问题
I'm trying to setup a CloudFormation template in JSON that stands up an EC2 instance, just getting started but having issues with selecting VPC and subnet. In the end this will be a template used across multiple accounts each with multiple VCPs and subnets. There is no default VPC in any of the accounts.
I'd like to have the template prompt for VPC then iterate valid subnets based on the VPC. I've been working with this Amazon blog post: Looking up information on AWS CloudFormation stack parameters using AWS Lambda | AWS Management Tools Blog
However, I can't seem to get this to work. I have the Lambda function setup with the correct role as outlined in the article but I'm getting the error "No default VPC for this user". I'm also open to an easier way to get this to work.
{
"AWSTemplateFormatVersion":"2010-09-09",
"Description":"EC2 CloudFormation Template - Version 1.0",
"Metadata":{},
"Parameters":{
"InstanceType":{
"Description":"EC2 instance type",
"Type":"String",
"Default":"t2.small",
"AllowedValues":[
"t1.micro",
"t2.nano",
"t2.micro",
"t2.small",
"t2.medium",
"t2.large"
],
"ConstraintDescription":"must be a valid EC2 instance type."
},
"VpcName" : {
"Type" : "AWS::EC2::VPC::Id",
"Description" : "Select the VPC for this EC2 Instances"
},
"SubnetName" : {
"Type" : "AWS::EC2::Subnet::Id",
"Description" : "The list of SubnetIds"
}
},
"Mappings":{},
"Conditions":{},
"Resources":{
"VcpInfo" : {
"Type" : "Custom::VcpInfo",
"Properties" : {
"ServiceToken" : "arn:aws:lambda:us-east-1:206765214992:function:Test_GetAtt",
"NameFilter" : { "Ref": "VpcName" }
}
},
"SubnetInfo" : {
"Type" : "Custom::SubnetInfo",
"Properties" : {
"ServiceToken" : "arn:aws:lambda:us-east-1:206765214992:function:Test_GetAtt",
"NameFilter" : { "Ref": "SubnetName" }
}
},
"EOTSSEC2":{
"Type":"AWS::EC2::Instance",
"Properties":{
"DisableApiTermination":"false",
"ImageId":"ami-06bee8e1000e44ca4",
"InstanceType":{ "Ref":"InstanceType" },
"Monitoring":"true"
}
}
},
"Outputs":{
"VCPCidrBlock" : {
"Description" : "VCP CidrBlock",
"Value" : "!GetAtt VcpInfo.CidrBlock"
},
"SubnetAvailabilityZon" : {
"Description" : "Subnet AvailabilityZone",
"Value" : "!GetAtt SubnetInfo.AvailabilityZone"
},
"SubnetCidrBlock" : {
"Description" : "Subnet CidrBlock",
"Value" : "!GetAtt SubnetInfo.CidrBlock"
},
"SubnetVpcId" : {
"Description" : "Subnet VpcId",
"Value" : "!GetAtt SubnetInfo.VpcId"
}
}
}
I'd like to be prompted for a VPC then be presented with a valid list of subnets.
回答1:
That blog post shows how to get attribute information about a particular resource (eg a Subnet) and then use those attribute elsewhere in the template, such as in the Outputs section to show more information about those chosen resource.
However, it is not possible to call a Custom Resource to manipulate the Parameters section. This is because the Parameters are collected before the stack is built.
So, if your desire is to prompt for a VPC, and then populate the Subnet parameter only with a list of subnets that belong to that VPC, then sorry — this is not possible.
You are welcome to create your own "front-end" that asks users for information, including the above ability, and then call CloudFormation to create the stack with the desired parameters, but it is not possible to add custom logic to the Parameters within the CloudFormation management console.
来源:https://stackoverflow.com/questions/56569604/cloudformation-template-json-for-ec2-with-vpc-subnet-security-group-choices