先关联弹性IP然后运行命令

问题描述 投票:0回答:1

我正在尝试启动一个 EC2 实例,并通过 cloudformation 附加一个弹性 IP。我有一个 YAML 文件,用于启动 EC2 实例并在启动后通过 UserData 属性 (AWS::EC2::Instance) 运行代码。然后,它通过 AWS::EC2::EIPAssociation 关联 IP。然而,这个订单不符合我的要求。我想先关联然后运行脚本,因为我的脚本实际上依赖于与之关联的IP。

有人知道如何先关联IP,然后通过YAML运行脚本吗?是否可以选择在 AWS::EC2::Instance 中定义弹性 IP?

amazon-web-services amazon-ec2 yaml aws-cloudformation elastic-ip
1个回答
0
投票

您可以使用选项先创建 ENI > 将 EIP 与其关联 > 在启动期间使用此 ENI 作为实例的主接口。这样,您的 EC2 将提供关联的 EIP,从而可以访问互联网来处理用户数据。在下面的例子中,我也在进行EIP分配。如果您的情况不需要这样做,请对 

EC2EIP
部分进行更改。

Metadata:
  TemplateId: EC2 With EIP
Parameters:
  EC2AmazonLinuxAMIID:
    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
    Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
  EC2Subnet:
    Type: AWS::EC2::Subnet::Id
    Description: Subnet to launch EC2
  EC2VPC:
    Type: AWS::EC2::VPC::Id
    Description: VPC to launch EC2
  KeyName:
    Type: AWS::EC2::KeyPair::KeyName
    Description: Key Pair to login
Resources:
  EC2EIP:
    Type: AWS::EC2::EIP
    Properties:
      PublicIpv4Pool: amazon
      Domain: vpc
      Tags:
        - Key: Name
          Value: EIP EC2
  EC2SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: EC2 Security Group
      VpcId: !Ref EC2VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: '3389'
          ToPort: '3389'
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: '80'
          ToPort: '80'
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: '443'
          ToPort: '443'
          CidrIp: 0.0.0.0/0
      SecurityGroupEgress:
        - IpProtocol: '-1'
          CidrIp: 0.0.0.0/0
      Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-EC2SecurityGroup"

  EC2ENI:
    Type: AWS::EC2::NetworkInterface
    Properties:
        Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-EC2ENI"
        Description: EC2 Network Interface
        SourceDestCheck: 'false'
        GroupSet:
        - !Ref EC2SecurityGroup
        SubnetId: !Ref EC2Subnet

  EC2ENIAssociation:
    Type: AWS::EC2::EIPAssociation
    Properties:
      NetworkInterfaceId: !Ref EC2ENI
      AllocationId: !GetAtt EC2EIP.AllocationId
  
  EC2Instance:
    Type: AWS::EC2::Instance
    DependsOn:
      - EC2ENI
      - EC2ENIAssociation
    Properties:
      InstanceType: t2.micro
      ImageId: !Ref EC2AmazonLinuxAMIID
      KeyName: !Ref KeyName
      NetworkInterfaces:
        - NetworkInterfaceId: !Ref EC2ENI
          DeviceIndex: 0
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash
          yum update -y
          yum install -y httpd
          systemctl start httpd
          systemctl enable httpd
          echo "Hello World from EC2 Instance" > /var/www/html/index.html
      Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-EC2Instance"

这允许您选择 VPC、子网作为参数。然后它从 Amazon 池中提取 EIP 并与 ENI 关联。接下来,启动一个EC2,上面提到了这个ENI。按照这个顺序,关联EIP后会触发

User-Data

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.