
triggers=post.update
path=Resources.LaunchConfig.Metadata.AWS::CloudFormation::Init
action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --region ${AWS::Region}
runas=root
mode: '000400'
owner: root
group: root
services:
sysvinit:
httpd:
enabled: 'true'
ensureRunning: 'true'
cfn-hup:
enabled: 'true'
ensureRunning: 'true'
files:
- /etc/cfn/cfn-hup.conf
- /etc/cfn/hooks.d/cfn-auto-reloader.conf
Properties:
InstanceType: !Ref InstanceType
ImageId: !GetAtt
- AMIInfo
- Id
KeyName: !Ref KeyName
SecurityGroups:
- !ImportValue
'Fn::Sub': '${NetworkStackName}-PrivateSecurityGroup'
UserData:
'Fn::Base64': !Sub |
#!/bin/bash -ex
yum update -y aws-cfn-bootstrap
/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --configsets All --region ${AWS::Region}
# Signal the status from cfn-init (via $?)
/opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource ExtAutoScaGrp --region ${AWS::Region}
AMIInfo:
Type: 'Custom::AMIInfo'
Properties:
ServiceToken: !GetAtt
- AMIInfoFunction
- Arn
Region: !Ref 'AWS::Region'
Architecture: !FindInMap [ AWSInstanceType2Arch, !Ref InstanceType, Arch ]
AMIInfoFunction:
Type: 'AWS::Lambda::Function'
Properties:
Code:
S3Bucket: !Ref S3Bucket
S3Key: !Ref S3Key
Handler: !Join
- ''
- - !Ref ModuleName
- .handler
Role: !GetAtt
- LambdaExecutionRole
- Arn
Runtime: nodejs8.10
Timeout: '30'
LambdaExecutionRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName: root
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: 'arn:aws:logs:*:*:*'
- Effect: Allow
Action:
- 'ec2:DescribeImages'
Resource: '*'
Outputs:
WebsiteURL:
Description: URL for newly created Webserver stack
Value: !Join
- ''
- - 'http://'
- !GetAtt
- ExternalALB
- DNSName
由于我仍在努力寻找自己在AWS世界中的立足之地,因此非常感谢您的帮助