Amazon-Web-Services

添加現有安全組 CloudFormation EC2 模板

  • September 25, 2019

如何在 CloudFormation 模板中引用現有的 EC2 安全組,而不必設置入口和出口規則?

  Resources:
     EC2Instance:
       Type: AWS::EC2::Instance
       Properties:
         InstanceType:
           Ref: InstanceType
         SecurityGroups:
         - Ref: InstanceSecurityGroup
         KeyName:
           Ref: KeyName
         ImageId:
           Fn::FindInMap:
           - AWSRegionArch2AMI
           - Ref: AWS::Region
           - Fn::FindInMap:
             - AWSInstanceType2Arch
             - Ref: InstanceType
             - Arch
     InstanceSecurityGroup:
       Type: AWS::EC2::SecurityGroup
       Properties:
         GroupDescription: Existing Groups
         SecurityGroupIds:
         - Ref: sg-12345
         - Ref: sg-12312

 SecurityGroupIngress:
 - IpProtocol: tcp
   FromPort: 80
   ToPort: 80
   CidrIp: 0.0.0.0/0
 SecurityGroupEgress:
 - IpProtocol: tcp
   FromPort: 80
   ToPort: 80
   CidrIp: 0.0.0.0/0

為此,您只需將它們直接添加到 SecurityGroupIds 下的 EC2 資源屬性中:

Resources:
   EC2Instance:
       Type: AWS::EC2::Instance
       Properties:
           InstanceType:
               Ref: InstanceType
           SecurityGroupIds:
             - sg-12345
             - sg-12312
           KeyName: 
               Ref: KeyName
           ImageId: 
               Fn::FindInMap:
               - AWSRegionArch2AMI
               - Ref: AWS::Region
               - Fn::FindInMap:
                 - AWSInstanceType2Arch
                 - Ref: InstanceType
                 - Arch

引用自:https://serverfault.com/questions/985490