我目前正在学习亚马逊的云架构课程。我被困在模块10挑战实验室-自动化基础设施部署。
挑战是:
- 使用AWS CloudFormation为咖啡馆创建静态网站
- 在版本控制系统中存储模板。
- 使用持续交付服务,为咖啡馆创建网络和应用层。
- 定义EC2实例资源并创建应用程序栈。
我接受挑战4,不确定如何使用以下资源创建新的EC2:
- 设置
Logical ID为CafeInstance(参考https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html,如果需要) - 包含引用
LatestAmiId参数的ImageId - 对于
InstanceType,引用上一步中定义的实例类型参数。 - 对于
KeyName,使用以下代码行,它引用了已经在模板中定义的RegionMap映射:KeyName: !FindInMap [RegionMap, !Ref "AWS::Region", keypair] - 对于
InstanceProfile(附加到实例的AWS身份和访问管理或IAM角色),指定CafeRole注意:您的帐户中已经存在CafeRoleIAM角色。附加它可以授予EC2实例从AWS系统管理器检索参数存储值的权限。
在Properties部分中,包含以下代码行:
NetworkInterfaces:
- DeviceIndex: '0'
AssociatePublicIpAddress: 'true'
SubnetId: !ImportValue
'Fn::Sub': '${CafeNetworkParameter}-SubnetID'
GroupSet:
- !Ref CafeSG
Analysis:前几行有助于确保实例部署到运行cafenet堆栈时创建的公共子网。回想一下,在本任务开始时,您更新了网络堆栈以定义具有导出名称的输出。在上述代码中,导入SubnetId的值。前面的代码还有助于确保您创建的实例将在此模板中已经为您定义的CafeSG安全组中。
-
设置一个key为
Name, value为Cafe Web Server的标签提示:观察Name标签是如何应用于模板中已经定义的安全组资源的。 -
在属性部分,包括以下额外的
UserData代码:
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
yum -y update
yum install -y httpd mariadb-server wget
amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
systemctl enable httpd
systemctl start httpd
systemctl enable mariadb
systemctl start mariadb
wget https://aws-tc-largeobjects.s3-us-west-2.amazonaws.com/ILT-TF-200-ACACAD-20-EN/mod10-challenge/cafe-app.sh
chmod +x cafe-app.sh
./cafe-app.sh
Analysis:前面的代码在启动过程结束时在实例上运行。它在Amazon Linux实例上安装一个Apache HTTP web服务器、一个MariaDB数据库和PHP。接下来,它启动web服务器和数据库。然后,它下载一个名为cafe-app.sh的脚本并运行它。cafe-app脚本配置数据库并安装使cafe-app网站运行的PHP代码。
当您对模板更新感到满意后,保存更改。要在Bash终端中验证模板格式,请运行以下命令:
aws cloudformation validate-template --template-body file:///home/ec2-user/environment/CFTemplatesRepo/templates/cafe-app.yaml
如果您收到json格式的响应,其中包括模板顶部定义的三个参数,那么您的模板通过了验证。但是,如果收到ValidationError响应(或其他错误响应),则必须纠正该问题。然后,保存更改并再次运行validate-template命令。
如果您的模板通过了验证检查,将文件添加到"CodeCommit"。在Bash终端中,运行git命令添加文件,提交文件,并将其推送到存储库。
我试过这样做,但不断得到一个错误"调用ValidateTemplate操作时发生错误(ValidationError):模板格式错误:YAML格式不正确。(第9栏第52行)"以下是我到目前为止为cafe-app.yaml:
AWSTemplateFormatVersion: 2010-09-09
Description: Cafe application
Parameters:
InstanceTypeParameter:
Type: String
Default: t2.small
AllowedValues:
- t2.micro
- t2.small
- t3.micro
- t3.small
Description: Enter t2.micro, t2.small, t3.micro, or t3.small. Default is t2.small.
LatestAmiId:
Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
CafeNetworkParameter:
Type: String
Default: update-cafe-network
Mappings:
RegionMap:
us-east-1:
"keypair": "vockey"
us-west-2:
"keypair": "cafe-oregon"
Resources:
CafeSG:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable SSH, HTTP access
VpcId: !ImportValue
'Fn::Sub': '${CafeNetworkParameter}-VpcID'
Tags:
- Key: Name
Value: CafeSG
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
Logical ID: CafeInstance
Type: 'AWS::E2::Instance'
Properties:
ImageId: !Ref LatestAmiId
InstanceType: !Ref InstanceTypeParameter
KeyName: !FindInMap [RegionMap, !Ref "AWS::Region", keypair]
IamInstanceProfile: CafeRole
NetworkInterfaces:
- DeviceIndex: '0'
AssociatePublicIpAddress:
'true'
SubnetId: !ImportValue
'Fn::Sub': '${CafeNetworkParameter}-SubnetID'
GroupSet:
- !Ref CafeSG
Tags:
- Key: Name
- Value: Cafe Web Server
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
yum -y update
yum install -y httpd mariadb-server wget
amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
systemctl enable httpd
systemctl start httpd
systemctl enable mariadb
systemctl start mariadb
wget https://aws-tc-largeobjects.s3-us-west-2.amazonaws.com/ILT-TF-200-ACACAD-20-EN/mod10-challenge/cafe-app.sh
chmod +x cafe-app.sh
./cafe-app.sh
Outputs:
WebServerPublicIP:
Value: !GetAtt 'CafeInstance.PublicIp'
你的模板有许多问题,如
- 错误语法
- 缺少实例配置文件
我修复了它们,现在可以部署了。我不知道UserData是否有效,但至少语法现在是正确的:
AWSTemplateFormatVersion: 2010-09-09
Description: Cafe application
Parameters:
InstanceTypeParameter:
Type: String
Default: t2.small
AllowedValues:
- t2.micro
- t2.small
- t3.micro
- t3.small
Description: Enter t2.micro, t2.small, t3.micro, or t3.small. Default is t2.small.
LatestAmiId:
Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
CafeNetworkParameter:
Type: String
Default: update-cafe-network
Mappings:
RegionMap:
us-east-1:
"keypair": "vockey"
us-west-2:
"keypair": "cafe-oregon"
Resources:
CafeSG:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable SSH, HTTP access
VpcId: !ImportValue
'Fn::Sub': '${CafeNetworkParameter}-VpcID'
Tags:
- Key: Name
Value: CafeSG
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
CafeInstance:
Type: 'AWS::EC2::Instance'
Properties:
ImageId: !Ref LatestAmiId
InstanceType: !Ref InstanceTypeParameter
KeyName: !FindInMap [RegionMap, !Ref "AWS::Region", keypair]
#IamInstanceProfile: CafeRole
NetworkInterfaces:
- DeviceIndex: '0'
AssociatePublicIpAddress: true
SubnetId: !ImportValue
'Fn::Sub': '${CafeNetworkParameter}-SubnetID'
GroupSet:
- !Ref CafeSG
Tags:
- Key: Name
Value: Cafe Web Server
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
yum -y update
yum install -y httpd mariadb-server wget
amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
systemctl enable httpd
systemctl start httpd
systemctl enable mariadb
systemctl start mariadb
wget https://aws-tc-largeobjects.s3-us-west-2.amazonaws.com/ILT-TF-200-ACACAD-20-EN/mod10-challenge/cafe-app.sh
chmod +x cafe-app.sh
./cafe-app.sh
Outputs:
WebServerPublicIP:
Value: !GetAtt 'CafeInstance.PublicIp'