我正在使用CloudFormation模板将基础架构部署到AWS。我有两个模板core.yaml和resources.yaml。 core.yaml文件正在使用core.yaml中的资源,将其导入模板中。 resources.yaml文件正在导出资源。但是,当我部署core.yaml文件时,它失败了。下面是我的代码。
resources.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: "Permanent resources to be imported"
Parameters:
SSHLocation:
Description: The IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x
DBInstanceIdentifier:
Type: String
Default: 'patheindbidentifier'
DBName:
Type: String
Default: 'patheindb'
DBUsername:
Type: String
Default: 'patheindbadmin'
DBClass:
Type: String
Default: 'db.t2.micro'
DBAllocatedStorage:
Type: String
Default: '5'
DBPassword:
Type: String
Resources:
StorageBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
BucketName: pathein-directory-storage
AccessControl: PublicRead
WebServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
GroupDescription: Security Group for EC2 instances
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp:
Ref: SSHLocation
DBSecurityGroup:
Type: AWS::EC2::SecurityGroup
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
GroupDescription: Database security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '3306'
ToPort: '3306'
SourceSecurityGroupId: !GetAtt WebServerSecurityGroup.GroupId
WebDatabase:
Type: AWS::RDS::DBInstance
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
DBInstanceIdentifier: !Ref DBInstanceIdentifier
DBName: !Ref DBName
DBInstanceClass: !Ref DBClass
AllocatedStorage: !Ref DBAllocatedStorage
Engine: MySQL
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
VPCSecurityGroups:
- !GetAtt DBSecurityGroup.GroupId
Outputs:
StorageBucket:
Description: "S3 storage bucket"
Value: !Ref StorageBucket
Export:
Name: PatheinStorageBucket
WebServerSecurityGroup:
Description: "Web server security group"
Value: !GetAtt WebServerSecurityGroup.GroupId
Export:
Name: PatheinWebServerSecurityGroup
DBSecurityGroup:
Description: "Database security group"
Value: !Ref DBSecurityGroup
Export:
Name: PatheinDBSecurityGroup
WebDatabase:
Description: "Web database"
Value: !Ref WebDatabase
Export:
Name: PatheinWebDatabases
SSHLocation:
Description: "SSH Location"
Value: !Ref SSHLocation
Export:
Name: PatheinSSHLocation
DatabaseHost:
Description: "Database host"
Value: !GetAtt WebDatabase.Endpoint.Address
DatabasePort:
Description: "Database port"
Value: !GetAtt WebDatabase.Endpoint.Port
您可以在模板中看到,我正在导出所有资源。我可以成功地将resources.yaml部署到AWS中。
这是我的core.yaml文件。
AWSTemplateFormatVersion: '2010-09-09'
Description: "Pathein Directory web application deployment template."
Parameters:
KeyName:
Default: 'PatheinDirectory'
Type: String
InstanceType:
Default: 't2.micro'
Type: String
Mappings:
Region2Principal:
us-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-south-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-east-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ca-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
sa-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
cn-north-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
cn-northwest-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
eu-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-north-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
Beanstalk2Route53HostedZoneId:
us-east-1:
HostedZoneId: Z3DZXE0Q79N41H
us-west-1:
HostedZoneId: Z1M58G0W56PQJA
us-west-2:
HostedZoneId: Z33MTJ483KN6FU
eu-west-1:
