Amazon-Cloudformation

如何擴展安全組映射以便在 CloudFormation 模板中為每個區域添加另一個級別?

  • October 17, 2017

我編寫了一個 CloudFormation 模板,該模板創建了一個 AutoScaling 組,該組依次啟動每個環境的伺服器。

直到今天,該公司一直在 us-west-2 區域工作,SecurityGroups 映射如下所示:

"SecurityGroupMap" : {
   "DEV"  : { "sg" : "sg-d111acbe" },
   "Load"  : { "sg" : "sg-d111acbe" },
   "Staging"   : { "sg" : "sg-d123acbe" },
   "Prod-US" : { "sg" : "sg-d145acbe" }
},

現在有了新的動力,我的老闆希望我們能夠開始在另一個地區建構 CloudFormation 模板。

由於它是另一個區域,因此我需要提前手動創建所需的 SecurityGroups 並在模板中更新它們的 ID。

我想知道,如果這樣的寫作方法可行:

"SecurityGroupMap" : {
   "RegionMap": {
       "us-east-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
       "us-east-2" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
       "us-west-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
       "us-west-2" : { "DEV" : "sg-d143acbe", "Load" : "sg-d143acbe", "Staging" : "sg-d143acbe", "Prod-US" : "sg-d143acbe" },
       "eu-west-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
       "eu-central-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
       "eu-west-2" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" }
   },

如果是這樣,[ { "Fn::FindInMap" : } ]遺囑會是什麼樣子?

在您的第二個範例中,您嵌套了太多映射。我建議您刪除RegionMap並將區域直接放在SecurityGroupMap. 在您可以使用以下方法引用一個安全組之後:

{ "Fn::FindInMap" : [ "SecurityGroupMap", { "Ref" : "AWS::Region" }, "DEV"] }

引用自:https://serverfault.com/questions/878833