问题
I need to set an "Instance Protection" property for the instances in my Auto Scaling Group using a CloudFormation template.
I normally do it in my AWS console like this: EC2 -> Auto Scaling Groups
But I can't seem to find it on CloudFormation documentation
回答1:
It can be done using CloudFormation, but it's not easy.
CloudFormation currently (as of 3/30/2016) does not officially support the Auto Scaling Instance Protection feature. CloudFormation unfortunately tends to lag behind new features added to the underlying AWS APIs, and this feature was only recently launched on 12/7/2015.
For future reference, to confirm whether new features have been updated in CloudFormation, your best bet is to refer to the CloudFormation release history to see if the desired feature is mentioned.
Other AWS SDKs tend to be updated more frequently, so as a workaround you could create your AutoScaling Group using e.g. the AWS CLI create-auto-scaling-group command with the --new-instances-protected-from-scale-in flag.
If going outside CloudFormation to create your autoscaling group is not an option, another (more complicated) workaround would be to patch a Custom Resource on top of the existing CloudFormation resource to update the newly-created autoscaling group with the new feature setting using one of the updated SDKs. It works, but you'll need to create a lambda function and all supporting IAM roles and permissions, and hook them all together into a custom resouce. For an example of how to do this to support another CloudFormation-unsupported feature (attaching ACM certificates to a CloudFront distribution), see my SO answer here.
Of course, it's easiest to wait for AWS to add official support for this feature to CloudFormation, as they eventually will.
回答2:
It doesn't look like this is currently supported by CloudFormation.
If you look at the CFN documentation for Autoscaling, it has a element for TerminationProtection, which is a list of strings. I can't find a list of available options in the documentation, but when I use the CLI there doesn't seem to be anything related:
$> aws autoscaling describe-termination-policy-types
{
"TerminationPolicyTypes": [
"ClosestToNextInstanceHour",
"Default",
"NewestInstance",
"OldestInstance",
"OldestLaunchConfiguration"
]
}
来源:https://stackoverflow.com/questions/35945827/how-to-configure-instance-protection-over-cloudformation-in-aws