HostedZoneId: Z3NF1Z3NOM5OY2
ap-northeast-1:
HostedZoneId: Z2YN17T5R711GT
ap-southeast-1:
HostedZoneId: Z1WI8VXHPB1R38
sa-east-1:
HostedZoneId: Z2ES78Y61JGQKS
Resources:
WebServerRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- Fn::FindInMap:
- Region2Principal
- Ref: AWS::Region
- EC2Principal
Action:
- sts:AssumeRole
Path: /
WebServerRolePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: WebServerRole
PolicyDocument:
Statement:
- Effect: Allow
NotAction: iam:*
Resource: '*'
Roles:
- Ref: WebServerRole
WebServerInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- Ref: WebServerRole
Application:
Type: AWS::ElasticBeanstalk::Application
Properties:
ApplicationName: PatheinDirectoryApplication
Description: AWS Elastic Beanstalk Pathein Directory Laravel application
ApplicationVersion:
Type: AWS::ElasticBeanstalk::ApplicationVersion
Properties:
Description: Version 1.0
ApplicationName:
Ref: Application
SourceBundle:
S3Bucket:
Fn::Join:
- '-'
- - elasticbeanstalk-samples
- Ref: AWS::Region
S3Key: php-sample.zip
ApplicationConfigurationTemplate:
Type: AWS::ElasticBeanstalk::ConfigurationTemplate
Properties:
ApplicationName:
Ref: Application
Description: SSH access to Pathein Directory Laravel application
SolutionStackName: 64bit Amazon Linux 2 v3.1.0 running PHP 7.3
OptionSettings:
- Namespace: aws:autoscaling:launchconfiguration
OptionName: EC2KeyName
Value:
Ref: KeyName
- Namespace: aws:autoscaling:launchconfiguration
OptionName: IamInstanceProfile
Value:
Ref: WebServerInstanceProfile
- Namespace: aws:autoscaling:launchconfiguration
OptionName: SecurityGroups
Value:
!ImportValue PatheinWebServerSecurityGroup
Environment:
Type: AWS::ElasticBeanstalk::Environment
Properties:
Description: AWS Elastic Beanstalk Environment running Pathein Directory Laravel application
ApplicationName:
Ref: Application
EnvironmentName: PatheinDirectory
TemplateName:
Ref: ApplicationConfigurationTemplate
VersionLabel:
Ref: ApplicationVersion
OptionSettings:
- Namespace: aws:elasticbeanstalk:container:php:phpini
OptionName: document_root
Value: /public
ElasticCacheSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable TCP connection on port 6379
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '11211'
ToPort: '11211'
SourceSecurityGroupId: !ImportValue PatheinWebServerSecurityGroup
ElasticCacheCluster:
Type: AWS::ElastiCache::CacheCluster
Properties:
AZMode: cross-az
CacheNodeType: cache.t2.small
Engine: memcached
NumCacheNodes: '2'
VpcSecurityGroupIds:
- !GetAtt ElasticCacheSecurityGroup.GroupId
PreferredAvailabilityZones:
- !Select
- 0
- Fn::GetAZs: !Ref AWS::Region
- !Select
- 1
- Fn::GetAZs: !Ref AWS::Region
当我部署core.yaml文件时,它失败了。以下是我在日志中遇到的错误。
{
"StackId": "arn:aws:cloudformation:eu-west-1:733553390213:stack/patheindirectory/5da3be20-ef6c-11ea-8dc6-0275bf88180c",
"EventId": "b7aa01e0-ef6c-11ea-b8c0-06e621efe3ec",
"StackName": "patheindirectory",
"LogicalResourceId": "patheindirectory",
"PhysicalResourceId": "arn:aws:cloudformation:eu-west-1:733553390213:stack/patheindirectory/5da3be20-ef6c-11ea-8dc6-0275bf88180c",
"ResourceType": "AWS::CloudFormation::Stack",
"Timestamp": "2020-09-05T11:41:20.498000+00:00",
"ResourceStatus": "ROLLBACK_IN_PROGRESS",
"ResourceStatusReason": "The following resource(s) failed to create: [ElasticCacheCluster, ApplicationConfigurationTemplate]. . Rollback requested by user."
