1

我使用以下资源创建了 CloudFormaton 模板

---
Resources: 
  InsuranceVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 11.0.0.0/16
      EnableDnsSupport: 'false'
      EnableDnsHostnames: 'false'
      InstanceTenancy: dedicated
      Tags:
       - Key: work
         Value: insurance
       - Key: name
         Value: InsuranceVPC

  InsuranceInternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
      - Key: work
        Value: insurance
      - Key: name
        Value: InsuranceInternetGateway

  InsuranceSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId:
        Ref: InsuranceVPC
      CidrBlock: 11.0.2.0/24
      AvailabilityZone: "ap-south-1a"
      Tags:
      - Key: work
        Value: insurance
      - Key: name
        Value: InsuranceSubnet

  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId:
         Ref: InsuranceVPC
      InternetGatewayId:
         Ref: InsuranceInternetGateway

  Ec2Instance: 
    Type: AWS::EC2::Instance
    Properties: 
      ImageId: "ami-0732b62d310b80e97"
      InstanceType: "t2.medium"
      KeyName: "DevOpsAutomation"
      NetworkInterfaces: 
        - AssociatePublicIpAddress: "true"
          DeviceIndex: "0"
          GroupSet: 
            - Ref: "InsuranceSecurityGroup"
          SubnetId: 
            Ref: "InsuranceSubnet"

  InsuranceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: Allow http and ssh to client host
        VpcId:
           Ref: InsuranceVPC
        SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
        SecurityGroupEgress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0

除 EC2Instance 失败并出现以下错误外,所有资源创建均成功:

The requested configuration is currently not supported. Please check the documentation for supported configurations. (Service: AmazonEC2; Status Code: 400; Error Code: Unsupported; Request ID: a59a2d39-3aa9-4f7b-9cbd-db05dca0d61e)

The following resource(s) failed to create: [Ec2Instance]. . Rollback requested by use

我检查过的内容:

  1. ImageID和InstanceType在同一个区域(或AZ)
  2. 满足所有其他对象及其依赖项
  3. 虽然我知道我还没有创建路由表、路由条目,但这不应该影响 EC2 实例资源的创建
  4. 我是创建资源的特权用户。

请帮助或指导我在这里缺少的东西

4

2 回答 2

1

您的 VPC 设置为专用租赁,这对您可以在其中启动时使用的资源有限制(包括某些实例类型。

某些 AWS 服务或其功能无法与实例租赁设置为专用的 VPC 一起使用。检查服务的文档以确认是否有任何限制。

某些实例类型无法在实例租赁设置为专用的 VPC 中启动。有关支持的实例类型的更多信息,请参阅Amazon EC2 专用实例

您应该检查上面的链接,以与您的实例类型进行比较。

于 2020-07-27T11:25:23.900 回答
1

我在我的沙盒帐户上启动了您的模板。

我发现了一些问题

  • 缺少DependsOn实例,
  • VPC 有dedicated租户,
  • 并且不正确GroupSet

我修改了模板,所以它现在完全可以us-east-1. 您必须将其调整为您自己的区域(如果不使用,AMI 也需要更改回您的原始区域us-east-1)。

---
Resources: 
  InsuranceVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 11.0.0.0/16
      EnableDnsSupport: 'false'
      EnableDnsHostnames: 'false'
      InstanceTenancy: default
      Tags:
       - Key: work
         Value: insurance
       - Key: name
         Value: InsuranceVPC

  InsuranceInternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
      - Key: work
        Value: insurance
      - Key: name
        Value: InsuranceInternetGateway

  InsuranceSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId:
        Ref: InsuranceVPC
      CidrBlock: 11.0.2.0/24
      AvailabilityZone: "us-east-1a"
      Tags:
      - Key: work
        Value: insurance
      - Key: name
        Value: InsuranceSubnet

  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId:
         Ref: InsuranceVPC
      InternetGatewayId:
         Ref: InsuranceInternetGateway

  Ec2Instance: 
    Type: AWS::EC2::Instance
    DependsOn: AttachGateway
    Properties: 
      ImageId: "ami-08f3d892de259504d"
      InstanceType: "t2.medium"
      KeyName: "MyKeyPair"
      NetworkInterfaces: 
        - AssociatePublicIpAddress: "true"
          DeviceIndex: "0"
          GroupSet: 
            - !GetAtt InsuranceSecurityGroup.GroupId
          SubnetId: 
            Ref: "InsuranceSubnet"

  InsuranceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: Allow http and ssh to client host
        VpcId:
           Ref: InsuranceVPC
        SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
        SecurityGroupEgress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
于 2020-07-27T11:28:23.790 回答