Amazon-Web-Services
添加現有安全組 CloudFormation EC2 模板
如何在 CloudFormation 模板中引用現有的 EC2 安全組,而不必設置入口和出口規則?
Resources: EC2Instance: Type: AWS::EC2::Instance Properties: InstanceType: Ref: InstanceType SecurityGroups: - Ref: InstanceSecurityGroup KeyName: Ref: KeyName ImageId: Fn::FindInMap: - AWSRegionArch2AMI - Ref: AWS::Region - Fn::FindInMap: - AWSInstanceType2Arch - Ref: InstanceType - Arch InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Existing Groups SecurityGroupIds: - Ref: sg-12345 - Ref: sg-12312
SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 SecurityGroupEgress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0
為此,您只需將它們直接添加到 SecurityGroupIds 下的 EC2 資源屬性中:
Resources: EC2Instance: Type: AWS::EC2::Instance Properties: InstanceType: Ref: InstanceType SecurityGroupIds: - sg-12345 - sg-12312 KeyName: Ref: KeyName ImageId: Fn::FindInMap: - AWSRegionArch2AMI - Ref: AWS::Region - Fn::FindInMap: - AWSInstanceType2Arch - Ref: InstanceType - Arch