},
答案 0 :(得分:1)
通常,当您在CloudFormation控制台中查看堆栈事件时,可以找到更多详细的错误消息。在这种情况下,ApplicationConfigurationTemplate资源出现2个错误:
1 No Solution Stack named '64bit Amazon Linux 2 v3.1.0 running PHP 7.3' found:
问题是您指定的版本仅为valid until September 2, 2020。您可以检查当前的平台版本here。因此,我不得不更新SolutionStackName属性:SolutionStackName: 64bit Amazon Linux 2 v3.1.1 running PHP 7.3
2 Configuration validation exception: Invalid option value: 'sg-xxx' (Namespace: 'aws:autoscaling:launchconfiguration', OptionName: 'SecurityGroups'): The security group 'sg-xxx' does not exist:这与以下代码段有关:
- Namespace: aws:autoscaling:launchconfiguration
OptionName: SecurityGroups
Value:
!ImportValue PatheinWebServerSecurityGroup
问题在于,在这种情况下,不是逻辑ID(安全组ID),而是安全组的物理ID(安全组名称)。这意味着您必须像这样将另一个导出添加到resources.yaml模板:
WebServerSecurityGroupName:
Description: "Web server security group name"
Value: !Ref WebServerSecurityGroup
Export:
Name: PatheinWebServerSecurityGroupName
然后您可以将其导入core.yaml:
- Namespace: aws:autoscaling:launchconfiguration
OptionName: SecurityGroups
Value:
!ImportValue PatheinWebServerSecurityGroupName
请注意,您仍然需要导出ElasticCacheSecurityGroup使用的逻辑ID。
答案 1 :(得分:1)
您有一个有趣的案例,表明CloudFormation中存在不一致之处。在某些情况下,需要安全组(SG)ID(用于ElasticCacheCluster),在其他情况下,则需要SG名称(对于ApplicationConfigurationTemplate)。因此,在您的情况下,您需要同时从resources.yaml导出并分别在core.yaml中导入它们。此外,SolutionStackName也需要更新。
固定模板如下。我验证了他们在us-east-1地区工作和部署。我只验证了它们的部署,没有验证结果资源的功能。
resources.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: "Permanent resources to be imported"
Parameters:
SSHLocation:
Description: The IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x
DBInstanceIdentifier:
Type: String
Default: 'patheindbidentifier'
DBName:
Type: String
Default: 'patheindb'
DBUsername:
Type: String
Default: 'patheindbadmin'
DBClass:
Type: String
Default: 'db.t2.micro'
DBAllocatedStorage:
Type: String
Default: '5'
DBPassword:
Type: String
Resources:
StorageBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
BucketName: pathein-directory-storage-32112
AccessControl: PublicRead
WebServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
GroupDescription: Security Group for EC2 instances
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp:
Ref: SSHLocation
DBSecurityGroup:
Type: AWS::EC2::SecurityGroup
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
GroupDescription: Database security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '3306'
ToPort: '3306'
SourceSecurityGroupId: !GetAtt WebServerSecurityGroup.GroupId
WebDatabase:
Type: AWS::RDS::DBInstance
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
DBInstanceIdentifier: !Ref DBInstanceIdentifier
DBName: !Ref DBName
DBInstanceClass: !Ref DBClass
AllocatedStorage: !Ref DBAllocatedStorage
Engine: MySQL
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
VPCSecurityGroups:
- !GetAtt DBSecurityGroup.GroupId
Outputs:
StorageBucket:
Description: "S3 storage bucket"
Value: !Ref StorageBucket
Export:
Name: PatheinStorageBucket
WebServerSecurityGroupName:
Description: "Web server security group"
Value: !Ref WebServerSecurityGroup
Export:
Name: PatheinWebServerSecurityGroupName
WebServerSecurityGroupId:
Description: "Web server security group"
Value: !GetAtt WebServerSecurityGroup.GroupId
Export:
Name: PatheinWebServerSecurityGroupId
DBSecurityGroup:
Description: "Database security group"
Value: !Ref DBSecurityGroup
Export:
Name: PatheinDBSecurityGroup
WebDatabase:
Description: "Web database"
Value: !Ref WebDatabase
Export:
Name: PatheinWebDatabases
SSHLocation:
Description: "SSH Location"
Value: !Ref SSHLocation
Export:
Name: PatheinSSHLocation
DatabaseHost:
Description: "Database host"
Value: !GetAtt WebDatabase.Endpoint.Address
DatabasePort:
Description: "Database port"
Value: !GetAtt WebDatabase.Endpoint.Port
core.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: "Pathein Directory web application deployment template."
