0

我有以下 Cloudformation 配置,它执行以下操作:

  • 创建和 Elasticbeanstalk 应用程序
  • 将域名链接到其负载均衡器

我需要能够访问 FTP 服务器,但它们只允许列入白名单的 IP 地址。

如果我多次运行此 Cloudformation,我将如何在配置中创建静态(弹性?)IP,通过它路由流量,并让 IP 保持不变?

AWSTemplateFormatVersion: '2010-09-09'
Parameters:
  S3Bucket:
    Type: String
    Description: S3 Bucket containing zip file
  RolePath:
    Type: String
    Description: RolePath
  HostedZoneName:
    Type: String
    Description: HostedZoneName
  QueueNamePrefix:
    Type: String
    Description: QueueNamePrefix
  AppDebug:
    Type: String
    Description: Debug
    Default: 'false'
  AppDnsCname:
    Type: String
    Description: AppDnsCname
  Environment:
    Type: String
    Description: Environment
  AppName:
    Type: String
    Description: AppName
  AWSRegion:
    Type: String
    Description: AWSRegion
  AppHealthCheckPath:
    Type: String
    Description: Path for container health check
Description: Elastic Beanstalk application & IAM policies
Resources:
  ElasticBeanstalkProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: !Ref 'RolePath'
      Roles:
        - !Ref 'ElasticBeanstalkRole'
  ElasticBeanstalkRole:
    Type: AWS::IAM::Role
    Properties:
      Path: !Ref 'RolePath'
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier
        - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess
        - arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess
        - arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker
        - arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier
        - arn:aws:iam::aws:policy/AmazonSQSFullAccess
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - ec2.amazonaws.com
            Action:
              - sts:AssumeRole
      Policies: []
  ElasticBeanstalkApplication:
    Type: AWS::ElasticBeanstalk::Application
    Properties:
      Description: !Ref 'AppName'
  ElasticBeanstalkVersion:
    Type: AWS::ElasticBeanstalk::ApplicationVersion
    Properties:
      ApplicationName: !Ref 'ElasticBeanstalkApplication'
      Description: Source Code
      SourceBundle:
        S3Bucket: !Ref 'S3Bucket'
        S3Key: !Ref 'S3ZipKey'
  ElasticBeanstalkConfigurationTemplate:
    Type: AWS::ElasticBeanstalk::ConfigurationTemplate
    DependsOn:
      - ElasticBeanstalkProfile
    Properties:
      Description: my-app Configuration Template
      ApplicationName: !Ref 'ElasticBeanstalkApplication'
      SolutionStackName: 64bit Amazon Linux 2017.09 v2.8.4 running Multi-container Docker 17.09.1-ce (Generic)
      OptionSettings:
        - Namespace: aws:elasticbeanstalk:environment
          OptionName: EnvironmentType
          Value: LoadBalanced
        - Namespace: aws:elasticbeanstalk:application
          OptionName: Application Healthcheck URL
          Value: !Ref 'AppHealthCheckPath'
        - Namespace: aws:elasticbeanstalk:cloudwatch:logs
          OptionName: StreamLogs
          Value: true
        - Namespace: aws:elasticbeanstalk:cloudwatch:logs
          OptionName: DeleteOnTerminate
          Value: false
        - Namespace: aws:elasticbeanstalk:cloudwatch:logs
          OptionName: RetentionInDays
          Value: 180
        - Namespace: aws:autoscaling:launchconfiguration
          OptionName: IamInstanceProfile
          Value: !GetAtt 'ElasticBeanstalkProfile.Arn'
        - Namespace: aws:elasticbeanstalk:application:environment
          OptionName: DEBUG
          Value: !Ref 'AppDebug'
        - Namespace: aws:elasticbeanstalk:application:environment
          OptionName: AWS_REGION
          Value: !Ref 'AWSRegion'
        - Namespace: aws:elasticbeanstalk:application:environment
        - Namespace: aws:autoscaling:launchconfiguration
          OptionName: InstanceType
          Value: "t2.small"
        - Namespace: aws:elasticbeanstalk:healthreporting:system
          OptionName: SystemType
          Value: "enhanced"
  MyAppDNS:
    Type: AWS::Route53::RecordSetGroup
    DependsOn: ElasticBeanstalkEnvironment
    Properties:
      HostedZoneName: !Ref 'HostedZoneName'
      RecordSets:
        - Name: !Ref 'AppDnsCname'
          Type: CNAME
          TTL: '60'
          ResourceRecords:
            - !GetAtt 'ElasticBeanstalkEnvironment.EndpointURL'
  ElasticBeanstalkEnvironment:
    Type: AWS::ElasticBeanstalk::Environment
    Properties:
      Description: !Ref 'Environment'
      ApplicationName: !Ref 'ElasticBeanstalkApplication'
      TemplateName: !Ref 'ElasticBeanstalkConfigurationTemplate'
      VersionLabel: !Ref 'ElasticBeanstalkVersion'
      Tier:
        Type: Standard
        Name: WebServer
4

1 回答 1

0

通过 CloudFormation 使用弹性 IP 资源关联。

创建弹性 IP 资源:

Type: "AWS::EC2::EIP"
Properties:
   InstanceId: String
   Domain: String

将弹性 IP 资源与您的 EC2 实例资源相关联:

Type: "AWS::EC2::EIPAssociation"
Properties:
  AllocationId: String
  EIP: String
  InstanceId: String
  NetworkInterfaceId: String
  PrivateIpAddress: String

不要忘记加入这两个使用!Ref ,最后,这里有一个关于如何做到这一点的官方示例。 使用 AWS::EC2::EIP Snippet 分配 Amazon EC2 弹性 IP

于 2018-02-16T16:31:45.853 回答