Amazon-Cloudformation
如何擴展安全組映射以便在 CloudFormation 模板中為每個區域添加另一個級別?
我編寫了一個 CloudFormation 模板,該模板創建了一個 AutoScaling 組,該組依次啟動每個環境的伺服器。
直到今天,該公司一直在 us-west-2 區域工作,SecurityGroups 映射如下所示:
"SecurityGroupMap" : { "DEV" : { "sg" : "sg-d111acbe" }, "Load" : { "sg" : "sg-d111acbe" }, "Staging" : { "sg" : "sg-d123acbe" }, "Prod-US" : { "sg" : "sg-d145acbe" } },
現在有了新的動力,我的老闆希望我們能夠開始在另一個地區建構 CloudFormation 模板。
由於它是另一個區域,因此我需要提前手動創建所需的 SecurityGroups 並在模板中更新它們的 ID。
我想知道,如果這樣的寫作方法可行:
"SecurityGroupMap" : { "RegionMap": { "us-east-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" }, "us-east-2" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" }, "us-west-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" }, "us-west-2" : { "DEV" : "sg-d143acbe", "Load" : "sg-d143acbe", "Staging" : "sg-d143acbe", "Prod-US" : "sg-d143acbe" }, "eu-west-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" }, "eu-central-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" }, "eu-west-2" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" } },
如果是這樣,
[ { "Fn::FindInMap" : } ]
遺囑會是什麼樣子?
在您的第二個範例中,您嵌套了太多映射。我建議您刪除
RegionMap
並將區域直接放在SecurityGroupMap
. 在您可以使用以下方法引用一個安全組之後:
{ "Fn::FindInMap" : [ "SecurityGroupMap", { "Ref" : "AWS::Region" }, "DEV"] }