我正在使用 Cloudformation 将 EC2 实例部署到不同的 VPC 中。使用 cloudformation 我创建了一个角色和角色配置文件并将其附加到 EC2 实例 [有问题的角色是 AmazonEC2RoleforSSM ]。然而,我无法使用理智连接到 EC2。这是 Cloudformation 代码:AWSTemplateFormatVersion:2010-09-09 描述:测试和开发环境
Resources:
VPCdev:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: VPCdev
VPCtest:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: 192.168.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: VPCtest
SubnetDev:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: !Select [0, !GetAZs '']
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: SubnetDev
VpcId: !Ref VPCdev
SubnetTest:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: !Select [0, !GetAZs '']
CidrBlock: 192.168.1.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Subnettest
VpcId: !Ref VPCtest
IGWdev:
Type: "AWS::EC2::InternetGateway"
Properties:
Tags:
- Key: Name
Value: IGWdev
IGWtest:
Type: "AWS::EC2::InternetGateway"
Properties:
Tags:
- Key: Name
Value: IGWtest
IGWdevattachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref IGWdev
VpcId: !Ref VPCdev
IGWtestattachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref IGWtest
VpcId: !Ref VPCtest
RouteTabledev:
Type: "AWS::EC2::RouteTable"
Properties:
Tags:
- Key: Name
Value: RouteTabledev
VpcId: !Ref VPCdev
RouteTabletest:
Type: "AWS::EC2::RouteTable"
Properties:
Tags:
- Key: Name
Value: RouteTabletest
VpcId: !Ref VPCtest
defaultdev:
Type: "AWS::EC2::Route"
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref IGWdev
RouteTableId: !Ref RouteTabledev
defaulttest:
Type: "AWS::EC2::Route"
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref IGWtest
RouteTableId: !Ref RouteTabletest
Ec2InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles: [ !Ref Ec2InstanceRole ]
Ec2InstanceRole:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [ ec2.amazonaws.com ]
Action:
- sts:AssumeRole
Path: /
sgdev:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: sgdev
GroupName: sgdev
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: sgdev
VpcId: !Ref VPCdev
sgtest:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: sgtest
GroupName: sgtest
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: sgtest
VpcId: !Ref VPCtest
instancedev:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-02d55cb47e83a99a0
InstanceType: "t2.micro"
IamInstanceProfile: !Ref Ec2InstanceProfile
NetworkInterfaces:
- AssociatePublicIpAddress: true
DeviceIndex: 0
GroupSet:
- !Ref sgdev
SubnetId: !Ref SubnetDev
Tags:
- Key: Name
Value: dev
instancetest:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-02d55cb47e83a99a0
InstanceType: "t2.micro"
IamInstanceProfile: !Ref Ec2InstanceProfile
NetworkInterfaces:
- AssociatePublicIpAddress: true
DeviceIndex: 0
GroupSet:
- !Ref sgtest
SubnetId: !Ref SubnetTest
Tags:
- Key: Name
Value: test
还附上了错误截图。
PS:我尝试手动执行它并且它有效。似乎不明白我哪里出错了,堆栈已成功构建,所有资源也已部署。
我使用的是 Ubuntu 18.04 LTS Image,它预装了 Session Manager