Parameters:
KeyName:
Default: 'PatheinDirectory'
Type: String
InstanceType:
Default: 't2.micro'
Type: String
Mappings:
Region2Principal:
us-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-south-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-east-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ca-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
sa-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
cn-north-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
cn-northwest-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
eu-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-north-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
Beanstalk2Route53HostedZoneId:
us-east-1:
HostedZoneId: Z3DZXE0Q79N41H
us-west-1:
HostedZoneId: Z1M58G0W56PQJA
us-west-2:
HostedZoneId: Z33MTJ483KN6FU
eu-west-1:
HostedZoneId: Z3NF1Z3NOM5OY2
ap-northeast-1:
HostedZoneId: Z2YN17T5R711GT
ap-southeast-1:
HostedZoneId: Z1WI8VXHPB1R38
sa-east-1:
HostedZoneId: Z2ES78Y61JGQKS
Resources:
WebServerRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- Fn::FindInMap:
- Region2Principal
- Ref: AWS::Region
- EC2Principal
Action:
- sts:AssumeRole
Path: /
WebServerRolePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: WebServerRole
PolicyDocument:
Statement:
- Effect: Allow
NotAction: iam:*
Resource: '*'
Roles:
- Ref: WebServerRole
WebServerInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- Ref: WebServerRole
Application:
Type: AWS::ElasticBeanstalk::Application
Properties:
ApplicationName: PatheinDirectoryApplication
Description: AWS Elastic Beanstalk Pathein Directory Laravel application
ApplicationVersion:
Type: AWS::ElasticBeanstalk::ApplicationVersion
Properties:
Description: Version 1.0
ApplicationName:
Ref: Application
SourceBundle:
S3Bucket:
Fn::Join:
- '-'
- - elasticbeanstalk-samples
- Ref: AWS::Region
S3Key: php-sample.zip
ApplicationConfigurationTemplate:
Type: AWS::ElasticBeanstalk::ConfigurationTemplate
Properties:
ApplicationName:
Ref: Application
Description: SSH access to Pathein Directory Laravel application
SolutionStackName: 64bit Amazon Linux 2 v3.1.1 running PHP 7.3
OptionSettings:
- Namespace: aws:autoscaling:launchconfiguration
OptionName: EC2KeyName
Value:
Ref: KeyName
- Namespace: aws:autoscaling:launchconfiguration
OptionName: IamInstanceProfile
Value:
Ref: WebServerInstanceProfile
- Namespace: aws:autoscaling:launchconfiguration
OptionName: SecurityGroups
Value:
!ImportValue PatheinWebServerSecurityGroupName
Environment:
Type: AWS::ElasticBeanstalk::Environment
Properties:
Description: AWS Elastic Beanstalk Environment running Pathein Directory Laravel application
ApplicationName:
Ref: Application
EnvironmentName: PatheinDirectory
TemplateName:
Ref: ApplicationConfigurationTemplate
VersionLabel:
Ref: ApplicationVersion
OptionSettings:
- Namespace: aws:elasticbeanstalk:container:php:phpini
OptionName: document_root
Value: /public
ElasticCacheSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable TCP connection on port 6379
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '11211'
ToPort: '11211'
SourceSecurityGroupId: !ImportValue PatheinWebServerSecurityGroupId
ElasticCacheCluster:
Type: AWS::ElastiCache::CacheCluster
Properties:
AZMode: cross-az
CacheNodeType: cache.t2.small
Engine: memcached
NumCacheNodes: '2'
VpcSecurityGroupIds:
- !GetAtt ElasticCacheSecurityGroup.GroupId
PreferredAvailabilityZones:
- !Select
- 0
- Fn::GetAZs: !Ref AWS::Region
- !Select
- 1
- Fn::GetAZs: !Ref AWS::Region