问题
I want to get the list of security groups associated with a particular VPC in cloudformation parameter section.
"VpcId":{
"Description":"Choose the VPC ID"
"Type":"AWS::EC2::VPC::Id"
},
"SecurityGroupsID":{
"Description": "Choose availablity zone Availability Zone of the Subnet",
"Type":"List<AWS::EC2::SecurityGroup::Id>"
"AllowedValues":*******
},
What should be the allowedvalues..?
回答1:
Yes it is possible to use special template parameters, I created a small cloud formation template with just SecurityGroup and KeyPair parameters. When you create a stack using this template using console, it will prompt in a Drop Down to select a Key and a Security Group.
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Security Group Test",
"Parameters" : {
"SecurityGroup": {
"Description": "Name of security group",
"Type": "AWS::EC2::SecurityGroup::GroupName"
},
"KeyName": {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription" : "must be the name of an existing EC2 KeyPair."
}
},
"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties": {
"ImageId" : "ami-ea87a78f",
"InstanceType" : "t2.micro",
"SecurityGroups" : [ {"Ref" : "SecurityGroup"} ],
"KeyName": {"Ref": "KeyName"}
}
}
}
}
You should also take a look at parameters-section-structure.html specially on AWS-Specific Parameter Types section. There are many other Parameter Types that may be of your interest such as Route 53 Hosted Zones and VPC.
I don't think it is possible to lookup for a security group because it doesn't exist an intrinsic function exactly for this purpose, but if you create the security groups using another cloud formation script it is possible to import.
From AWS Documentation intrinsic-function-reference-importvalue.html:
Stack A Export
"Outputs" : {
"PublicSubnet" : {
"Description" : "The subnet ID to use for public web servers",
"Value" : { "Ref" : "PublicSubnet" },
"Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SubnetID" }}
},
"WebServerSecurityGroup" : {
"Description" : "The security group ID to use for public web servers",
"Value" : { "Fn::GetAtt" : ["WebServerSecurityGroup", "GroupId"] },
"Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SecurityGroupID" }}
}
}
Stack B Import
"Resources" : {
"WebServerInstance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"InstanceType" : "t2.micro",
"ImageId" : "ami-a1b23456",
"NetworkInterfaces" : [{
"GroupSet" : [{"Fn::ImportValue" : {"Fn::Sub" : "${NetworkStackNameParameter}-SecurityGroupID"}}],
"AssociatePublicIpAddress" : "true",
"DeviceIndex" : "0",
"DeleteOnTermination" : "true",
"SubnetId" : {"Fn::ImportValue" : {"Fn::Sub" : "${NetworkStackNameParameter}-SubnetID"}}
}]
}
}
}
At this moment, the only intrinsic function that have similar lookup functionality (but for availability zones) you are looking after is:
{ "Fn::GetAZs" : "region" }
That can be used in your create SecurityGroups template.
来源:https://stackoverflow.com/questions/46021670/how-to-get-security-group-list-in-cloudformation